Sun Java Virtual Machine 1.x - Font.createFont Method Insecure Temporary File Creation

Sun Java Virtual Machine 1.x - Font.createFont Method Insecure Temporary File Creation source: https://www.securityfocus.com/bid/10685/info Sun Java Virtual Machine is a component of the Sun Java infrastructure that performs the handling of Java applets and other programs. It is available for Uni...

Mozilla Network Neighbourhood code execution

By using shell:NETHOOD URL it's possible to execute file from any Network Neighbourhood host...

Mozilla Browsers shell: URI Arbitrary Command Execution

The remote host is using Mozilla and/or Firefox, a web browser. The remote version of this software contains a weakness that could allow an attacker to execute arbitrary commands on the remote host. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid12642;...

CVE-2004-0431

Integer overflow in Apple QuickTime QuickTime.qts before 6.5.1 allows attackers to execute arbitrary code via a large "number of entries" field in the sample-to-chunk table data for a .mov movie file, which leads to a heap-based buffer overflow...

PHPX 3.x - news.php Cross-Site Request Forgery Arbitrary Command Execution

PHPX 3.x - news.php Cross-Site Request Forgery Arbitrary Command Execution source: https://www.securityfocus.com/bid/10284/info It has been reported that PHPX is affected by multiple administrator command execution vulnerabilities. These issues are due to a failure of the application to properly...

CVE-2004-1993

The patch to the checklogin function in omail.pl for omail webmail 0.98.5 is incomplete, which allows remote attackers to execute arbitrary commands via shell metacharacters such as "" backticks in the password...

Softwin BitDefender - AvxScanOnlineCtrl COM Object Arbitrary File Upload Execution

Softwin BitDefender - AvxScanOnlineCtrl COM Object Arbitrary File Upload Execution source: https://www.securityfocus.com/bid/10174/info Reportedly the BitDefender AvxScanOnlineCtrl COM object is affected by a file upload and execution vulnerability. This issue is due to a design error that allows...

CVE-2004-1876

The "%f" feature in the VirusEvent directive in Clam AntiVirus daemon clamd before 0.70 allows local users to execute arbitrary commands via shell metacharacters in a file name...

Load Sharing Facility multiple bugs

Code execution, DoS...

Leif Wright Web Blog blog.cgi ViewFile Request file Parameter Arbitrary Command Execution

The remote host is running LeifWright's blog.cgi - a CGI designed to handle personal web logs or 'blogs'. There is a bug in this software that could allow an attacker to execute arbitrary commands on the remote web server with the privileges of the web user. %NASLMINLEVEL 70300 C Tenable Network...

tcpdump contains vulnerability in ISAKMP decoding function rawprint() in print-isakmp.c

Overview tcpdump contains a vulnerability in the way it parses Internet Security Association and Key Management Protocol ISAKMP packets. Description tcpdump is a widely-used network sniffer that is capable of decoding ISAKMP packets. A vulnerability exists in the way the tcpdump rawprint function...

CVE-2003-1509

Real Networks RealOne Enterprise Desktop 6.0.11.774, RealOne Player 2.0, and RealOne Player 6.0.11.818 through RealOne Player 6.0.11.853 allows remote attackers to execute arbitrary script in the local security zone by embedding script in a temp file before the temp file is executed by the defaul...

Remote Code Execution in Knowledge Builder.

Remote Code Execution in Knowledge Builder. "Knowledge Builder" from www.activecampaign.com allows to execute code. Example: Create the following file on your webserver: ----index.php---- ? system$cmd; ? ----------------- And then type in the following URL:...

FVWM 2.42.5 - fvwm-menu-Directory Command Execution

FVWM 2.42.5 - fvwm-menu-Directory Command Execution source: https://www.securityfocus.com/bid/9161/info It has been reported that FVWM may be prone to a command execution vulnerability that may allow an attacker to execute malicious commands on a vulnerable system. It has been reported that the...

Microsoft Outlook Express 6.0 - .MHTML Forced File Execution (1)

Microsoft Outlook Express 6.0 - .MHTML Forced File Execution 1 source: https://www.securityfocus.com/bid/9105/info A vulnerability has been discovered in Microsoft Outlook Express when handling MHTML file and res URIs that could lead to an unexpected file being downloaded and executed. The proble...

Microsoft Outlook Express 6.0 - MHTML Forced File Execution (2)

Microsoft Outlook Express 6.0 - MHTML Forced File Execution 2 source: https://www.securityfocus.com/bid/9105/info A vulnerability has been discovered in Microsoft Outlook Express when handling MHTML file and res URIs that could lead to an unexpected file being downloaded and executed. The problem...

[SECURITY] [DSA-377-1] New wu-ftpd packages fix insecure program execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 377-1 [email protected] http://www.debian.org/security/ Matt Zimmerman September 4th, 2003 http://www.debian.org/security/faq -...

CVE-2003-0350

The control for listing accessibility options in the Accessibility Utility Manager on Windows 2000 ListView does not properly handle Windows messages, which allows local users to execute arbitrary code via a "Shatter" style message to the Utility Manager that references a user-controlled callback...

CVE-2003-0491

The Tutorials 2.0 module in XOOPS and E-XOOPS allows remote attackers to execute arbitrary code by uploading a PHP file without a MIME image type, then directly accessing the uploaded file...

[CLA-2003:665] Conectiva Security Announcement - kopete

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- CONECTIVA LINUX SECURITY ANNOUNCEMENT - -------------------------------------------------------------------------- PACKAGE : kopete SUMMARY : Remote command execution...