ZDI-10-140: Novell iPrint Client Browser Plugin operation Parameter Remote Code Execution Vulnerability

ZDI-10-140: Novell iPrint Client Browser Plugin operation Parameter Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-140 August 5, 2010 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: Novell -- Affected Products: Novell iPrint -- TippingPointTM I...

ZDI-10-139: Novell iPrint Client Browser Plugin Parameter Name Remote Code Execution

ZDI-10-139: Novell iPrint Client Browser Plugin Parameter Name Remote Code Execution http://www.zerodayinitiative.com/advisories/ZDI-10-139 August 5, 2010 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: Novell -- Affected Products: Novell iPrint -- TippingPointTM IPS Customer...

TPTI-10-06: Novell iPrint Client Browser Plugin ExecuteRequest debug Parameter Remote Code Execution Vulnerability

TPTI-10-06: Novell iPrint Client Browser Plugin ExecuteRequest debug Parameter Remote Code Execution Vulnerability http://dvlabs.tippingpoint.com/advisory/TPTI-10-06 August 4, 2010 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: Novell -- Affected Products: Novell iPrint --...

TPTI-10-05: Novell iPrint Client Browser Plugin Remote File Deletion Vulnerability

TPTI-10-05: Novell iPrint Client Browser Plugin Remote File Deletion Vulnerability http://dvlabs.tippingpoint.com/advisory/TPTI-10-05 August 4, 2010 -- CVSS: 7.8, AV:N/AC:L/Au:N/C:N/I:N/A:C -- Affected Vendors: Novell -- Affected Products: Novell iPrint -- TippingPointTM IPS Customer Protection:...

Novell iPrint Client Browser Plugin operation Parameter Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Novell iPrint Client Browser Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

Novell iPrint Client Browser Plugin Parameter Name Remote Code Execution

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Novell iPrint Client browser plugin. User interaction is required in that a target must visit a malicious web page. The specific flaw exists within handling plugin parameters. The application...

JAVA web start arbitrary command-line injection - "-XXaltjvm" arbitrary dll loading (0day)

HTML Version ---------- http://www.reversemode.com/index.php?option=comcontent&task=view&id=67&Itemid=1 ---------- Bye bye my little 0day :, Tavis Ormandy did a great job uncovering a big logic flaw within Java JRE. I discovered that bug and other that affects every browser few weeks ago and I...

JAVA Web Start - Arbitrary Command-Line Injection

JAVA Web Start - Arbitrary Command-Line Injection Bye bye my little 0day :, Tavis Ormandy did a great job uncovering a big logic flaw within Java JRE. I discovered that bug and other that affects every browser few weeks ago and I posted the common "0day++" tweet. The method in which Java Web Star...

JAVA Web Start - Arbitrary Command-Line Injection

Bye bye my little 0day :, Tavis Ormandy did a great job uncovering a big logic flaw within Java JRE. I discovered that bug and other that affects every browser few weeks ago and I posted the common "0day++" tweet. The method in which Java Web Start support has been added to the JRE is not less th...

Worldweaver DX Studio Player shell.execute() Command Execution

This module exploits a command execution vulnerability within the DX Studio Player from Worldweaver for versions 3.0.29 and earlier. The player is a browser plugin for IE ActiveX and Firefox dll. When an unsuspecting user visits a web page referring to a specially crafted .dxstudio document, an...

Adobe Acrobat and Adobe Reader Plugin Object Reloading Memory Corruption (CVE-2009-2983)

Adobe develops products for creating, distributing, and viewing Portable Document Format PDF documents. Adobe Reader is a viewer application that allows for reading and the printing of PDF documents. Adobe Acrobat provides PDF authoring functionality in addition to those of viewing. In addition t...

Adobe Error Leaves Flash Flaw Unpatched for 16 Months

Adobe has acknowledged that an internal screw-up caused a potentially dangerous Flash Player flaw to remain unpatched for more than 16 months after it was first reported by an external security researcher. “It slipped through the cracks,” said Emmy Huang, a product manager for Flash Player. Adobe...

Winds3D Viewer GetURL()函数远程代码执行漏洞

BUGTRAQ ID: 35595 CVECAN ID: CVE-2009-2386 Awakening是一个功能强大的实时3D解决方案，Winds3D Viewer是Awakening的浏览器插件。 Winds3D Viewer以不安全的方式实现了GetURL函数： /----------- GetURLstring URL Description: Open browser to visit assigned URL returns: None - -----------/ 调用GetURL最终会执行相当于“ShellExecuteNULL, "open", URL, 0, 0,...

[Full-disclosure] CORE-2009-0519 - Awingsoft Awakening Winds3D Viewer remote command execution vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Awingsoft Awakening Winds3D Viewer remote command execution vulnerability 1. Advisory Information Title: Awingsoft Awakening Winds3D Viewer remote command execution...

Winds3D Viewer 3 - GetURL() Arbitrary File Download

Winds3D Viewer 3 - GetURL Arbitrary File Download source: https://www.securityfocus.com/bid/35595/info Winds3D Viewer is prone to a vulnerability that can allow malicious files to be downloaded an executed within the context of the affected browser that uses the plugin. Successfully exploiting th...

Winds3D Viewer 3 - 'GetURL()' Arbitrary File Download

source: https://www.securityfocus.com/bid/35595/info Winds3D Viewer is prone to a vulnerability that can allow malicious files to be downloaded an executed within the context of the affected browser that uses the plugin. Successfully exploiting this issue will allow attackers to compromise the...

Solaris Update for Adobe Acrobat Reader browser-plugin 121136-02

Check for the Version of Adobe Acrobat Reader browser-plugin OpenVAS Vulnerability Test Solaris Update for Adobe Acrobat Reader browser-plugin 121136-02 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you...

Solaris Update for Adobe Acrobat Reader browser-plugin 121136-02

Check for the Version of Adobe Acrobat Reader browser-plugin OpenVAS Vulnerability Test Solaris Update for Adobe Acrobat Reader browser-plugin 121136-02 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you...

Mandriva Update for totem MDKA-2007:053 (totem)

Check for the Version of totem OpenVAS Vulnerability Test Mandriva Update for totem MDKA-2007:053 totem Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

LPViewer ActiveX Control url property buffer overflow

Added: 11/21/2008 CVE: CVE-2008-4384 BID: 31604 OSVDB: 48946 Background The LPViewer ActiveX Control installs with the iseemedia ZOOM control viewer and allows viewing of images created with iseemedia software. Problem A buffer overflow vulnerability allows command execution when a user opens a w...