Lotus Expeditor cai URI handler command injection

Added: 06/20/2008 CVE: CVE-2008-1965 BID: 28926 OSVDB: 44868 Background Lotus Expeditor is a desktop integration framework used by Lotus products including Lotus Symphony. Problem Lotus Expeditor registers a handler for cai: URIs which passes arbitrary arguments to rcplauncher.exe. This allows...

Lotus Expeditor cai URI handler command injection

Added: 06/20/2008 CVE: CVE-2008-1965 BID: 28926 OSVDB: 44868 Background Lotus Expeditor is a desktop integration framework used by Lotus products including Lotus Symphony. Problem Lotus Expeditor registers a handler for cai: URIs which passes arbitrary arguments to rcplauncher.exe. This allows...

Lotus Expeditor cai URI handler command injection

Added: 06/20/2008 CVE: CVE-2008-1965 BID: 28926 OSVDB: 44868 Background Lotus Expeditor is a desktop integration framework used by Lotus products including Lotus Symphony. Problem Lotus Expeditor registers a handler for cai: URIs which passes arbitrary arguments to rcplauncher.exe. This allows...

XChat <= 2.8.7b (URI Handler) Remote Code Execution Exploit (ie6/ie7)

No description provided by source. Xchat = 2.8.7b Remote Code Execution tested on Windows XP SP1+SP2+SP3, IE6 & IE7 fully patched Vendor : http://xchat.org/ Affected Os : Windows Risk : critical This bug is related to the URI Handler vulnerability but the approch is a bit different. We don't use...

XChat <= 2.8.7b (URI Handler) Remote Code Execution Exploit (ie6/ie7)

Exploit for unknown platform in category remote exploits ===================================================================== XChat Welcome to my personal webs...

xchat-exec.txt

Xchat Welcome to my personal website document.location='ircs://[email protected]" --command "shell calc"'...

XChat 2.8.7b - URI Handler Remote Code Execution (Internet Explorer 67)

XChat 2.8.7b - URI Handler Remote Code Execution Internet Explorer 67 Xchat Welcome to my personal website document.location='ircs://[email protected]" --command "shell calc"' milw0rm.com 2008-06-13...

XChat 2.8.7b - &#039;URI Handler&#039; Remote Code Execution (Internet Explorer 6/7)

Xchat Welcome to my personal website document.location='ircs://[email protected]" --command "shell calc"' milw0rm.com 2008-06-13...

Skype file:// URI处理器绕过安全限制漏洞

BUGTRAQ ID: 29553 CVECAN ID: CVE-2008-1805 Skype是一款流行的P2P VoIP软件，可提供高质量的语音通讯服务。 Skype的file:// URI处理器在处理可执行的下载时存在漏洞，攻击者可能利用此漏洞绕过检查过滤。 Skype的file://...

Lotus Expeditor code execution

cai: URI handler allows code exectuion from any SMB share...

Lotus expeditor rcplauncher uri handler vulnerability

Hello Lotus expeditor rcplauncher registers a cai: uri handler. This handler executes "D:Program FilesIBMLotusSymphonyframeworkrcprcplauncher.exe" -config notes -com.ibm.rcp.portal.app.uiopenCA "1" the rcplauncher process accepts various arguments which can be abused to execute arbitrary code. Th...

Design/Logic Flaw

Argument injection vulnerability in the cai: URI handler in rcplauncher in IBM Lotus Expeditor Client for Desktop 6.1.1 and 6.1.2, as used by Lotus Symphony and possibly other products, allows remote attackers to execute arbitrary code by injecting a -launcher option via a cai: URI, as demonstrat...

CVE-2008-1965

Argument injection vulnerability in the cai: URI handler in rcplauncher in IBM Lotus Expeditor Client for Desktop 6.1.1 and 6.1.2, as used by Lotus Symphony and possibly other products, allows remote attackers to execute arbitrary code by injecting a -launcher option via a cai: URI, as demonstrat...

CVE-2008-1965

IBM Lotus Expeditor's cai: URI handler in rcplauncher (used by Lotus Expeditor Client for Desktop 6.1.1/6.1.2 and Lotus Symphony) is vulnerable: a crafted cai: URI can inject -launcher to rcplauncher.exe, enabling remote code execution with the user's privileges. The attack relies on loading a sp...

lotus-exec.txt

Hello, I have found that the lotus expeditor rcplauncher as installed by lotus symphony and possibly other products, registers a cai: uri handler. This handler executes "D:\Program Files\IBM\Lotus\Symphony\framework\rcp\rcplauncher.exe" -config notes -com.ibm.rcp.portal.app.uiopenCA "%1" the...

CVE-2008-0582

CVE-2008-0582 affects Skype on Windows (versions 3.1–3.6.0.244). The issue is a cross-zone scripting vulnerability in the Internet Explorer web control used by SkypeFind, allowing an attacker to inject script/HTML into the Local Machine Zone via the Full Name field of a reviewer in a business ite...

Debian Security Advisory DSA 1425-1 (xulrunner)

The remote host is missing an update to xulrunner announced via advisory DSA 1425-1. OpenVAS Vulnerability Test $Id: deb14251.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1425-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

Design/Logic Flaw

Unspecified vulnerability in the skype4com URI handler in Skype before 3.6 GOLD allows remote attackers to execute arbitrary code via "short string values" that result in heap corruption...

CVE-2007-5989

Unspecified vulnerability in the skype4com URI handler in Skype before 3.6 GOLD allows remote attackers to execute arbitrary code via "short string values" that result in heap corruption...

CVE-2007-5989

The CVE-2007-5989 issue affects Skype