CVE-2013-0895

Removed by vendor...

SuSE 11.2 Security Update : dbus-1 (SAT Patch Number 6733)

This update fixes a vulnerability in the DBUS auto-launching feature that allowed local users to execute arbitrary programs as root. CVE-2012-3524 has been assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

Code injection

Opera before 11.67 and 12.x before 12.02 allows remote attackers to cause truncation of a dialog, and possibly trigger downloading and execution of arbitrary programs, via a crafted web site...

CVE-2012-6460

CVE-2012-6460 affects Opera browser versions before 11.67 and 12.x before 12.02, where a crafted web site can truncate a dialog and potentially trigger downloading and execution of arbitrary programs. Connected sources confirm this is a browser-level vulnerability with remote code execution impli...

Mozilla Firefox Multiple Vulnerabilities - November12 (Windows)

This host is installed with Mozilla Firefox and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbmozillafirefoxmultvulnnov12win.nasl 5977 2017-04-19 09:02:22Z teissa $ Mozilla Firefox Multiple Vulnerabilities - November12 Windows Authors: Rachana Shetty Copyright: Copyright...

Authentication flaw

Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote authenticated administrators to execute arbitrary programs by modifying the path to clamav. NOTE: this can be exploited without authentication by leveraging CVE-2012-2243...

CVE-2012-2244

CVE-2012-2244 affects Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4. The issue allows remote arbitrary code execution by an authenticated admin via manipulating the path to clamav; note it can be exploited without authentication through CVE-2012-2243. Impact per the sources is remote code exec...

CVE-2012-4203

The New Tab page in Mozilla Firefox before 17.0 uses a privileged context for execution of JavaScript code by bookmarklets, which allows user-assisted remote attackers to run arbitrary programs by leveraging a javascript: URL in a bookmark...

CVE-2012-4203

The New Tab page in Mozilla Firefox before 17.0 uses a privileged context for execution of JavaScript code by bookmarklets, which allows user-assisted remote attackers to run arbitrary programs by leveraging a javascript: URL in a bookmark...

Slackware: Security Advisory (SSA:2004-140-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2012-4177

The web browser plugin for Ubisoft Uplay PC before 2.0.4 allows remote attackers to execute arbitrary programs via the -orbitexepath command line argument...

CVE-2011-4786

A certain ActiveX control in HPTicketMgr.dll in HP Easy Printer Care Software 2.5 and earlier allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via unspecified vectors, a different vulnerability than CVE-2011-2404 and CVE-2011-4787...

CVE-2011-4837

Cross-site request forgery CSRF vulnerability in /ctrl in the web interface in HomeSeer HS2 2.5.0.20 allows remote attackers to hijack the authentication of admins for requests that execute arbitrary programs...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in /ctrl in the web interface in HomeSeer HS2 2.5.0.20 allows remote attackers to hijack the authentication of admins for requests that execute arbitrary programs...

Code injection

gtkutils.c in Pidgin before 2.10.0 on Windows allows user-assisted remote attackers to execute arbitrary programs via a file: URL in a message...

CVE-2011-3185

gtkutils.c in Pidgin before 2.10.0 on Windows allows user-assisted remote attackers to execute arbitrary programs via a file: URL in a message...

Code injection

The Play method in the UUPlayer ActiveX control 6.0.0.1 in UUSee 2010 6.11.0609.2 allows remote attackers to execute arbitrary programs via a UNC share pathname in the MPlayerPath parameter...

CVE-2011-2590

CVE-2011-2590 affects UUSee UUPlayer ActiveX Control 6.0.0.1 (UUSee 2010 6.11.0609.2). The Play() method allows remote code execution by passing a UNC path in the MPlayerPath parameter, enabling application-context execution. OpenVAS entries also describe multiple remote code execution vulnerabil...

Authentication flaw

TCPUploadServer.exe in Progea Movicon 11.2 before Build 1084 does not require authentication for critical functions, which allows remote attackers to obtain sensitive information, delete files, execute arbitrary programs, or cause a denial of service crash via a crafted packet to TCP port 10651...

Easewe FTP OCX ActiveX Control 4.5.0.9 - 'EaseWeFtp.ocx' Multiple Insecure Method Vulnerabilities

source: https://www.securityfocus.com/bid/48393/info Easewe FTP OCX ActiveX control is prone to multiple insecure-method vulnerabilities. Attackers can exploit these issues to perform unauthorized actions or execute arbitrary programs. Successful exploits may result in compromise of affected...