CVE-2007-6331

Absolute path traversal vulnerability in the HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center hpinfocenter.exe 1.0.1.1 in HP Quick Launch Button QLBCTRL.exe, aka QLB 6.3 and earlier allows remote attackers to execute arbitrary programs via the first argument...

Design/Logic Flaw

The HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center hpinfocenter.exe 1.0.1.1 in HP Quick Launch Button QLBCTRL.exe, aka QLB 6.3 and earlier, on Microsoft Windows before Vista allows remote attackers to create or modify arbitrary registry values via the...

Path traversal

Absolute path traversal vulnerability in the HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center hpinfocenter.exe 1.0.1.1 in HP Quick Launch Button QLBCTRL.exe, aka QLB 6.3 and earlier allows remote attackers to execute arbitrary programs via the first argument...

CVE-2007-6332

The HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center hpinfocenter.exe 1.0.1.1 in HP Quick Launch Button QLBCTRL.exe, aka QLB 6.3 and earlier, on Microsoft Windows before Vista allows remote attackers to create or modify arbitrary registry values via the...

CVE-2007-6331

CVE-2007-6331 describes an absolute path traversal in the HPInfoDLL.HPInfo.1 ActiveX control (HPInfoDLL.dll 1.0) shipped with HP Info Center and the HP Quick Launch Button (QLB) software, up to version 6.3. The vulnerability allows remote attackers to execute arbitrary programs by passing a craft...

HP notebooks remote code execution vulnerability (multiple series)

Advisory: ///////// Multiple Hewlett-Packard notebook series are prone to a remote code execution attack. The manufacturer's preinstalled software contains a critical flaw within the software built to support one-touch button quick feature access. Overview: ///////// Software called "HP Info...

KLA10186 Multiple vulnerabilities in HP Quick Launch Button

Multiple serious vulnerabilities have been found in HP Quick Launch Button. Malicious users can exploit these vulnerabilities to read and write arbitrary registry entries or execute arbitrary programs Below is a complete list of vulnerabilities 1. Vectors related to GetRegValue and SetRegValue ca...

Further understanding of USB Key security vulnerabilities-vulnerability warning-the black bar safety net

1, as long as the digital certificate and private key stored in the computer medium, or may be read into memory, and then are unsafe. For example, China merchants Bank, the hard disk version of the digital certificate is unsafe. Because of its private key and the digital certificate has been Troj...

Wordpress plugin myflash <= 1.00 (wppath) RFI Vulnerability

Exploit for unknown platform in category web applications =========================================================== Wordpress plugin myflash = 1.00 wppath RFI Vulnerability =========================================================== --------------------------------- Oyle Kahpe Ki Dunya !...

Hack tricks with QQ skin to do a backdoor invasion-vulnerability warning-the black bar safety net

A few days ago lcx prompted to say and QQ overflow vulnerability, and then suddenly the reminders I used to have a few QQ. vbs file didn't seriously go read it. So into the directory looking for it, this look does not matter Ah, almost weighs that. The original We for QQ of operation is like this...

The cafe's invasion and the cafe boss fight-bug warning-the black bar safety net

We're and the owner of the cafe fight to the end to succeed must know ourselves to win every battle. First let's take a look at the cafe owners now generally under some kind of obstacle to it: The primary 1． Prohibition of“Run”; 2． The prohibition of the use of the menu bar on the right keys; 3．...

SSH Tectia Manager privilege escalation

User can start unprivileged 'sshd', after "Restart" GUI button is pressed application is restarted with root privileges...

msieCrashMouse.txt

Title: Microsoft Internet Explorer - Crash on mouse button click Author: Kil13r - http://www.kil13r.info/ Local / Remote: Both Date of discovery: 2003/12/28 Release date: 2006/05/20 Affected software: Microsoft Internet Explorer Description: There is a bug in Microsoft Internet Explorer, which...

CVE-2004-2659

Opera offers an Open button to verify that a user wishes to execute a downloaded file, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking Open via a request for a different mouse or keyboard action very shortly before the Open dialog appears...

CVE-2004-2659

Technical details for CVE-2004-2659 are not publicly provided in the connected documents. The available description notes a user-assisted race condition in Opera's Open dialog, but no confirmed affected versions, fixes, or exploitation vectors are present. Monitor for updates.

Mandrake Linux Security Advisory : OpenOffice.org (MDKSA-2006:033)

OpenOffice.org 2.0 and earlier, when hyperlinks has been disabled, does not prevent the user from clicking the WWW-browser button in the Hyperlink dialog, which makes it easier for attackers to trick the user into bypassing intended security settings. Updated packages are patched to address this...

CVE-2005-4771

Trusted Mobility Agent PC Policy in Trust Digital Trusted Mobility Suite provides a cancel button that bypasses the domain-authentication prompt, which allows local users to sync a handheld PDA device despite a policy setting that sync is unauthorized...

Double-clicking a link can run a program from the Internet – Opera Security Advisories

Double-clicking a link can run a program from the Internet – Opera Security Advisories OPCOM Team | December 19, 2005 Summary If a user double-clicks a Web link leading to a program,that program can be run. The second click may go intothe “Open” button of the file download dialog. Severity:...

CVE-2005-4269

mshtml.dll in Microsoft Windows XP, Server 2003, and Internet Explorer 6.0 SP1 allows attackers to cause a denial of service access violation by causing mshtml.dll to process button-focus events at the same time that a document is reloading, as seen in Microsoft Office InfoPath 2003 by repeatedly...

CVE-2005-4269

mshtml.dll in Microsoft Windows XP, Server 2003, and Internet Explorer 6.0 SP1 allows attackers to cause a denial of service access violation by causing mshtml.dll to process button-focus events at the same time that a document is reloading, as seen in Microsoft Office InfoPath 2003 by repeatedly...