286 matches found
Easewe FTP OCX ActiveX Control 4.5.0.9 - EaseWeFtp.ocx Multiple Insecure Method Vulnerabilities
Easewe FTP OCX ActiveX Control 4.5.0.9 - EaseWeFtp.ocx Multiple Insecure Method Vulnerabilities source: https://www.securityfocus.com/bid/48393/info Easewe FTP OCX ActiveX control is prone to multiple insecure-method vulnerabilities. Attackers can exploit these issues to perform unauthorized...
Directory traversal
Directory traversal vulnerability in dc.exe 9.00.00.11059 and earlier in 7-Technologies Interactive Graphical SCADA System IGSS allows remote attackers to execute arbitrary programs via ..\ dot dot backslash sequences in opcodes 1 0xa and 2 0x17 to TCP port 12397...
CVE-2011-1566
Directory traversal vulnerability in dc.exe 9.00.00.11059 and earlier in 7-Technologies Interactive Graphical SCADA System IGSS allows remote attackers to execute arbitrary programs via ..\ dot dot backslash sequences in opcodes 1 0xa and 2 0x17 to TCP port 12397...
CVE-2011-0922
Summary: CVE-2011-0922 affects HP Data Protector Client. A vulnerability in processing the EXEC_SETUP (and related EXEC_CMD/INSTALL/EXEC_SETUP) messages allows a remote attacker to force the client to load and execute arbitrary programs from a remote SMB share, enabling remote code execution. The...
CVE-2011-0639
Apple Mac OS X does not properly warn the user before enabling additional Human Interface Device HID functionality over USB, which allows user-assisted attackers to execute arbitrary programs via crafted USB data, as demonstrated by keyboard and mouse data sent by malware on a smartphone that the...
Default configuration
The default configuration of udev on Linux does not warn the user before enabling additional Human Interface Device HID functionality over USB, which allows user-assisted attackers to execute arbitrary programs via crafted USB data, as demonstrated by keyboard and mouse data sent by malware on a...
Null pointer dereference
Microsoft Windows does not properly warn the user before enabling additional Human Interface Device HID functionality over USB, which allows user-assisted attackers to execute arbitrary programs via crafted USB data, as demonstrated by keyboard and mouse data sent by malware on a smartphone that...
CVE-2011-0640
The default configuration of udev on Linux does not warn the user before enabling additional Human Interface Device HID functionality over USB, which allows user-assisted attackers to execute arbitrary programs via crafted USB data, as demonstrated by keyboard and mouse data sent by malware on a...
CVE-2010-1517
The CVE concerns the GIGABYTE Dldrv2 ActiveX control version 1.4.206.11. The vulnerability allows remote attackers to download arbitrary programs onto a client system and execute them via the dl method, and also via SetDLInfo with the Bdl method. The affected component is the Dldrv2 ActiveX contr...
CVE-2010-1908
The SdcUser.TgConCtl ActiveX control in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance does not properly restrict access to the HTTPDownloadFile, HTTPGetFile, Install, and RunCmd methods, which allows remote attackers to execute arbitrary programs via a URL in th...
CVE-2010-1908
The SdcUser.TgConCtl ActiveX control in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance does not properly restrict access to the HTTPDownloadFile, HTTPGetFile, Install, and RunCmd methods, which allows remote attackers to execute arbitrary programs via a URL in th...
Spoofing
A certain ActiveX control in NOS Microsystems getPlus Download Manager aka DLM or Downloader 1.5.2.35, as used in Adobe Download Manager, improperly validates requests involving web sites that are not in subdomains, which allows remote attackers to force the download and installation of arbitrary...
CVE-2010-0189
A certain ActiveX control in NOS Microsystems getPlus Download Manager aka DLM or Downloader 1.5.2.35, as used in Adobe Download Manager, improperly validates requests involving web sites that are not in subdomains, which allows remote attackers to force the download and installation of arbitrary...
CVE-2009-4261
Multiple directory traversal vulnerabilities in the iallocator framework in Ganeti 1.2.4 through 1.2.8, 2.0.0 through 2.0.4, and 2.1.0 before 2.1.0rc2 allow 1 remote attackers to execute arbitrary programs via a crafted external script name supplied through the HTTP remote API RAPI and allow 2...
HP LoadRunner XUpload.ocx ActiveX Control Arbitrary File Download
An arbitrary file download vulnerability exists in an HP LoadRunner ActiveX control. The vulnerability is due to a design flaw in a certain method. The method can be leveraged by attackers to execute arbitrary programs on the vulnerable host...
Adobe Acrobat Reader (Unix) Shell Metacharacter Code Execution (CVE-2004-0630)
Portable Document Format PDF is a file format for documents based on the PostScript description language. One of the products that is widely used to read PDF files is Adobe Acrobat Reader. This product is available on different platforms, including many versions of UNIX and Linux. There is a...
Memory corruption
A certain ActiveX control in the Indexing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly process URLs, which allows remote attackers to execute arbitrary programs via unspecified vectors that cause a "vulnerable binary" to load and run, aka "Memory...
CVE-2009-2507
A certain ActiveX control in the Indexing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly process URLs, which allows remote attackers to execute arbitrary programs via unspecified vectors that cause a "vulnerable binary" to load and run, aka "Memory...
Symantec Altiris Deployment Solution ActiveX File Download (CVE-2009-3028)
The Symantec Altiris Deployment Solution software provides tools to deploy and configure software across hardware platforms and operating systems. A remote program execution vulnerability exists in Symantec Altiris Deployment Solution. The vulnerability is caused due to the Altiris.AeXNSPkgDL.1...
CVE-2008-7022
Insecure method vulnerability in ChilkatMailv79.dll in the Chilkat Software IMAP ActiveX control ChilkatMail2.ChilkatMailMan2.1 allows remote attackers to execute arbitrary programs via the LoadXmlEmail method...