Symantec Norton AntiVirus 2004 ActiveX control fails to properly validate input

Overview There is a vulnerability in an ActiveX control provided by Norton AntiVirus 2004 that could allow an attacker to execute arbitrary programs, launch a browser window containing an unauthorized URL, or cause a denial of service on a vulnerable system. Description Norton AntiVirus 2004 is a...

F-Secure BackWeb 6.31 - Local Privilege Escalation

source: https://www.securityfocus.com/bid/10055/info A vulnerability has been reported in F-Secure BackWeb that may permit local attackers to gain system level privileges. The source of this vulnerability is that certain areas within the BackWeb interface permit arbitrary programs to be invoked...

IE 5.x-6.0 allows executing arbitrary programs using showHelp()

IE 5.x-6.0 allows executing arbitrary programs using showHelp =============================================================== Title: IE 5.x-6.0 allows executing arbitrary programs using showHelp Date: Monday, December 29, 2003 Software: IE 5.x, 6.0 Vendor: Microsoft Corp. Patch: N/A Author: Arman...

CVE-2003-0742

SCO Internet Manager mana allows local users to execute arbitrary programs by setting the REMOTEADDR environment variable to cause menu.mana to run as if it were called from ncsahttpd, then modifying the PATH environment variable to point to a malicious "hostname" program...

CVE-2003-0742

SCO Internet Manager mana allows local users to execute arbitrary programs by setting the REMOTEADDR environment variable to cause menu.mana to run as if it were called from ncsahttpd, then modifying the PATH environment variable to point to a malicious "hostname" program...

Low: Red Hat Security Advisory: lv security update

Updated lv packages that fix the possibility of local privilege escalation are now available. Lv is a powerful file viewer similar to less. It can decode and encode multilingual streams through many coding systems, such as ISO-8859, ISO-2022, EUC, SJIS Big5, HZ, and Unicode. A bug has been found ...

CVE-2003-0337

The ckconfig command in lsadmin for Load Sharing Facility LSF 5.1 allows local users to execute arbitrary programs by modifying the LSFENVDIR environment variable to reference an alternate lsf.conf file, then modifying LSFSERVERDIR to point to a malicious lim program, which lsadmin then executes...

Microsoft Outlook2000Express 6.0 - Arbitrary Program Execution

Microsoft Outlook2000Express 6.0 - Arbitrary Program Execution source: https://www.securityfocus.com/bid/6923/info Microsoft Outlook and Outlook Express may execute arbitrary programs through objects embedded in HTML email messages. When an email message or newsgroup message is viewed using...

Microsoft Outlook2000/Express 6.0 - Arbitrary Program Execution

source: https://www.securityfocus.com/bid/6923/info Microsoft Outlook and Outlook Express may execute arbitrary programs through objects embedded in HTML email messages. When an email message or newsgroup message is viewed using Outlook, a temporary object is created in the Internet Explorer cach...

[SECURITY] [DSA 204-1] New kdlibs packages fix arbitrary program execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 204-1 [email protected] http://www.debian.org/security/ Martin Schulze December 5th, 2002 http://www.debian.org/security/faq -...

[SECURITY] [DSA 158-1] New gaim packages fix arbitrary program execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 158-1 [email protected] http://www.debian.org/security/ Martin Schulze August 27th, 2002 http://www.debian.org/security/faq -...

[SECURITY] [DSA 158-1] New gaim packages fix arbitrary program execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 158-1 [email protected] http://www.debian.org/security/ Martin Schulze August 27th, 2002 http://www.debian.org/security/faq -...

CVE-2002-0767

simpleinit on Linux systems does not close a read/write FIFO file descriptor before creating a child process, which allows the child process to cause simpleinit to execute arbitrary programs with root privileges...

CVE-2002-0532

EMU Webmail allows local users to execute arbitrary programs via a .. dot dot in the HTTP Host header that points to a Trojan horse configuration file that contains a pageroot specifier that contains shell metacharacters...

CVE-2001-0942

dbsnmp in Oracle 8.1.6 and 8.1.7 uses the ORACLEHOME environment variable to find and execute the dbsnmp program, which allows local users to execute arbitrary programs by pointing the ORACLEHOME to an alternate directory that contains a malicious version of dbsnmp...

HP Openview NNM6.1 ovactiond bin exploit

Hello, Summery: HP Openview NNM6.1 and earlier running on unix have a problem with the suid bin executable ovactiond. It allows for starting of any program by just sending a trap or event to the station running the daemon. Details: in the trapd.conf the following is defined by default NNM6.1: EVE...

guninski31.txt

Georgi Guninski security advisory 31, 2001 Windows Media Player 7 and IE vulnerability - executing arbitrary programs Systems affected: Windows Media Player 7 and IE Risk: High Date: 1 January 2001 Legal Notice: This Advisory is Copyright c 2000 Georgi Guninski. You may distribute it unmo dified...

Windows Media Player 7 and IE vulnerability - executing arbitrary programs

Georgi Guninski security advisory 31, 2001 Windows Media Player 7 and IE vulnerability - executing arbitrary programs Systems affected: Windows Media Player 7 and IE Risk: High Date: 1 January 2001 Legal Notice: This Advisory is Copyright c 2000 Georgi Guninski. You may distribute it unmodified...

Microsoft Windows Media Player 7.0 - JavaScript URL

Microsoft Windows Media Player 7.0 - JavaScript URL source: https://www.securityfocus.com/bid/2167/info Windows Media Player is an application used for digital audio, and video content viewing. It can be embedded in webpages as an ActiveX control. It is possible to execute a javascript URL from...

OBJECT TYPE="text/html" may allow executing arbitrary programs in IE 5.5

Georgi Guninski security advisory 29, 2000 OBJECT TYPE="text/html" may allow executing arbitrary programs in IE 5.5 Systems affected: IE 5.5 probably 5.x and Outlook/Outlook Express, have not tested Risk: High Date: 23 November 2000 Legal Notice: This Advisory is Copyright c 2000 Georgi Guninski...