CLSA-2026-1767627264 openssh: Fix of CVE-2025-61985

CVE-2025-61985: potential code execution using the ‘\0’ character in an ssh:// URI, when a ProxyCommand is used...

openssh: OpenSSH: Null character in ssh:// URI can lead to code execution via ProxyCommand

A flaw was found in OpenSSH where the SSH client accepted \0 null characters in ssh:// URIs. When a ProxyCommand is configured, these characters could alter how the command is parsed, potentially leading to code execution depending on how the proxy is set up...

EUVD-2004-2365

Malware in sbrugna...

Microsoft Internet Explorer 5 Shell: IFrame Cross-Zone Scripting Vulnerability (2)

No description provided by source. source: http://www.securityfocus.com/bid/9628/info It has been alleged that Microsoft Internet Explorer is prone to a weakness that may potentially allow for the execution of hostile script code in the context of the My Computer Zone. This issue is related to ho...

CVE-2004-2373

The Buddy icon file for AOL Instant Messenger AIM 4.3 through 5.5 is created in a predictable location, which may allow remote attackers to use a shell: URI to exploit other vulnerabilities that involve predictable locations...

CVE-2004-2307

Microsoft Internet Explorer 6.0.2600 on Windows XP allows remote attackers to cause a denial of service browser crash via a shell: URI with double backslashes \ in an HTML tag such as IFRAME or A...

CVE-2004-2373

Technical details beyond the public description are not provided in the supplied documents; monitor for updates for potential details on affected products, versions, root cause, and remediation.

CVE-2004-2307

Microsoft Internet Explorer 6.0.2600 on Windows XP allows remote attackers to cause a denial of service browser crash via a shell: URI with double backslashes \ in an HTML tag such as IFRAME or A...

IE Shell URI Download and Execute, POC

Hello; Code is based on http://www.securityfocus.com/archive/1/367878 POC by Jelmer message. I just added a new feature "download" and then execute application. Also I use Wscript.Shell in Javascript instead of Shell.Application. 1- copy IPADDRESSNULLSHAREDFOLDERbad.exe stealth 2- Wait for downlo...

Mozilla fails to restrict access to the "shell:" URI handler

Overview A vulnerability in the way Mozilla and its derived programs handle certain types of links could allow an attacker to run local programs on a vulnerable system. Description Versions of the Mozilla, Firefox, and Thunderbird programs for Microsoft Windows will handle URIs of the form shell:...

PT-2004-1550 · Kde +1 · Konqueror +2

Name of the Vulnerable Software and Affected Versions: KDE versions 3.2.2 and earlier Description: The issue is related to the URI handlers in Konqueror, which do not properly filter "-" characters that begin a hostname in certain URIs, such as telnet, rlogin, ssh, or mailto. This allows remote...