141 matches found
PT-2007-6950 · Invensys · Invensys Wonderware Intouch
Name of the Vulnerable Software and Affected Versions: Invensys Wonderware InTouch version 8.0 Description: The issue allows remote authenticated attackers, and possibly anonymous users, to execute arbitrary programs due to insecure permissions set on a NetDDE share. Recommendations: For Invensys...
CVE-2007-4891
CVE-2007-4891 concerns the PDWizard.ocx ActiveX control in Microsoft Visual Studio 6.0. Affected component: PDWizard.ocx (Visual Studio 6.0) with versions 6.0.0.9782 and earlier. Root cause: the PDWizard.ocx ActiveX control exposes dangerous methods (StartProcess, SyncShell, SaveAs, CABDefaultURL...
CVE-2007-0161
The CVE-2007-0161 entry concerns the HP PML Driver HPZ12 (HPZipm12.exe) used in HP all‑in‑one drivers. It states that insecure SERVICE_CHANGE_CONFIG DACL permissions on the driver allow a local user to gain privileges and run arbitrary programs by modifying the binpath, a scenario related to CVE-...
Cross site scripting
Cross-site scripting XSS vulnerability in vtibin/vtiadm/fpadmdll.dll in Microsoft FrontPage Server Extensions 2002 and SharePoint Team Services allows remote attackers to inject arbitrary web script or HTML, then leverage the attack to execute arbitrary programs or create new accounts, via the 1...
CVE-2006-0765
GUI display truncation vulnerability in ICQ Inc. formerly Mirabilis ICQ 2003a, 2003b, Lite 4.0, Lite 4.1, and possibly other Windows versions allows user-assisted remote attackers to hide malicious file extensions, bypass Windows security warnings via a filename that is all uppercase and of a...
[SA15827] Adobe Reader / Acrobat Two Vulnerabilities
---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...
CVE-2004-1391
Untrusted execution path vulnerability in the PPPoE daemon PPPoEd in QNX RTP 6.1 allows local users to execute arbitrary programs by modifying the PATH environment variable to point to a malicious mount program...
CVE-2004-1162
The unison command in scponly before 4.0 does not properly restrict programs that can be run, which could allow remote authenticated users to bypass intended access restrictions and execute arbitrary programs via the 1 -rshcmd or 2 -sshcmd flags...
CVE-2004-1329
Untrusted execution path vulnerability in the diag commands 1 lsmcode, 2 diagexec, 3 invscout, and 4 invscoutd in AIX 5.1 through 5.3 allows local users to execute arbitrary programs by modifying the DIAGNOSTICS environment variable to point to a malicious Dctrl program...
CVE-2004-1885
Ipswitch WSFTP Server 4.0.2 allows remote authenticated users to execute arbitrary programs as SYSTEM by using the SITE command to modify certain iFtpSvc options that are handled by iftpmgr.exe...
CVE-2004-1391
Untrusted execution path vulnerability in the PPPoE daemon PPPoEd in QNX RTP 6.1 allows local users to execute arbitrary programs by modifying the PATH environment variable to point to a malicious mount program...
CVE-2004-1028
Untrusted execution path vulnerability in chcod on AIX IBM 5.1.0, 5.2.0, and 5.3.0 allows local users to execute arbitrary programs by modifying the PATH environment variable to point to a malicious "grep" program, which is executed from chcod...
Debian DSA-036-1 : Midnight Commander - arbitrary program execution
It has been reported that a local user could tweak Midnight Commander of another user into executing an arbitrary program under the user id of the person running Midnight Commander. This behaviour has been fixed by Andrew V. Samoilov. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...
Debian DSA-377-1 : wu-ftpd - insecure program execution
wu-ftpd, an FTP server, implements a feature whereby multiple files can be fetched in the form of a dynamically constructed archive file, such as a tar archive. The names of the files to be included are passed as command line arguments to tar, without protection against them being interpreted as...
Symantec Norton AntiVirus 2004 ActiveX control fails to properly validate input
Overview There is a vulnerability in an ActiveX control provided by Norton AntiVirus 2004 that could allow an attacker to execute arbitrary programs, launch a browser window containing an unauthorized URL, or cause a denial of service on a vulnerable system. Description Norton AntiVirus 2004 is a...
IE 5.x-6.0 allows executing arbitrary programs using showHelp()
IE 5.x-6.0 allows executing arbitrary programs using showHelp =============================================================== Title: IE 5.x-6.0 allows executing arbitrary programs using showHelp Date: Monday, December 29, 2003 Software: IE 5.x, 6.0 Vendor: Microsoft Corp. Patch: N/A Author: Arman...
CVE-2003-0742
SCO Internet Manager mana allows local users to execute arbitrary programs by setting the REMOTEADDR environment variable to cause menu.mana to run as if it were called from ncsahttpd, then modifying the PATH environment variable to point to a malicious "hostname" program...
CVE-2003-0742
SCO Internet Manager mana allows local users to execute arbitrary programs by setting the REMOTEADDR environment variable to cause menu.mana to run as if it were called from ncsahttpd, then modifying the PATH environment variable to point to a malicious "hostname" program...
Low: Red Hat Security Advisory: lv security update
Updated lv packages that fix the possibility of local privilege escalation are now available. Lv is a powerful file viewer similar to less. It can decode and encode multilingual streams through many coding systems, such as ISO-8859, ISO-2022, EUC, SJIS Big5, HZ, and Unicode. A bug has been found ...
CVE-2003-0337
The ckconfig command in lsadmin for Load Sharing Facility LSF 5.1 allows local users to execute arbitrary programs by modifying the LSFENVDIR environment variable to reference an alternate lsf.conf file, then modifying LSFSERVERDIR to point to a malicious lim program, which lsadmin then executes...