60 matches found
CVE-2013-0377
Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Client System Analyzer...
Code injection
Advantech/BroadWin WebAccess before 7.0 allows remote attackers to trigger the extraction of arbitrary web content into a batch file on a client system, and execute this batch file, via unspecified vectors...
Oracle Database Multiple Vulnerabilities (January 2011 CPU)
The remote Oracle database server is missing the January 2011 Critical Patch Update CPU and therefore is potentially affected by security issues in the following components : - Client System Analyzer - Cluster Verify Utility - Database Vault - Oracle Spatial - Scheduler Agent - UIX %NASLMINLEVEL...
CVE-2008-4389
Symantec AppStream 5.2.x and Symantec Workspace Streaming SWS 6.1.x before 6.1 SP4 do not properly perform authentication, which allows remote Workspace Streaming servers and man-in-the-middle attackers to download arbitrary executable files onto a client system, and execute these files, via...
Microsoft Security Bulletin MS09-061 - Critical Vulnerabilities in the Microsoft .NET Common Language Runtime Could Allow Remote Code Execution (974378)
Microsoft Security Bulletin MS09-061 - Critical Vulnerabilities in the Microsoft .NET Common Language Runtime Could Allow Remote Code Execution 974378 Published: October 13, 2009 Version: 1.0 General Information Executive Summary This security update resolves three privately reported...
Internet Explorer Data Stream Handling Memory Corruption (MS08-024; CVE-2008-1085)
Microsoft Internet Explorer IE is a web browser application that supports a wide range of WWW standard protocols and content formats. Besides HTML page and graphic images, various non-HTML content can be downloaded using IE. These contents, however, cannot be processed natively by IE. A set of...
Internet Explorer Clone Object Reference Memory Corruption (MS07-069; CVE-2007-3903)
Microsoft Internet Explorer IE is a web browser application that is capable of rendering both static and dynamic web content. The application is primarily used for tasks related to web browsing, such as displaying HTML encoded pages, downloading files, etc. A memory corruption vulnerability exist...
Remote code execution
The Trend Micro HouseCall ActiveX control 6.51.0.1028 and 6.6.0.1278 in HousecallActiveX.dll allows remote attackers to download an arbitrary library file onto a client system via a "custom update server" argument. NOTE: this can be leveraged for code execution by writing to a Startup folder...
Altiris Deployment Solution Agent < 6.9.355 Local Privilege Escalation (SYM08-019)
The version of the Altiris Deployment Solution Agent installed on the remote host is affected by a local privilege escalation issue. Successful exploitation of this issue could allow an authorized non-privileged user to gain local system access on the client system. C Tenable Network Security, In...
CVE-2008-3879
The Ultra.OfficeControl ActiveX control in OfficeCtrl.ocx 2.0.2008.801 and earlier in Ultra Shareware Ultra Office Control allows remote attackers to force the download of arbitrary files onto a client system via a URL in the first argument to the Open method, in conjunction with a full destinati...
Code injection
The IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 Automated Solutions 1.0 before fix pack 1, exposes unsafe methods to arbitrary web domains, which allows remote attackers to download arbitrary code on...
CVE-2007-3302
The CallCode ActiveX control in caller.dll 3.0 before 20070713, and 3.0 SP1 before 3.0.5.81, in CA formerly Computer Associates eTrust Intrusion Detection allows remote attackers to load arbitrary DLLs on a client system, and execute code from these DLLs, via unspecified "scriptable functions."...
QuickTime < 7.1.6 Multiple Vulnerabilities
Binary data 3975.prm...
OpenSSH Channel Code Off by 1
You are running a version of OpenSSH which is older than 3.1. SPDX-FileCopyrightText: 2002 Thomas Reinke Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:openbsd:openssh";...
Microsoft Internet Explorer 5.0.1 - LoadPicture File Enumeration
source: https://www.securityfocus.com/bid/9611/info Microsoft Internet Explorer is prone to an issue that may permit a remote site to enumerate the existence of files on the client system. This may be exploited via abuse of the VBScript LoadPicture method. Exploitation of the weakness may assist ...
CVE-2002-0898
Opera 6.0.1 and 6.0.2 allows a remote web site to upload arbitrary files from the client system, without prompting the client, via an input type=file tag whose value contains a newline...
Microsoft Internet Explorer 56 - Self Executing HTML File
Microsoft Internet Explorer 56 - Self Executing HTML File source: https://www.securityfocus.com/bid/6961/info Microsoft Internet Explorer contains a vulnerability that can allow script code within an HTML document to run an embedded executable file. Since the file is an HTML file, Internet Explor...
Microsoft Internet Explorer 5/6 - Self Executing HTML File
source: https://www.securityfocus.com/bid/6961/info Microsoft Internet Explorer contains a vulnerability that can allow script code within an HTML document to run an embedded executable file. Since the file is an HTML file, Internet Explorer will open and parse the file. When the script that poin...
CVE-2002-1851
Buffer overflow in WSFTP Pro 7.5 allows remote attackers to execute code on a client system via unknown attack vectors...
CVE-2002-0354
The XMLHttpRequest object XMLHTTP in Netscape 6.1 and Mozilla 0.9.7 allows remote attackers to read arbitrary files and list directories on a client system by opening a URL that redirects the browser to the file on the client, then reading the result using the responseText property...