CVE-2022-41924 Tailscale Windows daemon is vulnerable to RCE via CSRF

A vulnerability identified in the Tailscale Windows client allows a malicious website to reconfigure the Tailscale daemon tailscaled, which can then be used to remotely execute code. In the Tailscale Windows client, the local API was bound to a local TCP socket, and communicated with the Windows...

IBM ACPRunner 1.2.5 - ActiveX Control Dangerous Method

source: https://www.securityfocus.com/bid/10561/info It is reported that the IBM acpRunner ActiveX control contains dangerous methods that may result in a remote compromise of a system on which the ActiveX control is installed. These methods may be accessed by a malicious website and may result i...

CVE-2004-0503

Microsoft Outlook 2003 allows remote attackers to bypass the default zone restrictions and execute script within media files via a Rich Text Format RTF message containing an OLE object for the Windows Media Player, which bypasses Media Player's setting to disallow scripting and may lead to...

IBM EGatherer 2.0 - ActiveX Control Dangerous Method

source: https://www.securityfocus.com/bid/10562/info It is reported that the IBM eGatherer ActiveX control contains dangerous methods that may result in a remote compromise of a system on which the ActiveX control is installed. These methods may be accessed by a malicious website and may result i...

Restricted Zone: the OUTLOOK EXPRESS

Tuesday, 20 May, 2003 Silent delivery and installation of an executable on a target computer. No client input other than opening an email or newsgroup post. This can be achieved with the default setting of Outlook Express: RESTRICTED ZONE. Technically the following never worked, cannot work,...

SILLY BEHAVIOR Part III : Internet Explorer 5.5 - 6.0

Sunday, May 4, 2003 Silent delivery and installation of an executable on the target machine, default install of win98 and Internet Explorer with all patches to date. No client input other than viewing a web page: Mildly amused by the recent patching of the codebase saga spanning nearly 3 years no...

SAME LADY, DIFFERENT DRESS: Internet Explorer 6

Monday, August 12, 2002 Yet another silent delivery and installation of an executable on the target computer using Internet Exlorer 6. This can be achieved by reversing the following: http://online.securityfocus.com/bid/5350 And: HTM. In order to to achieve the required results as outlined in the...

HELP.dropper: IE6, OE6, Outlook...lookOut

Thursday, 28 March, 2002 Silent delivery and installation of an executable on a target computer. No client input other than opening an email or newsgroup post or web site. This can be accomplished with the default installation of Internet Explorer 6.0, Outlook Express 6.0 and probably Outlook and...

feeble.you!dora.exploit

Sunday, March 18, 2001 Silent delivery and installation of an executable on a target computer. No client input other than opening an email using Eudora 5.02 - Sponsored Mode provided 'use Microsoft viewer' and 'allow executables in HTML content' are enabled. One wonders why they are there in the...

MICROSOFT SECURITY FLAW?

Saturday, May 13, 2000 MICROSOFT SECURITY FLAW? Silent delivery and installation of an executable on a target computer. No client input other than opening an email or newsgroup post. 1. Using the following this can be accomplished with the default installation of Windows 95 and 98 and Internet...

silent.delivery.txt

Saturday, May 13, 2000 MICROSOFT SECURITY FLAW? Silent delivery and installation of an executable on a target computer. No client input other than opening an email or newsgroup post. 1. Using the following this can be accomplished with the default installation of Windows 95 and 98 and Internet...