CVE-2009-5008

Cisco Secure Desktop (CSD) together with an AnyConnect SSL VPN server is affected by CVE-2009-5008, where the component does not perform verification correctly, enabling local users to bypass policy restrictions via a modified executable file. Reports across multiple sources (NVD/Red Hat/CVE entr...

JVN#88850043: Lhasa may insecurely load executable files

Lhasa is a file extraction software that supports LZH and ZIP formats. Lhasa loads certain executables .exe when extracting files. Lhasa contains an issue with the file search path, which may insecurely load executables. Impact An attacker may execute arbitrary code with the privilege of running...

Lyris ListManager - MSDE Weak sa Password (Metasploit)

$Id: lyrislistmanagerweakpass.rb 10394 2010-09-20 08:06:27Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

Adobe Cautions Users About Installing Unofficial Reader Patch

Adobe is cautioning its users about installing an unofficial patch for the Reader CoolType.dll bug that was released on Wednesday, saying that although the patch appears to prevent the crash in Reader, installing it could have some unintended consequences. The Reader bug, which was disclosed...

Executables, Other Files Can Be Used in Attacks Similar to DLL-Hijacking

There are a number of other file types that can be used in the same kind of attacks that have been used in the DLL-hijacking exploit in recent weeks. Experts say that executable files, Windows INI files and some other file types can be used in these same attacks. The attack scenario would be...

New Email Worm Turns Back the Clock on Virus Attacks

There appears to be an actual email worm in circulation right now, using the tried-and-true infection method of sending malicious emails to all of the names in a user’s email address book. As of Friday afternoon, the malicious files had been deleted from the remote server in the UK that was servi...

Mandriva Update for libgdiplus MDVSA-2010:166 (libgdiplus)

Check for the Version of libgdiplus OpenVAS Vulnerability Test Mandriva Update for libgdiplus MDVSA-2010:166 libgdiplus Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modif...

Microsoft-Word-Record

Microsoft Word is prone to a buffer-overflow vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial-of-service conditions. This update adds support for Office 2003 SP0. import...

Bloodshed Dev-C++ 4.9.9.2 - Multiple EXE Loading Arbitrary Code Executions

Bloodshed Dev-C++ 4.9.9.2 - Multiple EXE Loading Arbitrary Code Executions // source: https://www.securityfocus.com/bid/42737/info Bloodshed Dev-C++ is prone to a vulnerability that lets attackers execute arbitrary code. This issue affects 'make.exe' and 'minw32-make.exe'. An attacker can exploit...

Shadowserver Starts Free Binary-Checking Service

A non-profit group that tracks malicious activity online has just started a new free service that enables users to check executable files against a database of known good applications and to help determine whether a given file is malicious. The service, offered by the Shadowserver Foundation, is ...

Secunia Research: Opera "Download" Dialog File Execution Security Issue

====================================================================== Secunia Research 12/08/2010 - Opera "Download" Dialog File Execution Security Issue - ====================================================================== Table of Contents Affected...

Windows Shell LNK file CONTROL item command execution

Added: 07/22/2010 CVE: CVE-2010-2568 BID: 41732 OSVDB: 66387 Background Microsoft Windows supports LNK files, also known as shortcuts, which are references to other files. Shortcuts can be placed in a location which is convenient for users such as the Desktop or Start menu, from which they can be...

Windows Shell LNK file CONTROL item command execution

Added: 07/22/2010 CVE: CVE-2010-2568 BID: 41732 OSVDB: 66387 Background Microsoft Windows supports LNK files, also known as shortcuts, which are references to other files. Shortcuts can be placed in a location which is convenient for users such as the Desktop or Start menu, from which they can be...

Microsoft Outlook AttachMethods Remote Code Execution (MS10-045; CVE-2010-0266)

Microsoft Outlook is an e-mail application and a personal information manager. A remote code execution vulnerability has been reported in the way that Microsoft Office Outlook tries to verify attachments in a specially crafted e-mail message. The vulnerability is due to an error in Microsoft Offi...

Double-clicking a link can unexpectedly run a program from the Internet – Opera Security Advisories

Double-clicking a link can unexpectedly run a program from the Internet – Opera Security Advisories OPCOM Team | June 29, 2010 Severity Moderately severe Description When a user clicks a link on a Web page that points to an executable file, Opera will show a download dialog to allow the user to...

Software Index a remote file upload vulnerability-vulnerability warning-the black bar safety net

Upload file filter is not strict, resulting in remote file upload executable code vulnerabilities. Bulk Google Dork : Copyright 2 0 1 0. Software Index Exp: the html head TitleSelect Image File for uploading/Title script language="JavaScript" function checkFile if form1. userfile. value == ""...

CVE-2010-2336

index.php in Yamamah Photo Gallery 1.00 allows remote attackers to obtain the source code of executable files within the web document root via the download parameter...

Code injection

index.php in Yamamah Photo Gallery 1.00 allows remote attackers to obtain the source code of executable files within the web document root via the download parameter...

CVE-2010-2336

index.php in Yamamah Photo Gallery 1.00 allows remote attackers to obtain the source code of executable files within the web document root via the download parameter...

CVE-2008-4389

Symantec AppStream 5.2.x and Symantec Workspace Streaming SWS 6.1.x before 6.1 SP4 do not properly perform authentication, which allows remote Workspace Streaming servers and man-in-the-middle attackers to download arbitrary executable files onto a client system, and execute these files, via...