KVIrc 3.4.2 Shiny - URI handler Remote Command Execution

KVIrc 3.4.2 Shiny - URI handler Remote Command Execution Heaven and Earth are impartial They see the ten thousand things as straw dogs The wise are impartial/a...

KVIrc 3.4.2 Shiny (uri handler) Remote Command Execution Exploit

Exploit for unknown platform in category remote exploits ================================================================ KVIrc 3.4.2 Shiny uri handler Remote Command Execution Exploit ================================================================ Heaven and Earth are impartial They see the ten...

KVIrc 3.4.2 Shiny - URI handler Remote Command Execution

Heaven and Earth are impartial They see the ten thousand things as straw dogs The wise are impartial a href='ircs6://...

Exodus im:// URI处理器命令行参数注入漏洞

BUGTRAQ ID: 32330 Exodus是用Borland Delphi编写的免费即时消息客户端，可连接到Jabber服务器并与其他Jabber用户通讯。 Exodus客户端错误地相信了通过im:// URI所接收到的参数，如果用户受骗跟随了特制的URI的话就可能导致覆盖系统上的任意文件。 Exodus 0.10 Exodus ------ 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://code.google.com/p/exodus/ im:///'%20-?...

Exodus 0.10 - URI Handler Arbitrary Parameter Injection (2)

Exodus 0.10 - URI Handler Arbitrary Parameter Injection 2 testfile echo Dim wshShell testfile echo Set wshShell = CreateObject"WScript.Shell" testfile echo wshShell.Run"cmd /c start calc" testfile echo ^ testfile nc -L -s 192.168.0.1 -p 5222 -vv click me click me milw0rm.com 2008-11-20...

Exodus 0.10 - URI Handler Arbitrary Parameter Injection (2)

testfile echo Dim wshShell testfile echo Set wshShell = CreateObject"WScript.Shell" testfile echo wshShell.Run"cmd /c start calc" testfile echo ^ testfile nc -L -s 192.168.0.1 -p 5222 -vv click me click me milw0rm.com 2008-11-20...

Exodus v0.10 uri handler arbitrary parameter injection

-------------------------------------------------------------------------------- Exodus v0.10 uri handler arbitrary parameter injection by Nine:Situations:Group::strawdog tested against IE8b/xpsp3 may not work against non-English systems because of an installation bug...

Exodus 0.10 - URI Handler Arbitrary Parameter Injection (1)

Exodus 0.10 - URI Handler Arbitrary Parameter Injection 1 -------------------------------------------------------------------------------- Exodus v0.10 uri handler arbitrary parameter injection by Nine:Situations:Group::strawdog tested against IE8b/xpsp3 may not work against non-English systems...

Exodus 0.10 - URI Handler Arbitrary Parameter Injection (1)

-------------------------------------------------------------------------------- Exodus v0.10 uri handler arbitrary parameter injection by Nine:Situations:Group::strawdog tested against IE8b/xpsp3 may not work against non-English systems because of an installation bug...

RHEL 2.1 / 3 / 4 / 5 : lynx (RHSA-2008:0965)

An updated lynx package that corrects two security issues is now available for Red Hat Enterprise Linux 2.1, 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Lynx is a text-based Web browser. An arbitrary command execution flaw was...

lynx security update

CentOS Errata and Security Advisory CESA-2008:0965 An updated lynx package that corrects two security issues is now available for Red Hat Enterprise Linux 2.1, 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Lynx is a text-based W...

Format string

Format string vulnerability in the URI handler in KVirc 3.4.0, when set as the default application for processing IRC URIs, allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via format string specifiers in the irc:// URI...

CVE-2008-4748

Format string vulnerability in the URI handler in KVirc 3.4.0, when set as the default application for processing IRC URIs, allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via format string specifiers in the irc:// URI...

CVE-2008-4748

KVirc 3.4.0 is affected by a format-string vulnerability in the URI handler when KVirc is set as the default application for processing irc:// URIs. The flaw allows a remote attacker to cause a denial of service (application crash) and potentially execute arbitrary code via format specifiers in t...

Important: Red Hat Security Advisory: lynx security update

An updated lynx package that corrects two security issues is now available for Red Hat Enterprise Linux 2.1, 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Lynx is a text-based Web browser. An arbitrary command execution flaw was...

CVE-2008-3007

Argument injection vulnerability in a URI handler in Microsoft Office XP SP3, 2003 SP2 and SP3, 2007 Office System Gold and SP1, and Office OneNote 2007 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted onenote:// URL, aka "Uniform Resource Locator Validation Error...

Design/Logic Flaw

Argument injection vulnerability in a URI handler in Microsoft Office XP SP3, 2003 SP2 and SP3, 2007 Office System Gold and SP1, and Office OneNote 2007 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted onenote:// URL, aka "Uniform Resource Locator Validation Error...

CVE-2008-3007

Argument injection vulnerability in a URI handler in Microsoft Office XP SP3, 2003 SP2 and SP3, 2007 Office System Gold and SP1, and Office OneNote 2007 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted onenote:// URL, aka "Uniform Resource Locator Validation Error...

CVE-2008-3007

CVE-2008-3007 describes an argument-injection vulnerability in the OneNote URI handler (onenote://) affecting Microsoft Office OneNote 2007 (and related Office XP/2003/2007 versions). The root cause is a Uniform Resource Locator validation error in the OneNote URL handler that can be triggered by...

Lotus Expeditor cai URI handler command injection

Added: 06/20/2008 CVE: CVE-2008-1965 BID: 28926 OSVDB: 44868 Background Lotus Expeditor is a desktop integration framework used by Lotus products including Lotus Symphony. Problem Lotus Expeditor registers a handler for cai: URIs which passes arbitrary arguments to rcplauncher.exe. This allows...