27 matches found
Symantec IM Manager IMAdminLDAPConfig.asp SQL injection
Added: 10/31/2011 CVE: CVE-2011-0553 BID: 49738 OSVDB: 75984 Background Symantec IM Manager is a solution for managing and securing instant-messaging traffic in an enterprise. Problem An SQL injection vulnerability in IMAdminLDAPConfig.asp allows remote, authenticated attackers to execute arbitra...
CVE-2008-3324
The PartyGaming PartyPoker client program 121/120 does not properly verify the authenticity of updates, which allows remote man-in-the-middle attackers to execute arbitrary code via a Trojan horse update...
Design/Logic Flaw
Nullsoft Winamp before 5.24 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning...
Design/Logic Flaw
Apple Mac OS X does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning...
Design/Logic Flaw
WinZip before 11.0 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning...
CVE-2008-3442
WinZip before 11.0 is affected. The vulnerability arises because updates are not properly authenticated, enabling a man‑in‑the‑middle to run arbitrary code via a Trojan horse update. Demonstrations referenced include evilgrade and DNS cache poisoning. No patch/version remediation details are prov...
CVE-2008-3439
CVE-2008-3439 affects SpeedBit Video Acceleration prior to 2.2.1.8. The vulnerability arises from improper verification of update authenticity, enabling a man‑in‑the‑middle to run arbitrary code via a Trojan‑horse update. Demonstrations linked to evilgrade and DNS cache poisoning illustrate the i...