2394 matches found
Design/Logic Flaw
The URL handling in Shell32.dll in the Windows shell in Microsoft Windows XP and Server 2003, with Internet Explorer 7 installed, allows remote attackers to execute arbitrary programs via invalid "%" sequences in a mailto: or other URI handler, as demonstrated using mIRC, Outlook, Firefox, Adobe...
CVE-2007-3896
The URL handling in Shell32.dll in the Windows shell in Microsoft Windows XP and Server 2003, with Internet Explorer 7 installed, allows remote attackers to execute arbitrary programs via invalid "%" sequences in a mailto: or other URI handler, as demonstrated using mIRC, Outlook, Firefox, Adobe...
Code injection
inc/exif.inc.php in Original Photo Gallery 0.11.2 and earlier allows remote attackers to execute arbitrary programs via the exifprog parameter, which is specified in an exec function call...
CVE-2007-5224
The CVE-2007-5224 entry affects Original Photo Gallery 0.11.2 and earlier. Affected file: inc/exif.inc.php; the exif_prog parameter is used inside an exec() call without proper sanitization, allowing remote attackers to execute arbitrary commands on the server. This is described in multiple sourc...
Cart32 Arbitrary File Download Vulnerability
======================================================================== = Cart32 Arbitrary File Download Vulnerability = = Vendor Website: = http://www.cart32.com = = Affected Version: = -- All releases prior to and including v6.3 = = Public disclosure on Thursday 4th October 2007 =...
CVE-2007-4891
A certain ActiveX control in PDWizard.ocx 6.0.0.9782 and earlier in Microsoft Visual Studio 6.0 exposes dangerous 1 StartProcess, 2 SyncShell, 3 SaveAs, 4 CABDefaultURL, 5 CABFileName, and 6 CABRunFile methods, which allows remote attackers to execute arbitrary programs and have other impacts, as...
Code injection
A certain ActiveX control in PDWizard.ocx 6.0.0.9782 and earlier in Microsoft Visual Studio 6.0 exposes dangerous 1 StartProcess, 2 SyncShell, 3 SaveAs, 4 CABDefaultURL, 5 CABFileName, and 6 CABRunFile methods, which allows remote attackers to execute arbitrary programs and have other impacts, as...
USN-503-1: Thunderbird vulnerabilities
Various flaws were discovered in the layout and JavaScript engines. By tricking a user into opening a malicious email, an attacker could execute arbitrary code with the user's privileges. Please note that JavaScript is disabled by default for emails, and it is not recommended to enable it...
SeaMonkey < 1.1.4 Multiple Vulnerabilities
The installed version of SeaMonkey allows unescaped URIs to be passed to external programs, which could lead to execution of arbitrary code on the affected host subject to the user's privileges, and could also allow privilege escalation attacks against addons that create 'about:blank' windows and...
Design/Logic Flaw
Unspecified vulnerability in the dynamic tracing framework DTrace on Sun Solaris 10 before 20070730 allows local users with PRIVDTRACEUSER privileges to cause a denial of service panic or hang via unspecified use of certain DTrace programs...
Mozilla Foundation Security Advisory 2007-27
Mozilla Foundation Security Advisory 2007-27 Title: Unescaped URIs passed to external programs Impact: Critical Announced: July 30, 2007 Reporter: Jesper Johansson Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 2.0.0.6 Thunderbird 2.0.0.6 Thunderbird 1.5.0.13 SeaMonkey 1.1.4...
Unescaped URIs passed to external programs — Mozilla
Jesper Johansson pointed out that Mozilla did not percent-encode spaces and double-quotes in URIs handed off to external programs for handling, which can cause the receiving program to mistakenly interpret a single URI as multiple arguments. The danger depends on the arguments supported by the...
CVE-2007-3679
The Citrix EPA ActiveX control aka the "endpoint checking control" or CCAOControl Object before 4.5.0.0 in npCtxCAO.dll in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1 allows remote attackers to download and execute arbitrary programs onto a client syste...
[Full-disclosure] More URI Handling Vulnerabilites (FireFox Remote Command Execution)
Internet Explorer has received a lot of attention lately for the way it handles requests for external URIs.... Nate and I have warned that IE isn't the only browser with URI handling issues.... I've posted a PoC for remote command execution in Firefox 2.0.0.5, Netscape Navigator 9, and mozilla at...
GLSA-200707-04 : GNU C Library: Integer overflow
The remote host is affected by the vulnerability described in GLSA-200707-04 GNU C Library: Integer overflow Tavis Ormandy of the Gentoo Linux Security Team discovered a flaw in the handling of the hardware capabilities mask by the dynamic loader. If a mask is specified with a high population...
CVE-2007-3285
Mozilla Firefox before 2.0.0.5, when run on Windows, allows remote attackers to bypass file type checks and possibly execute programs via a 1 file:/// or 2 resource: URI with a dangerous extension, followed by a NULL byte %00 and a safer extension, which causes Firefox to treat the requested file...
[SECURITY] Fedora Core 5 Update: postgresql-8.1.9-1.fc5
PostgreSQL is an advanced Object-Relational database management system DBMS that supports almost all SQL constructs including transactions, subselects and user-defined types and functions. The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DB...
RHEL 3 / 4 / 5 : vixie-cron (RHSA-2007:0345)
Updated vixie-cron packages that fix a denial of service issue are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The vixie-cron package contains the Vixie version of cron. Cron is a standard UNIX daemon that runs specified...
JVN#81294906 Homepage Builder sample CGI programs vulnerable to OS command injection
Among sample CGI programs included in Homepage Builder, anketo.cgi, kansou.cgi, and order.cgi contain an OS command injection vulnerability as they do not properly validate input data. Impact An arbitrary command could be executed on the web server with the privilege of the web server process...
Update Protection against Sun Java GIF Image Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Sun Java Runtime Environment JRE. The Sun Java Runtime Environment allows users to run Java applications in a browser or as standalone programs. A remote attacker can exploit this issue to take complete control over an affected system...