KVIrc URI Handler Argument Injection Vulnerability

This host has KVIrc installed and is prone to Argument Injection vulnerability. OpenVAS Vulnerability Test $Id: secpodkvircarginjvulnwin.nasl 5055 2017-01-20 14:08:39Z teissa $ KVIrc URI Handler Argument Injection Vulnerability Authors: Antu Sanadi Copyright c 2009 SecPod, http://www.secpod.com...

KVIrc URI Handler Argument Injection Vulnerability

KVIrc is prone to an argument injection vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2008-7070

Argument injection vulnerability in the URI handler in KVIrc 3.4.2 Shiny allows remote attackers to execute arbitrary commands via a " quote followed by command line switches in a 1 irc:///, 2 irc6:///, 3 ircs:///, or 4 and ircs6:/// URI. NOTE: this might be due to an incomplete fix for...

Design/Logic Flaw

Argument injection vulnerability in the URI handler in KVIrc 3.4.2 Shiny allows remote attackers to execute arbitrary commands via a " quote followed by command line switches in a 1 irc:///, 2 irc6:///, 3 ircs:///, or 4 and ircs6:/// URI. NOTE: this might be due to an incomplete fix for...

CVE-2008-7070

Argument injection vulnerability in the URI handler in KVIrc 3.4.2 Shiny allows remote attackers to execute arbitrary commands via a " quote followed by command line switches in a 1 irc:///, 2 irc6:///, 3 ircs:///, or 4 and ircs6:/// URI. NOTE: this might be due to an incomplete fix for...

CVE-2008-7070

Argument injection vulnerability in the URI handler in KVIrc 3.4.2 Shiny allows remote attackers to execute arbitrary commands via a " quote followed by command line switches in a 1 irc:///, 2 irc6:///, 3 ircs:///, or 4 and ircs6:/// URI. NOTE: this might be due to an incomplete fix for...

CVE-2008-7070

The CVE-2008-7070 entry describes an Argument injection vulnerability in the KVIrc 3.4.2 Shiny URI handler that allows remote attackers to execute arbitrary commands by supplying a quote followed by command line switches in URI schemes such as irc:///, irc6:///, ircs:///, or ircs6:///. This align...

CVE-2008-7070

Argument injection vulnerability in the URI handler in KVIrc 3.4.2 Shiny allows remote attackers to execute arbitrary commands via a " quote followed by command line switches in a 1 irc:///, 2 irc6:///, 3 ircs:///, or 4 and ircs6:/// URI. NOTE: this might be due to an incomplete fix for...

Mandriva Linux Security Advisory : lynx (MDVSA-2008:218)

A vulnerability was found in the Lynxcgi: URI handler that could allow an attacker to create a web page redirecting to a malicious URL that would execute arbitrary code as the user running Lynx, if they were using the non-default Advanced user mode CVE-2008-4690. This update corrects these issues...

FreeBSD : URI handler vulnerabilities in several browsers (df333ede-a8ce-11d8-9c6d-0020ed76ef5a)

Karol Wiesek and Greg MacManus reported via iDEFENSE that the Opera web browser contains a flaw in the handling of certain URIs. When presented with these URIs, Opera would invoke external commands to process them after some validation. However, if the hostname component of a URI begins with a -'...

Design/Logic Flaw

Multiple argument injection vulnerabilities in PPLive.exe in PPLive 1.9.21 and earlier allow remote attackers to execute arbitrary code via a UNC share pathname in the LoadModule argument to the 1 synacast, 2 Play, 3 pplsv, or 4 ppvod URI handler. NOTE: some of these details are obtained from thi...

CVE-2009-1087

CVE-2009-1087 affects PPLive and its PPLive.exe component up to version 1.9.21. The vulnerability is caused by multiple argument injection flaws in the LoadModule URI handler used by several components (synacast, Play, pplsv, ppvod), allowing remote attackers to execute arbitrary code via a UNC s...

PPLive URI处理器LoadModule参数多个代码执行漏洞

BUGTRAQ ID: 34128 PPLive是非常流行的P2P网络视频客户端。 PPLive的synacast://、Play://、pplsv://和ppvod:// URI处理器在评估命令行参数时没有正确地验证URI参数，如果用户受骗跟随的链接中包含有特制的/LoadModule参数的话，就可能导致Internet Explorer加载远程VNC路径所指定的dll。 聚力传媒 PPLive = 1.9.21 厂商补丁： 聚力传媒 -------- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本：...

RedHat Update for lynx RHSA-2008:0965-01

Check for the Version of lynx OpenVAS Vulnerability Test RedHat Update for lynx RHSA-2008:0965-01 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms o...

Internet Explorer 8 Spoof

IE8 beta RC1 res://ieframe.dll/acrerror.htm Spoff Vendor page: www.microsoft.com Advisore:http://lostmon.blogspot.com/ 2009/03/ie8-beta-rc1-resieframedllacrerrorhtm.html vendor notify:yes exploit available:yes Internet explorer 8 has a flaw that allows remote users to spooff the domain name in...

Megacubo 5.0.7 (mega://) Remote eval() Injection Exploit

No description provided by source. !-- Megacubo 5.0.7 mega:// remote eval injection exploit by Nine:Situations:Group::pyrokinesis site: http://retrogod.altervista.org/ tested against Internet Explorer 8 beta 2/xp sp 3 software site: http://www.megacubo.net/tv/ download url:...

KVIrc 3.4.2 Shiny (uri handler) remote command execution exploit

!-- KVIrc 3.4.2 Shiny uri handler remote command execution exploit by Nine:Situations:Group::strawdog Tested against IE8beta/WINxpsp3 software site: http://www.kvirc.net/?lang=en description: "KVIrc is a Multilanguage, graphical IRC-Client for Windows, Linux, Unix and Mac OS..." A command line...

Exodus 0.10 (uri handler) Arbitrary Parameter Injection Exploit

No description provided by source. !-- Exodus v0.10 remote code execution exploit by Nine:Situations:Group::strawdog This uses the "-l" argument to overwrite a file inside Microsoft Help and Support Center folders oh rgod... Firstly run netcat in listen mode to drop the vbscript shell run this...

KVIrc 3.4.2 Shiny (uri handler) Remote Command Execution Exploit

No description provided by source. !-- KVIrc 3.4.2 Shiny uri handler remote command execution exploit by Nine:Situations:Group::strawdog Tested against IE8beta/WINxpsp3 software site: http://www.kvirc.net/?lang=en description: "KVIrc is a Multilanguage, graphical IRC-Client for Windows, Linux, Un...

kvirc-exec.txt

Heaven and Earth are impartial They see the ten thousand things as straw dogs The wise are impartial...