CVE-2007-4960

Argument injection vulnerability in the Linden Lab Second Life secondlife:// protocol handler, as used in Internet Explorer and possibly Firefox, allows remote attackers to obtain sensitive information via a '" ' double-quote space sequence followed by the -autologin and -loginuri arguments, whic...

WinSCP < 4.0.4 URL Protocol Handler Arbitrary File Transfer

Binary data 4214.prm...

WinSCP &lt; 4.04 url protocol handler flaw

-Affected products: WinSCP 4.03 and older -Details: By default WinSCP installs url protocol handlers for the scp:// and sftp:// protocols. These could be used by malicious web content to automatically upload any file from the local system to a remote server, or automatically download files from a...

Mozilla Firefox URI filtering vulnerability

Overview Mozilla Firefox does not filter input when sending certain URIs to registered protocol handlers. This may allow a remote, authenticated attacker to use Firefox as a vector for executing commands on a vulnerable system. Description A Uniform Resource Identifier URI is a string of characte...

Microsoft Internet Explorer 0-day vulnerability

Unfiltered shell characters on executed URL: protocol application handler...

Buffer overflow

Buffer overflow in the AOL Instant Messenger AIM protocol handler in AIM.DLL in Cerulean Studios Trillian allows remote attackers to execute arbitrary code via a malformed aim: URI, as demonstrated by a long URI beginning with the aim:///1111111/ substring...

CVE-2007-3832

Buffer overflow in the AOL Instant Messenger AIM protocol handler in AIM.DLL in Cerulean Studios Trillian allows remote attackers to execute arbitrary code via a malformed aim: URI, as demonstrated by a long URI beginning with the aim:///1111111/ substring...

CVE-2007-3833

The AOL Instant Messenger AIM protocol handler in Cerulean Studios Trillian allows remote attackers to create files with arbitrary contents via certain aim: URIs, as demonstrated by a URI that begins with the "aim: &c:" substring and contains a full pathname in the ini field. NOTE: this can be...

Microsoft Windows "MHTML" protocol handler fails to properly handle URL redirections

Overview Microsoft Windows "MHTML" protocol handler fails to properly interpret URL redirections, which may cause information disclosure. Description The Microsoft Windows "MHTML" protocol handler contains an information disclosure vulnerability in the way that it interprets URL redirections. The...

Microsoft Windows "MHTML" protocol handler fails to properly interpret HTTP header

Overview Microsoft Windows "MHTML" protocol handler fails to properly interpret HTTP headers, which may cause information disclosure. Description The Microsoft Windows "MHTML" protocol handler contains an information disclosure vulnerability in the way that it interprets HTTP headers. The "MHTML"...

CVE-2007-2227

The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition "notifications," which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "Content Disposition Parsing Cross Doma...

CVE-2007-2227

The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition "notifications," which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "Content Disposition Parsing Cross Doma...

Apple Safari 3 for Windows - Protocol Handler Command Injection

source: https://www.securityfocus.com/bid/24434/info Apple Safari for Windows is prone to a protocol handler command-injection vulnerability. Exploiting the issue allows remote attackers to pass arbitrary command-line arguments to any application that can be called through a protocol handler. Thi...

Safari for Windows, 0day URL protocol handler command injection

Apple released version 3 of their popular Safari web browser today, with the added twist of offering both an OS X and a Windows version. Given that Apple has had a lousy track record with security on OS X, in addition to a hostile attitude towards security researchers, a lot of people are expecti...

Multiple HyperAccess telnet / ssh terminal security vulnerabilities

Code execution with .HAW files and telnet: protocol handler...

Ubuntu 4.10 : gaim vulnerabilities (USN-85-1)

The Gaim developers discovered that the HTML parser did not sufficiently validate its input. This allowed a remote attacker to crash the Gaim client by sending certain malformed HTML messages. CAN-2005-0208, CAN-2005-0473 Another lack of sufficient input validation was found in the 'Oscar' protoc...

gaim security update

CentOS Errata and Security Advisory CESA-2005:627 Merged security bulletin from advisories: https://lists.centos.org/pipermail/centos-announce/2005-August/074197.html https://lists.centos.org/pipermail/centos-announce/2005-August/074198.html...

FreeBSD : gaim -- MSN denial-of-service vulnerabilities (f2d6a5e1-26b9-11d9-9289-000c41e2cdad)

The Gaim team discovered denial-of-service vulnerabilities in the MSN protocol handler : After accepting a file transfer request, Gaim will attempt to allocate a buffer of a size equal to the entire filesize, this allocation attempt will cause Gaim to crash if the size exceeds the amount of...

CVE-2004-1171

KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are 1 manually entered by the user or 2 created by the SMB protocol handler, stores those credentials for plaintext in the user's .desktop file, which may be created with world-readable permissions, which could allow local users to...

Microsoft Internet Explorer 6 - mms Protocol Handler Executable Command Line Injection

source: https://www.securityfocus.com/bid/10879/info A vulnerability has been reported to exist in Microsoft Internet Explorer that may allow remote attackers to pass arbitrary command line arguments to an application associated with the mms: URI protocol handler. Windows Media Player is the...