Microsoft Office OCX ActiveX controls OpenWebFile program execution

Added: 01/30/2009 BID: 33243 Background Microsoft Office OCX is a suite of ActiveX document containers to create, open, edit, and print Microsoft Office files. Problem A vulnerability in multiple Office OCX ActiveX controls allows a web page to execute remote programs using the OpenWebFile method...

Microsoft Office OCX ActiveX controls OpenWebFile program execution

Added: 01/30/2009 BID: 33243 Background Microsoft Office OCX is a suite of ActiveX document containers to create, open, edit, and print Microsoft Office files. Problem A vulnerability in multiple Office OCX ActiveX controls allows a web page to execute remote programs using the OpenWebFile method...

php and asp use the Shell. Application to program execution-vulnerability warning-the black bar safety net

On the use of the Shell. Application to execute the program in Hai Duong to the top of the asp Trojan is with an example. With ShellExecute this method. Today tried it with the open also can. the php code is as follows, I feel like I haven't in the php webshell to see Related methods ? php $wsh =...

Design/Logic Flaw

Untrusted search path vulnerability in valgrind before 3.4.0 allows local users to execute arbitrary programs via a Trojan horse .valgrindrc file in the current working directory, as demonstrated using a malicious --db-command options. NOTE: the severity of this issue has been disputed, but CVE i...

CVE-2008-4699

Insecure method vulnerability in the ActiveX control PAWWeb11.ocx in Peachtree Accounting 2004 allows remote attackers to execute arbitrary programs via the ExecutePreferredApplication method...

Image hijacking application-vulnerability warning-the black bar safety net

Usually wesince the start of the is mostly by the registry startup items, folders, startup items, services start, etc., however there is a people do not common since the start of the method, he is different from the file Association start, he was able to hijack a specific program, it explained fr...

Debian Security Advisory DSA 639-1 (mc)

The remote host is missing an update to mc announced via advisory DSA 639-1. OpenVAS Vulnerability Test $Id: deb6391.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 639-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

Debian: Security Advisory (DSA-639-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2007-6950 · Invensys · Invensys Wonderware Intouch

Name of the Vulnerable Software and Affected Versions: Invensys Wonderware InTouch version 8.0 Description: The issue allows remote authenticated attackers, and possibly anonymous users, to execute arbitrary programs due to insecure permissions set on a NetDDE share. Recommendations: For Invensys...

CVE-2007-4891

CVE-2007-4891 concerns the PDWizard.ocx ActiveX control in Microsoft Visual Studio 6.0. Affected component: PDWizard.ocx (Visual Studio 6.0) with versions 6.0.0.9782 and earlier. Root cause: the PDWizard.ocx ActiveX control exposes dangerous methods (StartProcess, SyncShell, SaveAs, CABDefaultURL...

USN-493-1: Firefox vulnerabilities

A flaw was discovered in handling of "about:blank" windows used by addons. A malicious web site could exploit this to modify the contents, or steal confidential data such as passwords, of other web pages. CVE-2007-3844 Jesper Johansson discovered that spaces and double-quotes were not correctly...

Ipswitch IMail IMAP SEARCH Buffer Overflow

This module exploits a stack buffer overflow in Ipswitch IMail Server 2006.1 IMAP SEARCH verb. By sending an overly long string, an attacker can overwrite the buffer and control program execution. In order for this module to be successful, the IMAP user must have at least one message. This module...

CVE-2007-0161

The CVE-2007-0161 entry concerns the HP PML Driver HPZ12 (HPZipm12.exe) used in HP all‑in‑one drivers. It states that insecure SERVICE_CHANGE_CONFIG DACL permissions on the driver allow a local user to gain privileges and run arbitrary programs by modifying the binpath, a scenario related to CVE-...

Novell NetMail IMAP SUBSCRIBE Buffer Overflow

This module exploits a stack buffer overflow in Novell's NetMail 3.52 IMAP SUBSCRIBE verb. By sending an overly long string, an attacker can overwrite the buffer and control program execution. This module requires Metasploit: https://metasploit.com/download Current source:...

Novell NetMail IMAP STATUS Buffer Overflow

This module exploits a stack buffer overflow in Novell's NetMail 3.52 IMAP STATUS verb. By sending an overly long string, an attacker can overwrite the buffer and control program execution. This module requires Metasploit: https://metasploit.com/download Current source:...

Debian DSA-949-1 : crawl - insecure program execution

Steve Kemp from the Debian Security Audit project discovered a security related problem in crawl, another console based dungeon exploration game in the vein of nethack and rogue. The program executes commands insecurely when saving or loading games which can allow local attackers to gain group...

Debian DSA-1021-1 : netpbm-free - insecure program execution

Max Vozeler from the Debian Audit Project discovered that pstopnm, a converter from Postscript to the PBM, PGM and PNM formats, launches Ghostscript in an insecure manner, which might lead to the execution of arbitrary shell commands, when converting specially crafted Postscript files...

[SA21620] AIX mkvg Insecure Program Execution Vulnerability

TITLE: AIX mkvg Insecure Program Execution Vulnerability SECUNIA ADVISORY ID: SA21620 VERIFY ADVISORY: http://secunia.com/advisories/21620/ CRITICAL: Less critical IMPACT: Privilege escalation WHERE: Local system OPERATING SYSTEM: AIX 5.x http://secunia.com/product/213/ DESCRIPTION: A security...

Cross site scripting

Cross-site scripting XSS vulnerability in vtibin/vtiadm/fpadmdll.dll in Microsoft FrontPage Server Extensions 2002 and SharePoint Team Services allows remote attackers to inject arbitrary web script or HTML, then leverage the attack to execute arbitrary programs or create new accounts, via the 1...

Code injection

Client Firewall in NCP Network Communication Secure Client 8.11 Build 146, and possibly other versions, allows local users to bypass firewall program execution rules by replacing an allowed program with an arbitrary program...