Command-line handling on Linux allows shell execution — Mozilla

URLs passed to Linux versions of Firefox and Thunderbird on the command-line were not correctly protected against interpretation by the shell. As a result a malicious URL can result in the execution of shell commands with the privileges of the user. If Firefox is set as the default handler for we...

CVE-2004-2442

Multiple interpretation error in various F-Secure Anti-Virus products, including Workstation 5.43 and earlier, Windows Servers 5.50 and earlier, MIMEsweeper 5.50 and earlier, Anti-Virus for Linux Servers and Gateways 4.61 and earlier, and other products, allows remote attackers to bypass antiviru...

CVE-2004-2442

CVE-2004-2442 covers a multiple interpretation error in several F-Secure Anti-Virus products (including Workstation 5.43 and earlier, Windows Servers 5.50 and earlier, MIMEsweeper 5.50 and earlier, and Anti-Virus for Linux/Gateways 4.61 and earlier). The issue allows remote attackers to bypass an...

Multiple web browsers do not properly interpret BASE and FORM elements when displaying URLs in the status bar

Overview Multiple web browsers do not properly display the location of HTML documents in the status bar. An attacker could exploit this behavior to mislead users into revealing sensitive information. Description Web browsers frequently display the Uniform Resource Locator URL in the status bar wh...

AOL Instant Messenger ASCII-Symbol Interpretation Denial of Service

Binary data 1258.prm...

SeaMonkey < 1.1.10 Multiple Vulnerabilities

Binary data 4568.prm...

Microsoft Internet Explorer 5.0.1 - Wildcard DNS Cross-Site Scripting

Microsoft Internet Explorer 5.0.1 - Wildcard DNS Cross-Site Scripting source: https://www.securityfocus.com/bid/10554/info Microsoft Internet Explorer is reported to contain a cross-site scripting vulnerability for sites that have a wildcard DNS entry. A web server with a wildcard DNS entry will...

Important: Red Hat Security Advisory: ghostscript security update

Updated packages are available for GNU Ghostscript, which fix a vulnerability found during PostScript interpretation. Ghostscript is a program for displaying PostScript files or printing them to non-PostScript printers. An untrusted PostScript file can cause ghostscript to execute arbitrary...

Important: Red Hat Security Advisory: : Ghostscript command execution vulnerability

Updated packages are available for GNU Ghostscript which fix a vulnerability found during Postscript interpretation. Ghostscript is a program for displaying PostScript files or printing them to non-PostScript printers. An untrusted PostScript file can cause ghostscript to execute arbitrary comman...

Дырка в Oracle WebDB

часть URL интерпретируется как SQL-запрос. Кроме того, по-умолчанию устанавливается административный доступ без пароля...