7334 matches found
CVE-2005-4154
Unspecified vulnerability in PEAR installer 1.4.2 and earlier allows user-assisted attackers to execute arbitrary code via a crafted package that can execute code when the pear command is executed or when the Web/Gtk frontend is loaded...
CVE-2005-4154
Unspecified vulnerability in PEAR installer 1.4.2 and earlier allows user-assisted attackers to execute arbitrary code via a crafted package that can execute code when the pear command is executed or when the Web/Gtk frontend is loaded...
CVE-2005-4154
CVE-2005-4154 affects PEAR installer 1.4.2 and earlier. The vulnerability is described as unspecified and allows user-assisted attackers to execute arbitrary code via a crafted package that can run code when the pear command is executed or when the Web/Gtk frontend is loaded. Connected sources co...
CVE-2005-4021
The installer for Gallery 2.0 before 2.0.2 stores the install log under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information...
CVE-2005-4021
The installer for Gallery 2.0 before 2.0.2 stores the install log under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information...
CVE-2005-4021
CVE-2005-4021 affects Gallery 2.0 before 2.0.2. The install log is stored under the web document root with insufficient access control, enabling a remote attacker to retrieve sensitive information via a simple GET request. Nessus plugin NASL-21019 corroborates that the installation data directory...
CVE-2004-2635
The CVE-2004-2635 entry concerns an ActiveX control for McAfee Security Installer Control System 4.0.0.81. The vulnerability allows remote attackers to access the Windows registry via web pages that call the control’s RegQueryValue() method. Affected component: ActiveX control; root cause: regist...
CVE-2005-3761
Cross-site scripting XSS vulnerability in Exponent CMS 0.96.3 and later versions allows remote attackers to inject arbitrary web script or HTML via 1 Javascript in forms produced by the form generator or 2 the parameters to the installer...
CVE-2005-3761
Cross-site scripting XSS vulnerability in Exponent CMS 0.96.3 and later versions allows remote attackers to inject arbitrary web script or HTML via 1 Javascript in forms produced by the form generator or 2 the parameters to the installer...
pear-PEAR -- PEAR installer arbitrary code execution vulnerability
Gregory Beaver reports: A standard feature of the PEAR installer implemented in all versions of PEAR can lead to the execution of arbitrary PHP code upon running the "pear" command or loading the Web/Gtk frontend. To be vulnerable, a user must explicitly install a publicly released malicious...
USN-157-1: Mozilla Thunderbird vulnerabilities
Vladimir V. Perepelitsa discovered a bug in Thunderbird's handling of anonymous functions during regular expression string replacement. A malicious HTML email could exploit this to capture a random block of client memory. CAN-2005-0989 Georgi Guninski discovered that the types of certain XPInstal...
USN-155-1: Mozilla vulnerabilities
Secunia.com reported that one of the recent security patches in Firefox reintroduced the frame injection patch that was originally known as CAN-2004-0718. This allowed a malicious web site to spoof the contents of other web sites. CAN-2005-1937 It was discovered that a malicious website could...
security flaw
The installation confirmation dialog in Firefox before 1.0.1, Thunderbird before 1.0.1, and Mozilla before 1.7.6 allows remote attackers to use InstallTrigger to spoof the hostname of the host performing the installation via a long "user:pass" sequence in the URL, which appears before the real...
CVE-2004-2635
An ActiveX control for McAfee Security Installer Control System 4.0.0.81 allows remote attackers to access the Windows registry via web pages that use the control's RegQueryValue method...
AppServ 2.5.x and Prior Exploit
what AppServ ========== AppServ is the Apache/PHP/MySQL open source software installer packages. Objective : - Easy to buid Webserver and Database Server - For those who just beginning client/server programming. - For web programmers/developers using PHP & MySQL. - For programming techniques that...
CVE-2004-0906
CVE-2004-0906 is supported by multiple feeds: Mozilla’s XPInstall installer in Firefox (pre-Preview Release), Mozilla before 1.7.3, and Thunderbird before 0.8 sets insecure file permissions for files inside XPI packages. This can let a local user overwrite arbitrary files or execute code. Connect...
Mozilla Linux installer does not properly set file permissions
Overview Mozilla's Linux installers may not properly set file permissions on the installed program files. A local user may then be able to modify or replace these files with malicious versions. Description Some versions of Mozilla's Linux installer may create installation and program files with...
QNX Photon pkg-installer - '-s' Overflow
source: https://www.securityfocus.com/bid/11164/info Reportedly QNX Photon MicroGUI is affected by multiple buffer overflow vulnerabilities in MicroGUI utilities. These issues are due to a failure of the affected applications to validate user-supplied string lengths before copying them into finit...
Two Invision Power Board 1.1.x vulns
Hola, Invision Power Services have continued to show their amazing support and understanding for the security community by release two patches for their 'Invision Power Board' product now one of the most widely used 'Board' programs around. Without sending out any security mailing list...
CVE-2002-0622
The CVE-2002-0622 entry concerns the Office Web Components (OWC) package installer used with Microsoft Commerce Server 2000. The vulnerability allows remote attackers to execute commands by providing input to the OWC package installer (Command Execution via installer input). This is described as ...