CVE-2008-4865

Untrusted search path vulnerability in valgrind before 3.4.0 allows local users to execute arbitrary programs via a Trojan horse .valgrindrc file in the current working directory, as demonstrated using a malicious --db-command options. NOTE: the severity of this issue has been disputed, but CVE i...

DEBIAN-CVE-2008-4865

Untrusted search path vulnerability in valgrind before 3.4.0 allows local users to execute arbitrary programs via a Trojan horse .valgrindrc file in the current working directory, as demonstrated using a malicious --db-command options. NOTE: the severity of this issue has been disputed, but CVE i...

CVE-2008-4865

CVE-2008-4865 concerns Valgrind prior to version 3.4.0. The vulnerability is an untrusted search path issue: a Trojan horse named ".valgrindrc" in the current working directory can be read by Valgrind, allowing a local user to influence execution (e.g., via a malicious --db-command). The availabl...

CVE-2008-4865

Untrusted search path vulnerability in valgrind before 3.4.0 allows local users to execute arbitrary programs via a Trojan horse .valgrindrc file in the current working directory, as demonstrated using a malicious --db-command options. NOTE: the severity of this issue has been disputed, but CVE i...

CVE-2008-4699

Insecure method vulnerability in the ActiveX control PAWWeb11.ocx in Peachtree Accounting 2004 allows remote attackers to execute arbitrary programs via the ExecutePreferredApplication method...

CVE-2008-3466

Microsoft Host Integration Server HIS 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or 6 to call the CreateProcess function, aka "HIS...

CVE-2008-3466

Microsoft Host Integration Server HIS 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or 6 to call the CreateProcess function, aka "HIS...

CVE-2008-4385

Husdawg, LLC Systems Requirements Lab 3, as used by Instant Expert Analysis, allows remote attackers to force the download and execution of arbitrary programs via by specifiying a malicious website argument to the Init method in 1 a certain ActiveX control sysreqlab2.cab, sysreqlab.dll,...

CVE-2008-4385

Husdawg, LLC Systems Requirements Lab 3, as used by Instant Expert Analysis, allows remote attackers to force the download and execution of arbitrary programs via by specifiying a malicious website argument to the Init method in 1 a certain ActiveX control sysreqlab2.cab, sysreqlab.dll,...

CVE-2008-4472

The CVE-2008-4472 issue is in the LiveUpdate ActiveX control (LiveUpdate16.DLL 17.2.56) used by Autodesk products (e.g., Revit Architecture 2009 SP2, Autodesk Design Review 2009). The ApplyPatch method accepts a second argument and can cause arbitrary code execution on a remote Windows host when ...

CVE-2008-4472

The UpdateEngine class in the LiveUpdate ActiveX control LiveUpdate16.DLL 17.2.56, as used in Revit Architecture 2009 SP2 and Autodesk Design Review 2009, allows remote attackers to execute arbitrary programs via the second argument to the ApplyPatch method...

Design/Logic Flaw

Java on Apple Mac OS X 10.5.4 and 10.5.5 does not prevent applets from accessing file:// URLs, which allows remote attackers to execute arbitrary programs...

FreeBSD Ports: frontpage -- cross site scripting vulnerability

The remote host is missing an update to the system as announced in the referenced advisory. VID c0171f59-ea8a-11da-be02-000c6ec775d9 OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

CVE-2008-0953

The StartApp function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to execute arbitrary programs via a .exe filename in the argument, a different vulnerability than CVE-2007-5608 and CVE-2008-0953...

Design/Logic Flaw

The StartApp function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to execute arbitrary programs via a .exe filename in the argument, a different vulnerability than CVE-2007-5608 and CVE-2008-0953...

CVE-2008-0953

The HP Instant Support HPISDataManager.dll ActiveX control (HPISDataManager, used by HP Online Support Services) contains multiple insecure methods (StartApp, DownloadFile, MoveFile, GetFileTime, ExtractCab, AppendStringToFile, RegistryString) that can be exploited by remote, unauthenticated atta...

Debian Security Advisory DSA 203-1 (smb2www)

The remote host is missing an update to smb2www announced via advisory DSA 203-1. OpenVAS Vulnerability Test $Id: deb2031.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 203-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

Directory traversal

Directory traversal vulnerability in the WebLaunch.WeblaunchCtl.1 aka CWebLaunchCtl ActiveX control in weblaunch.ocx 1.0.0.1 in Gateway Weblaunch allows remote attackers to execute arbitrary programs via a ..\ dot dot backslash in the second argument to the DoWebLaunch method. NOTE: some of these...

CVE-2007-6331

Absolute path traversal vulnerability in the HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center hpinfocenter.exe 1.0.1.1 in HP Quick Launch Button QLBCTRL.exe, aka QLB 6.3 and earlier allows remote attackers to execute arbitrary programs via the first argument...

Path traversal

Absolute path traversal vulnerability in the HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center hpinfocenter.exe 1.0.1.1 in HP Quick Launch Button QLBCTRL.exe, aka QLB 6.3 and earlier allows remote attackers to execute arbitrary programs via the first argument...