Eudora 4.2/4.3可以被欺骗执行危险程序

当用户使用Eudora 4.2和4.3阅读邮件时，当试图打开可执行的附件程序时,正常情况下，eudora 会谈出一个警告框，显示正要打开一个可执行的文件。但是恶意用户可以通过一些手段欺骗eudora ,使用户打开可执行文件.exe,.com或者.bat时,eudora不会发出警告信息。 Qualcomm Eudora 4.3/4.2 - Microsoft Windows 98 - Microsoft Windows 95 - Microsoft Windows NT 4.0 临时解决方法： 编辑Eudora，在Settings栏中，添加下列行：...

Java Web Start Buffer overflow vulnerabilities (6557220)

Multiple buffer overflows in Sun Java Web Start in JDK and JRE 6 before Update 4, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.218 allow context-dependent attackers to gain privileges via an untrusted application, as demonstrated by a an application that grants itself...

JDK untrusted applet/application privilege escalation (6661918)

Unspecified vulnerability in the Virtual Machine in Sun Java Runtime Environment JRE in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.218 allows context-dependent attackers to gain privileges via an untrusted 1 application or 2 applet, as...

CVE-2008-3107

Unspecified vulnerability in the Virtual Machine in Sun Java Runtime Environment JRE in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.218 allows context-dependent attackers to gain privileges via an untrusted 1 application or 2 applet, as...

CVE-2008-3109

Unspecified vulnerability in scripting language support in Sun Java Runtime Environment JRE in JDK and JRE 6 Update 6 and earlier allows context-dependent attackers to gain privileges via an untrusted 1 application or 2 applet, as demonstrated by an application or applet that grants itself...

Design/Logic Flaw

Unspecified vulnerability in the Virtual Machine in Sun Java Runtime Environment JRE in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.218 allows context-dependent attackers to gain privileges via an untrusted 1 application or 2 applet, as...

CVE-2008-3109

Unspecified vulnerability in scripting language support in Sun Java Runtime Environment JRE in JDK and JRE 6 Update 6 and earlier allows context-dependent attackers to gain privileges via an untrusted 1 application or 2 applet, as demonstrated by an application or applet that grants itself...

Alibaba's Alipay controls exploit research-vulnerability warning-the black bar safety net

About Alibaba Alipay controls vulnerability, the network is also controversial. Some say that vulnerability exists, and some say does not exist, give me also don't know the letter who. However, no investigation has no say, or let our own go looking for the answer to the question. We first take a...

CVE-2008-0953

The StartApp function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to execute arbitrary programs via a .exe filename in the argument, a different vulnerability than CVE-2007-5608 and CVE-2008-0953...

Design/Logic Flaw

The StartApp function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to execute arbitrary programs via a .exe filename in the argument, a different vulnerability than CVE-2007-5608 and CVE-2008-0953...

CVE-2008-0953

The HP Instant Support HPISDataManager.dll ActiveX control (HPISDataManager, used by HP Online Support Services) contains multiple insecure methods (StartApp, DownloadFile, MoveFile, GetFileTime, ExtractCab, AppendStringToFile, RegistryString) that can be exploited by remote, unauthenticated atta...

Update Protections against Recent Malware Threats (25-May-08)

Malware is a software designed to infiltrate or damage a computer system without the owner's informed consent. It is a general name for a variety of forms of hostile, intrusive, or annoying programs like Viruses, worms, Adware, Trojans, and spyware that exploit unprotected clients, using network...

Homepage Builder sample CGI programs vulnerable to OS command injection

Overview Some of the CGI sample programs included in Homepage Builder provided by IBM Japan contains a vulnerability which may allow an attacker to inject an arbitrary OS command. According to the vendor, it is confirmed that vulnerable CGI sample programs are not included in the demo versions of...

CVE-2007-5803

Multiple cross-site scripting XSS vulnerabilities in CGI programs in Nagios before 2.12 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2007-5624 and CVE-2008-1360...

CVE-2007-5803

Multiple cross-site scripting XSS vulnerabilities in CGI programs in Nagios before 2.12 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2007-5624 and CVE-2008-1360...

[SECURITY] Fedora 8 Update: nagios-2.11-3.fc8

Nagios is a program that will monitor hosts and services on your network. It has the ability to send email or page alerts when a problem arises and when a problem is resolved. Nagios is written in C and is designed to run under Linux and some other NIX variants as a background process,...

Command injection

comix 3.6.4 allows attackers to execute arbitrary commands via a filename containing shell metacharacters that are not properly sanitized when executing the rar, unrar, or jpegtran programs...

cPanel 11.x => List Directories and Folders

Hello,, I Discovered a new bug in cPanel to show the directions Folders Only on the server in Disk Usage part for example, I tried to see the folders in /etc and it worked ! that would show you a list of directions of folders and that including programes on the server, this could be dangerous ! t...

java-1.5.0 Privilege escalation via unstrusted applet and application

Multiple unspecified vulnerabilities in the Java Runtime Environment in Sun JDK and JRE 6 Update 1 and earlier, and 5.0 Update 13 and earlier, allow context-dependent attackers to gain privileges via an untrusted 1 application or 2 applet, as demonstrated by an application or applet that grants...

SuSE 10 Security Update : gvim and vim (ZYPP Patch Number 4821)

Vim allows to open content via external programs if the argument contains a 'http:' sub-string. It insecurely invoked external web browsers to fetch the remote content. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...