CVE-2023-42138

Out-of-bounds read vulnerability exists in KV STUDIO Ver. 11.62 and earlier and KV REPLAY VIEWER Ver. 2.62 and earlier. If this vulnerability is exploited, information may be disclosed or arbitrary code may be executed by having a user of KV STUDIO PLAYER open a specially crafted file...

Worldweaver DX Studio Player <= 3.0.29 shell.execute() Command Execution

No description provided by source. $Id: dxstudioplayerexec.rb 9375 2010-05-26 22:39:56Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms ...

Worldweaver DX Studio Player 3.0.29 - &#039;shell.execute()&#039; Command Execution (Metasploit)

$Id: dxstudioplayerexec.rb 9375 2010-05-26 22:39:56Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

Worldweaver DX Studio Player shell.execute() Command Execution

This module exploits a command execution vulnerability within the DX Studio Player from Worldweaver for versions 3.0.29 and earlier. The player is a browser plugin for IE ActiveX and Firefox dll. When an unsuspecting user visits a web page referring to a specially crafted .dxstudio document, an...

Security feature bypass

Worldweaver DX Studio Player 3.0.29.0, 3.0.22.0, 3.0.12.0, and probably other versions before 3.0.29.1, when used as a plug-in for Firefox, does not restrict access to the shell.execute JavaScript API method, which allows remote attackers to execute arbitrary commands via a .dxstudio file that...

CVE-2009-2011

Worldweaver DX Studio Player 3.0.29.0, 3.0.22.0, 3.0.12.0, and probably other versions before 3.0.29.1, when used as a plug-in for Firefox, does not restrict access to the shell.execute JavaScript API method, which allows remote attackers to execute arbitrary commands via a .dxstudio file that...

CVE-2009-2011

Summary (CVE-2009-2011) Worldweaver DX Studio Player plugin for Firefox (and related IE/Firefox contexts) is vulnerable to remote command execution via the shell.execute JavaScript API method. The issue affects DX Studio Player versions including 3.0.29.0, 3.0.22.0, 3.0.12.0 and likely other vers...

CORE-2009-0521 - DX Studio Player Firefox plug-in command injection

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ DX Studio Player Firefox plug-in command injection 1. Advisory Information Title: DX Studio Player Firefox plug-in command injection Advisory ID: CORE-2009-0521...

DX Studio Player Firefox plug-in code execution

It's possible to execute system commands via Javascript API...

DX Studio Player &lt; 3.0.29.1 Firefox plug-in Command Injection Vuln

No description provided by source. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ DX Studio Player Firefox plug-in command injection 1. Advisory Information Title: DX Studio Player Firefox plug-in command injectio...

Worldweaver DX Studio Player 3.0.29.1 Firefox plugin - Command Injection

Worldweaver DX Studio Player 3.0.29.1 Firefox plugin - Command Injection -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ DX Studio Player Firefox plug-in command injection 1. Advisory Information Title: DX Studio...

DX Studio Player < 3.0.29.1 Firefox plug-in Command Injection Vuln

Exploit for windows platform in category remote exploits ================================================================== DX Studio Player 3.0.29.1 Firefox plug-in Command Injection Vuln ================================================================== -----BEGIN PGP SIGNED MESSAGE----- Hash:...

Core Security Technologies Advisory 2009.0521

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ DX Studio Player Firefox plug-in command injection 1. Advisory Information Title: DX Studio Player Firefox plug-in command injection Advisory ID: CORE-2009-0521...

Worldweaver DX Studio Player &lt; 3.0.29.1 Firefox plugin - Command Injection

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ DX Studio Player Firefox plug-in command injection 1. Advisory Information Title: DX Studio Player Firefox plug-in command injection Advisory ID: CORE-2009-0521...

DX Studio Player Firefox plug-in command injection

1. Advisory Information Title: DX Studio Player Firefox plug-in command injection Advisory ID: CORE-2009-0521 Advisory URL:http://www.coresecurity.com/core-labs/advisories/DXStudio-player-firefox-plugin Date published: 2009-06-09 Date of last update: 2009-06-08 Vendors contacted: Worldweaver...