286 matches found
Code injection
Invensys Wonderware InTouch 8.0 creates a NetDDE share with insecure permissions Everyone/Full Control, which allows remote authenticated attackers, and possibly anonymous users, to execute arbitrary programs...
CVE-2007-6033
Invensys Wonderware InTouch 8.0 creates a NetDDE share with insecure permissions Everyone/Full Control, which allows remote authenticated attackers, and possibly anonymous users, to execute arbitrary programs...
CVE-2007-5689
The Java Virtual Machine JVM in Sun Java Runtime Environment JRE in SDK and JRE 1.3.x through 1.3.120 and 1.4.x through 1.4.215, and JDK and JRE 5.x through 5.0 Update 12 and 6.x through 6 Update 2, allows remote attackers to execute arbitrary programs, or read or modify arbitrary files, via...
CVE-2007-5689
The Java Virtual Machine JVM in Sun Java Runtime Environment JRE in SDK and JRE 1.3.x through 1.3.120 and 1.4.x through 1.4.215, and JDK and JRE 5.x through 5.0 Update 12 and 6.x through 6 Update 2, allows remote attackers to execute arbitrary programs, or read or modify arbitrary files, via...
CVE-2002-2352
CVE-2002-2352 : The NBActiveX.ocx ActiveX control in NeoBook 4 is vulnerable to.remote attackers who can install and execute arbitrary programs. NVD CVSSv2 base score 5.8 (MEDIUM) with network vector, no authentication. Exploit status and affected versions/root cause are not detailed in the provi...
CVE-2007-5689
The Java Virtual Machine JVM in Sun Java Runtime Environment JRE in SDK and JRE 1.3.x through 1.3.120 and 1.4.x through 1.4.215, and JDK and JRE 5.x through 5.0 Update 12 and 6.x through 6 Update 2, allows remote attackers to execute arbitrary programs, or read or modify arbitrary files, via...
CVE-2003-1378
Technical details for CVE-2003-1378 are not publicly available in the provided documents. Monitor for updates from vendors and security bulletins for affected products and fixes.
CVE-2007-3896
The URL handling in Shell32.dll in the Windows shell in Microsoft Windows XP and Server 2003, with Internet Explorer 7 installed, allows remote attackers to execute arbitrary programs via invalid "%" sequences in a mailto: or other URI handler, as demonstrated using mIRC, Outlook, Firefox, Adobe...
Design/Logic Flaw
The URL handling in Shell32.dll in the Windows shell in Microsoft Windows XP and Server 2003, with Internet Explorer 7 installed, allows remote attackers to execute arbitrary programs via invalid "%" sequences in a mailto: or other URI handler, as demonstrated using mIRC, Outlook, Firefox, Adobe...
CVE-2007-3896
The URL handling in Shell32.dll in the Windows shell in Microsoft Windows XP and Server 2003, with Internet Explorer 7 installed, allows remote attackers to execute arbitrary programs via invalid "%" sequences in a mailto: or other URI handler, as demonstrated using mIRC, Outlook, Firefox, Adobe...
Code injection
inc/exif.inc.php in Original Photo Gallery 0.11.2 and earlier allows remote attackers to execute arbitrary programs via the exifprog parameter, which is specified in an exec function call...
CVE-2007-5224
The CVE-2007-5224 entry affects Original Photo Gallery 0.11.2 and earlier. Affected file: inc/exif.inc.php; the exif_prog parameter is used inside an exec() call without proper sanitization, allowing remote attackers to execute arbitrary commands on the server. This is described in multiple sourc...
CVE-2007-4891
A certain ActiveX control in PDWizard.ocx 6.0.0.9782 and earlier in Microsoft Visual Studio 6.0 exposes dangerous 1 StartProcess, 2 SyncShell, 3 SaveAs, 4 CABDefaultURL, 5 CABFileName, and 6 CABRunFile methods, which allows remote attackers to execute arbitrary programs and have other impacts, as...
Code injection
A certain ActiveX control in PDWizard.ocx 6.0.0.9782 and earlier in Microsoft Visual Studio 6.0 exposes dangerous 1 StartProcess, 2 SyncShell, 3 SaveAs, 4 CABDefaultURL, 5 CABFileName, and 6 CABRunFile methods, which allows remote attackers to execute arbitrary programs and have other impacts, as...
CVE-2007-3679
The Citrix EPA ActiveX control aka the "endpoint checking control" or CCAOControl Object before 4.5.0.0 in npCtxCAO.dll in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1 allows remote attackers to download and execute arbitrary programs onto a client syste...
Code injection
templates/config/mail.tpl in Tim Soderstrom StatsDawg 0.92 allows remote attackers to execute arbitrary programs by specifying the program name in the qshapeLocation parameter...
CVE-2007-1587
templates/config/mail.tpl in Tim Soderstrom StatsDawg 0.92 allows remote attackers to execute arbitrary programs by specifying the program name in the qshapeLocation parameter...
Design/Logic Flaw
The PML Driver HPZ12 HPZipm12.exe in the HP all-in-one drivers, as used by multiple HP products, uses insecure SERVICECHANGECONFIG DACL permissions, which allows local users to gain privileges and execute arbitrary programs, as demonstrated by modifying the binpath argument, a related issue to...
CVE-2007-0161
The PML Driver HPZ12 HPZipm12.exe in the HP all-in-one drivers, as used by multiple HP products, uses insecure SERVICECHANGECONFIG DACL permissions, which allows local users to gain privileges and execute arbitrary programs, as demonstrated by modifying the binpath argument, a related issue to...
CVE-2006-2511
The ActiveX version of FrontRange iHEAT allows remote authenticated users to run arbitrary programs or access arbitrary files on the host machine by uploading a file with an extension that is not associated with an application, and selecting a file from the "Open With..." dialog...