270 matches found
Microsoft Internet Explorer 6 URI Handler Restriction Circumvention Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/5730/info Microsoft Windows Internet Explorer 6.0 SP1 introduced restrictions for certain URI handlers such as file:// and res://. It has been demonstrated in the past that these URI handlers could be abused and...
Opera Web Browser 7.x URI Handler Directory Traversal Vulnerability
source: http://www.securityfocus.com/bid/12898/info Maxthon Web Browser is reported prone to an information disclosure vulnerability. This issue may allow an attacker to disclose search bar contents from an affected browser. Information disclosed through the exploitation of this vulnerability may...
IBM Installation Manager <= 1.3.0 iim:// URI handler exploit
No description provided by source. !-- IBM Installation Manager = 1.3.0 iim:// uri handler remote code execution exploit - IE by nine:situations:group::bruiser site: http://retrogod.altervista.org/ vulnerable: IBM Rational Robot IBM Rational Team Concert possibly all Rational products, not Ration...
Microsoft Internet Explorer and Mozilla Firefox URI Handler Command Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/24837/info Microsoft Internet Explorer, Mozilla Firefox and Netscape Navigator are prone to a vulnerability that lets attackers inject commands through the 'firefoxurl' and 'navigatorurl' protocol handlers. Exploiting the...
IBM Lotus Expeditor 6.1 - URI Handler Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/28926/info IBM Lotus Expeditor is prone to a command-execution vulnerability because it fails to properly sanitize input. Successfully exploiting this issue allows remote attackers to execute arbitrary commands in the...
XChat <= 2.8.7b (URI Handler) Remote Code Execution Exploit (ie6/ie7)
No description provided by source. Xchat = 2.8.7b Remote Code Execution tested on Windows XP SP1+SP2+SP3, IE6 & IE7 fully patched Vendor : http://xchat.org/ Affected Os : Windows Risk : critical This bug is related to the URI Handler vulnerability but the approch is a bit different. We don't use...
Valve Steam multiple security vulnerabilities
Buffer overflows, code executions and game engines vulnerabilities can be exploited via steam:// URI handler...
IBM Lotus Notes code execution
URI handler command injection...
Scientific Linux Security Update : lynx on SL3.x, SL4.x, SL5.x i386/x86_64
An arbitrary command execution flaw was found in the Lynx 'lynxcgi:' URI handler. An attacker could create a web page redirecting to a malicious URL that could execute arbitrary code as the user running Lynx in the non-default 'Advanced' user mode. CVE-2008-4690 Note: In these updated lynx...
Google Talk gtalk:// Deprecated Uri Handler Parameter Injection Vulnerability
No description provided by source. Google Talk gtalk:// Deprecated Uri Handler /gaiaserver Parameter Injection Vulnerability tested against: Internet Explorer 8 Microsoft Windows all versions download url of 1.0.0.104: http://www.google.com/talk/install.html download urls of 1.0.0.105:...
Google Talk gtalk:// Deprecated Uri Handler Parameter Injection
Exploit for windows platform in category remote exploits Google Talk gtalk:// Deprecated Uri Handler /gaiaserver Parameter Injection Vulnerability tested against: Internet Explorer 8 Microsoft Windows all versions download url of 1.0.0.104: http://www.google.com/talk/install.html download urls of...
Google Talk - gtalk: Deprecated URI Handler Injection
Google Talk - gtalk: Deprecated URI Handler Injection Google Talk gtalk:// Deprecated Uri Handler /gaiaserver Parameter Injection Vulnerability tested against: Internet Explorer 8 Microsoft Windows all versions download url of 1.0.0.104: http://www.google.com/talk/install.html download urls of...
Google Talk - 'gtalk://' Deprecated URI Handler Injection
Google Talk gtalk:// Deprecated Uri Handler /gaiaserver Parameter Injection Vulnerability tested against: Internet Explorer 8 Microsoft Windows all versions download url of 1.0.0.104: http://www.google.com/talk/install.html download urls of 1.0.0.105: http://www.google.com/talk/intl/it/...
Microsoft Internet Explorer Telnet URI Handler Remote Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to a vulnerability that lets attackers execute arbitrary remote code. An attacker can exploit this issue by enticing a legitimate user to use a vulnerable version of the application to access an HTML file from a network share location that contains...
Novell iPrint multiple security vulnerabilities
Code execution via op-printer-list-all-jobs URI handler and cookie, Multiple ActiveX code execution vulnerabilities...
ZDI-11-051: IBM Lotus Notes cai URI Handler Remote Code Execution Vulnerability
ZDI-11-051: IBM Lotus Notes cai URI Handler Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-051 February 7, 2011 - This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 180 day deadline. To view mitigations for this...
VLC Media Player 1.0.5 (Goldeneye) Buffer Overflow
There a Vulnerability in VLC Media Player v1.0.5 Goldeneye when handling M3U files with ftp:// URI handler. When we open the malicious file our EDX and EBP registers point to the user supplied data which might lead to code execution. State of the registers when we opne the malicious file is: EAX...
VLC Player M3U file ftp:// URI Handler Remote Stack Buffer Overflow
There a Vulnerability in VLC Media Player v1.0.5 Goldeneye when handling M3U files with ftp:// URI handler. When we open the malicious file our EDX and EBP registers point to the user supplied data which might lead to code execution. State of the registers when we opne the malicious file is: EAX...
Design/Logic Flaw
Argument injection vulnerability in the URI handler in a Java NPAPI plugin and b Java Deployment Toolkit in Java 6 Update 10, 19, and other versions, when running on Windows and possibly on Linux, allows remote attackers to execute arbitrary code via the 1 -J or 2 -XXaltjvm argument to javaws.exe...
CVE-2010-1423
Argument injection vulnerability in the URI handler in a Java NPAPI plugin and b Java Deployment Toolkit in Java 6 Update 10, 19, and other versions, when running on Windows and possibly on Linux, allows remote attackers to execute arbitrary code via the 1 -J or 2 -XXaltjvm argument to javaws.exe...