924 matches found
PT-2007-1420 · Utimaco · Utimaco Safeguard
Name of the Vulnerable Software and Affected Versions: Utimaco Safeguard affected versions not specified Description: The centralized management feature of Utimaco Safeguard stores hard-coded cryptographic keys in executable programs for encrypted configuration files. This allows attackers to...
Vulnerability in Opera's use of kfmclient
The kfmclient is a part of the KDE desktop environment.It inspects the file given to it to determine its MIMEtype, and performs the action assigned to that MIME typein KDE's configuration. If the file type is an executable,kfmclient may execute it.Opera will not save downloaded files with the...
Data URLs with executables and misleading download dialog
The data URL scheme allows authors to embed binary files,instead of using links to external files. Data URLscontaining file types that Opera can display are renderedinline; other file types will be handled by Opera'sdownload dialog. A bug in Opera's file download handling causes the downloaddialo...
Mandrake Linux Security Advisory : clamav (MDKSA-2006:138)
Damian Put discovered a boundary error in the UPX extraction module in ClamAV which is used to unpack PE Windows executables. This could be abused to cause a Denial of Service issue and potentially allow for the execution of arbitrary code with the permissions of the user running clamscan or clam...
WebEx Downloader Plug-in Code Execution Vulnerability
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of the WebEx Downloader Plug-in. Successful exploitation requires that the target user browse to a malicious web page. The specific flaws exists due to the lack of input validation on various ActiveX/Java...
CentOS 3 / 4 : ethereal (CESA-2005:687)
Updated Ethereal packages that fix various security vulnerabilities are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The ethereal package is a program for monitoring network traffic. A number of security flaws have been...
mozilla -- multiple vulnerabilities
A Mozilla Foundation Security Advisory reports of multiple issues. Several of which can be used to run arbitrary code with the privilege of the user running the program. MFSA 2006-29 Spoofing with translucent windows MFSA 2006-28 Security check of jsValueToFunctionObject can be circumvented MFSA...
Microsoft IIS Remote Denial of Service (DoS) .DLL Url exploit
Inge Henriksen Security Advisory - Full Disclosure Proof of Concept at http://ingehenriksen.blogspot.com/ Advisory Name: Microsoft IIS Remote Denial of Service DoS .DLL Url exploit Release Date: 16. Desember 2005 Vulnerable: Microsoft® Internet Information Server® V5.1 Not vulnerable: Microsoft®...
GLSA-200509-13 : Clam AntiVirus: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200509-13 Clam AntiVirus: Multiple vulnerabilities Clam AntiVirus is vulnerable to a buffer overflow in 'libclamav/upx.c' when processing malformed UPX-packed executables. It can also be sent into an infinite loop in...
SUSE-SA:2005:055: clamav
The remote host is missing the patch for the advisory SUSE-SA:2005:055 clamav. This update upgrades clamav to version 0.87. It fixes vulnerabilities in handling of UPX and FSG compressed executables, which could lead to a remote attacker executing code within the daemon using clamav. These are...
Clam AntiVirus contains a buffer overflow vulnerability
Overview A buffer overflow in Clam AntiVirus ClamAV may allow a remote attacker to execute arbitrary code. Description Clam AntiVirus is a UNIX-based, anti-virus toolkit often deployed with mail servers to detect malicious attachments. A signedness error in ClamAV libclamav/upx.c may allow a buff...
[ GLSA 200509-13 ] Clam AntiVirus: Multiple vulnerabilities
Gentoo Linux Security Advisory GLSA 200509-13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...
ethereal security update
CentOS Errata and Security Advisory CESA-2005:687 Updated Ethereal packages that fix various security vulnerabilities are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The ethereal package is a program for monitoring network...
DSA-743-1 ht - buffer overflows, integer overflows
Bulletin has no description...
BlueSoleil 1.4 - Object Push Service BlueTooth Arbitrary File Upload Directory Traversal
BlueSoleil 1.4 - Object Push Service BlueTooth Arbitrary File Upload Directory Traversal source: https://www.securityfocus.com/bid/12961/info BlueSoleil is prone to directory traversal attacks during Bluetooth file uploads. The issue exists in the Object Push Service. This vulnerability may allow...
Internet Security Systems BlackICE PC Protection 3.6 - Firewall.INI Local Buffer Overrun
Internet Security Systems BlackICE PC Protection 3.6 - Firewall.INI Local Buffer Overrun source: https://www.securityfocus.com/bid/10915/info It is reported that BlackICE PC Protection is prone to a local buffer overrun when handling excessive input in certain configuration directives parsed from...
ICQ Lite weak permissions
During installation Interactive Users: Full Control permission is added to executables directory...
ChiTeX/ChiLaTeX unsafe set-user-id root
Niels Heinen reports that ChiTeX installs set-user-id root executables that invoked system3 without setting up the environment, trivially allowing local root compromise...
Windows NT/2000/XP 16 bit executables protection bypass
16 bit application may be launched from another 16 bit application without have execution right...
CVE-2002-0077
Microsoft Internet Explorer 5.01, 5.5 and 6.0 treats objects invoked on an HTML page with the codebase property as part of Local Computer zone, which allows remote attackers to invoke executables present on the local system through objects such as the popup object, aka the "Local Executable...