8215 matches found
Plugins can be used to load privileged content — Mozilla
Plugins such as flash can be used to load privileged content into a frame. Once loaded various spoofs can be applied to get the user to interact with the privileged content. Michael Krax's "Fireflashing" example demonstrates that an attacker can open about:config in a frame, hide it with an opaci...
glFTPD FTP server plugin directory traversal
Обратный путь в каталогах в плагинах sitenfo.sh, sitezipchk.sh, siteziplist.sh...
glFTPd 1.x2.0 ZIP Plugins - Multiple Directory Traversal Vulnerabilities
glFTPd 1.x2.0 ZIP Plugins - Multiple Directory Traversal Vulnerabilities source: https://www.securityfocus.com/bid/12586/info It is reported that various ZIP related plugins supplied with the server contain multiple directory traversal vulnerabilities. These issues may allow remote attackers to...
glFTPd 1.x/2.0 'ZIP' Plugins - Multiple Directory Traversal Vulnerabilities
source: https://www.securityfocus.com/bid/12586/info It is reported that various ZIP related plugins supplied with the server contain multiple directory traversal vulnerabilities. These issues may allow remote attackers to determine the existence of files on a computer and also disclose arbitrary...
GAIM information leak
IRC plugins registers user's IP and accoun...
CVE-2003-0142
Adobe Acrobat Reader acroread 6, under certain circumstances when running with the "Certified plug-ins only" option disabled, loads plug-ins with signatures used for older versions of Acrobat, which can allow attackers to cause Acrobat to enter Certified mode and run untrusted plugins by modifyin...
CVE-2003-0142
Adobe Acrobat Reader acroread 6, under certain circumstances when running with the "Certified plug-ins only" option disabled, loads plug-ins with signatures used for older versions of Acrobat, which can allow attackers to cause Acrobat to enter Certified mode and run untrusted plugins by modifyin...
CVE-2003-0142
Adobe Acrobat/Reader (acroread) 6 is affected by a plugin-signature bypass vulnerability when the product runs with the default settings allowing untrusted non-certified plug-ins. The issue arises from loading signatures used for older Acrobat versions and manipulating the CTIsCertifiedMode funct...
Mac OS X LDAP plugins transmit user credentials in clear text
Overview Versions 10.2 and later of Apple's MacOS X operating system include support for the Lightweight Directory Access Protocol LDAP. A vulnerability in the way some of these versions of MacOS X handle authentication in certain environments could expose user's passwords in plaintext as they're...
Nessus 2.0.x - LibNASL Arbitrary Code Execution
source: https://www.securityfocus.com/bid/7664/info Nessus has reported that various flaws have been discovered in the 'libnasl' library used by the Nessus application. As a result, a malicious NASL script may be able to break outside of the established sandbox environment and execute arbitrary...
CVE-2000-0965
The NSAPI plugins for TGA and the Java Servlet proxy in HP-UX VVOS 10.24 and 11.04 allows an attacker to cause a denial of service high CPU utilization...
CVE-2000-0965
The CVE-2000-0965 entry affects HP-UX VVOS 10.24 and 11.04, where the NSAPI plugins for TGA and the Java Servlet proxy are the vulnerable components. The underlying issue is a condition that allows an attacker to cause a denial of service via high CPU utilization. No explicit remediation or patch...
Kuang2 the Virus Detection
Kuang2 the Virus was found. Kuang2 the Virus is a program that infects all the executables on the system, as well as set up a server that allows the remote control of the computer. The client program allows files to be browsed, uploaded, downloaded, hidden, etc on the infected machine. The client...
Netscape Communicator 4.064.54.64.514.61 - EMBED Buffer Overflow
Netscape Communicator 4.064.54.64.514.61 - EMBED Buffer Overflow / source: https://www.securityfocus.com/bid/618/info In several versions of Netscape Communicator, there is an unchecked buffer in the code that handles EMBED tags. The buffer is in the 'plugins page' option. This vulnerability can ...
BEA Weblogic Multiple Buffer Overflow Vulnerabilities
Advisory ID Internal CORE-081300 Bugtraq ID: 1570 CVE Name: CVE-2000-0681 Title: BEA Weblogic Multiple Buffer Overflow Vulnerabilities Class: Boundary Error Condition Buffer Overflow Remotely Exploitable: Yes Locally Exploitable: Yes Vulnerability Description: BEA Systems Inc. Weblogic server...