libzmq4 -- V3 protocol handler vulnerable to downgrade attacks

Pieter Hintjens reports: It is easy to bypass the security mechanism in 4.1.0 and 4.0.5 by sending a ZMTP v2 or earlier header. The library accepts such connections without applying its security mechanism...

Samsung Galaxy KNOX Android Browser - Remote Code Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'digest/md5' class Metasploit3 0|1 if an HTTP request has been made to download a payload of that ID attrreader :servedpayloads def...

Samsung Galaxy KNOX Android Browser Remote Code Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'digest/md5' class Metasploit3 0|1 if an HTTP request has been made to download a payload of that ID attrreader :servedpayloads def...

Samsung Galaxy KNOX Android Browser RCE

A vulnerability exists in the KNOX security component of the Samsung Galaxy firmware that allows a remote webpage to install an APK with arbitrary permissions by abusing the 'smdm://' protocol handler registered by the KNOX component. The vulnerability has been confirmed in the Samsung Galaxy S4,...

Apple Safari 3 for Windows Protocol Handler Command Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/24434/info Apple Safari for Windows is prone to a protocol handler command-injection vulnerability. Exploiting the issue allows remote attackers to pass arbitrary command-line arguments to any application that can be call...

Adobe Flash Player 8.0.34.0/9.0.x main.swf baseurl Parameter asfunction: Protocol Handler XSS

No description provided by source. source: http://www.securityfocus.com/bid/26949/info Adobe Flash Player is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code i...

Microsoft Internet Explorer 6.0 mms Protocol Handler Executable Command Line Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10879/info A vulnerability has been reported to exist in Microsoft Internet Explorer that may allow remote attackers to pass arbitrary command line arguments to an application associated with the mms: URI protocol handler...

Microsoft Windows XP HCP URI Handler Abuse Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5478/info Microsoft Internet Explorer on Windows XP comes equipped with a protocol handler for the 'Help and Support Center' application. The protocol handler may be specified in links, and when such a link is submitted b...

Microsoft Netmeeting 2.1/3.0.1 4.4.3385 CALLTO URL Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7639/info It has been reported that clicking a malformed 'callto:' URI in Internet Explorer will cause Windows 2000 systems to crash, resulting in a blue screen. This appears to be due to a boundary condition error in one...

Adobe Reader Denial of Service & Code Execution Vulnerabilities - Mac OS X

Adobe Reader is prone to denial of service and code execution vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Pidgin for Windows URL Handling Remote Code Execution Vulnerability

Talos Vulnerability Report VRT-2013-1003 Pidgin for Windows URL Handling Remote Code Execution Vulnerability January 26, 2014 CVE Number CVE-2013-6486 Description An exploitable remote code execution vulnerability exists in Pidgin’s implementation of HTTP URL handling. An attacker can supply a...

CVE-2013-5406

Multiple cross-site scripting XSS vulnerabilities in IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters, leading to improper interaction with the Windows MHTML protocol handler...

CVE-2013-5406

Multiple cross-site scripting XSS vulnerabilities in IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters, leading to improper interaction with the Windows MHTML protocol handler...

Oracle Linux 4 : pidgin (ELSA-2008-1023)

From Red Hat Security Advisory 2008:1023 : Updated Pidgin packages that fix several security issues and bugs are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Pidgin is a multi-protocol...

CVE-2013-1085

Stack-based buffer overflow in the nim: protocol handler in Novell GroupWise Messenger 2.04 and earlier, and Novell Messenger 2.1.x and 2.2.x before 2.2.2, allows remote attackers to execute arbitrary code via an import command containing a long string in the filename parameter...

Stack overflow

Stack-based buffer overflow in the nim: protocol handler in Novell GroupWise Messenger 2.04 and earlier, and Novell Messenger 2.1.x and 2.2.x before 2.2.2, allows remote attackers to execute arbitrary code via an import command containing a long string in the filename parameter...

Steam Gaming Platform Vulnerable to Remote Exploits; 50 Million at Risk

More than 50 million users of the Steam gaming and media distribution platform are at risk for remote compromise because of weaknesses in the platform’s URL protocol handler, a pair of researchers at ReVuln wrote in a paper released this week. Luigi Auriemma and Donato Ferrante discovered a numbe...

Symantec Norton AntiVirus Protocol Handler (HCP) Code Execution Vulnerability

This host is installed with Symantec Norton AntiVirus and is prone to remote code execution vulnerability. OpenVAS Vulnerability Test $Id: gbsymantecnortonavprotocolhandlercodeexecvuln.nasl 6018 2017-04-24 09:02:24Z teissa $ Symantec Norton AntiVirus Protocol Handler HCP Code Execution...

Symantec Norton AntiVirus Protocol Handler (HCP) Code Execution Vulnerability

Symantec Norton AntiVirus is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

AVG Anti-Virus 'hcp://' Protocol Handler Remote Code Execution Vulnerability

The host is installed with AVG Anti-Virus and is prone to remote code execution vulnerability. OpenVAS Vulnerability Test $Id: gbavgantivirusremotecodeexecvuln.nasl 5956 2017-04-14 09:02:12Z teissa $ AVG Anti-Virus 'hcp://' Protocol Handler Remote Code Execution Vulnerability Authors: Madhuri D...