286 matches found
CVE-2008-7022
Insecure method vulnerability in ChilkatMailv79.dll in the Chilkat Software IMAP ActiveX control ChilkatMail2.ChilkatMailMan2.1 allows remote attackers to execute arbitrary programs via the LoadXmlEmail method...
Ubuntu: Security Advisory (USN-795-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[USN-795-1] Nagios vulnerability
=========================================================== Ubuntu Security Notice USN-795-1 July 02, 2009 nagios2, nagios3 vulnerability CVE-2009-2288 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 8.10...
USN-795-1: Nagios vulnerability
It was discovered that Nagios did not properly parse certain commands submitted using the WAP web interface. An authenticated user could exploit this flaw and execute arbitrary programs on the server...
CVE-2003-1573
The PointBase 4.6 database component in the J2EE 1.4 reference implementation J2EE/RI allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun...
CVE-2003-1573
The PointBase 4.6 database component in the J2EE 1.4 reference implementation J2EE/RI allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in index.aas in Application Access Server A-A-S 2.0.48 allow remote attackers to hijack the authentication of administrators for requests that 1 execute arbitrary programs via a command job, 2 stop services via a setservice job, or 3...
CVE-2009-1464
Multiple cross-site request forgery CSRF vulnerabilities in index.aas in Application Access Server A-A-S 2.0.48 allow remote attackers to hijack the authentication of administrators for requests that 1 execute arbitrary programs via a command job, 2 stop services via a setservice job, or 3...
CVE-2009-0836
Foxit Reader 2.3 before Build 3902 and 3.0 before Build 1506, including 1120 and 1301, does not require user confirmation before performing dangerous actions defined in a PDF file, which allows remote attackers to execute arbitrary programs and have unspecified other impact via a crafted file, as...
AutoDesk LiveUpdate ActiveX Control ApplyPatch Method Execution
The version of the LiveUpdate ActiveX control, a component included with AutoCAD-based products and installed on the remote Windows host, reportedly allows execution of arbitrary programs via the second argument to the control's 'ApplyPatch' method. If an attacker can trick a user on the affected...
WoW ActiveX 2.x Multiple RCE Vulnerabilities
WoW ActiveX is prone to multiple remote code execution RCE vulnerabilities. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Design/Logic Flaw
Multiple insecure method vulnerabilities in the Web On Windows WOW ActiveX control in WOW ActiveX 2 allow remote attackers to 1 create and overwrite arbitrary files via the WriteIniFileString method, 2 execute arbitrary programs via the ShellExecute method, 3 read from the registry via unspecifie...
CVE-2009-0389
Multiple insecure method vulnerabilities in the Web On Windows WOW ActiveX control in WOW ActiveX 2 allow remote attackers to 1 create and overwrite arbitrary files via the WriteIniFileString method, 2 execute arbitrary programs via the ShellExecute method, 3 read from the registry via unspecifie...
CVE-2008-5028
Cross-site request forgery CSRF vulnerability in cmd.cgi in 1 Nagios 3.0.5 and 2 op5 Monitor before 4.0.1 allows remote attackers to send commands to the Nagios process, and trigger execution of arbitrary programs by this process, via unspecified HTTP requests...
CVE-2008-5027
The Nagios process in 1 Nagios before 3.0.5 and 2 op5 Monitor before 4.0.1 allows remote authenticated users to bypass authorization checks, and trigger execution of arbitrary programs by this process, via an a custom form or a b browser addon...
Authorization
The Nagios process in 1 Nagios before 3.0.5 and 2 op5 Monitor before 4.0.1 allows remote authenticated users to bypass authorization checks, and trigger execution of arbitrary programs by this process, via an a custom form or a b browser addon...
CVE-2008-5028
Cross-site request forgery CSRF vulnerability in cmd.cgi in 1 Nagios 3.0.5 and 2 op5 Monitor before 4.0.1 allows remote attackers to send commands to the Nagios process, and trigger execution of arbitrary programs by this process, via unspecified HTTP requests...
CVE-2008-5027
The Nagios process in 1 Nagios before 3.0.5 and 2 op5 Monitor before 4.0.1 allows remote authenticated users to bypass authorization checks, and trigger execution of arbitrary programs by this process, via an a custom form or a b browser addon...
CVE-2008-5028
Cross-site request forgery CSRF vulnerability in cmd.cgi in 1 Nagios 3.0.5 and 2 op5 Monitor before 4.0.1 allows remote attackers to send commands to the Nagios process, and trigger execution of arbitrary programs by this process, via unspecified HTTP requests...
Security feature bypass
The BasicService in Sun Java Web Start allows remote attackers to execute arbitrary programs on a client machine via a file:// URL argument to the showDocument method...