270 matches found
Debian DSA-1425-1 : xulrunner - several vulnerabilities
Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-5947 Jesse Ruderman and Petko D. Petkov discovered that the URI handler for JAR archives...
ZDI-07-070: Skype skype4com URI Handler Remote Heap Corruption Vulnerability
ZDI-07-070: Skype skype4com URI Handler Remote Heap Corruption Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-07-070.html December 6, 2007 -- CVE ID: CVE-2007-5989 -- Affected Vendor: Skype -- Affected Products: Skype 3.6 GOLD -- TippingPointTM IPS Customer Protection: TippingPoint...
Skype URI Handler Remote Heap Corruption Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Skype. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the 'skype4com' URI handler created by Skype during...
VulnCheck KEV: CVE-2007-3896
The URL handling in Shell32.dll in the Windows shell in Microsoft Windows XP and Server 2003, with Internet Explorer 7 installed, allows remote attackers to execute arbitrary programs via invalid "%" sequences in a mailto: or other URI handler, as demonstrated using mIRC, Outlook, Firefox,...
Blue Coat ProxySG Management Console - URI Handler Multiple Cross-Site Scripting Vulnerabilities
Blue Coat ProxySG Management Console - URI Handler Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/26286/info Blue Coat ProxySG Management Console is prone to two cross-site scripting vulnerabilities because the application fails to properly sanitize...
Windows IE7 URI Handler command execution through Firefox
Added: 10/19/2007 CVE: CVE-2007-3896 BID: 25945 OSVDB: 41090 Background The shell32.dll library provides functions which handle interaction between Internet Explorer and the Windows shell. Problem The version of the shell32.dll library installed with Internet Explorer 7 does not properly validate...
Windows IE7 URI Handler command execution through Firefox
Added: 10/19/2007 CVE: CVE-2007-3896 BID: 25945 OSVDB: 41090 Background The shell32.dll library provides functions which handle interaction between Internet Explorer and the Windows shell. Problem The version of the shell32.dll library installed with Internet Explorer 7 does not properly validate...
Design/Logic Flaw
The URL handling in Shell32.dll in the Windows shell in Microsoft Windows XP and Server 2003, with Internet Explorer 7 installed, allows remote attackers to execute arbitrary programs via invalid "%" sequences in a mailto: or other URI handler, as demonstrated using mIRC, Outlook, Firefox, Adobe...
CVE-2007-3896
The URL handling in Shell32.dll in the Windows shell in Microsoft Windows XP and Server 2003, with Internet Explorer 7 installed, allows remote attackers to execute arbitrary programs via invalid "%" sequences in a mailto: or other URI handler, as demonstrated using mIRC, Outlook, Firefox, Adobe...
CVE-2007-3896
The URL handling in Shell32.dll in the Windows shell in Microsoft Windows XP and Server 2003, with Internet Explorer 7 installed, allows remote attackers to execute arbitrary programs via invalid "%" sequences in a mailto: or other URI handler, as demonstrated using mIRC, Outlook, Firefox, Adobe...
Microsoft Windows URI Handler Command Execution Vulnerability
Description Microsoft Windows XP and Server 2003 with Internet Explorer 7 is prone to a command-execution vulnerability because it fails to properly sanitize input. Successfully exploiting this issue allows remote attackers to execute arbitrary commands in the context of users that follow malicio...
iDefense Security Advisory 07.19.07: Multiple Vendor Multiple Product URI Handler Input Validation Vulnerability
Multiple Vendor Multiple Product URI Handler Input Validation Vulnerability iDefense Security Advisory 07.19.07 http://labs.idefense.com/intelligence/vulnerabilities/ Jul 19, 2007 I. BACKGROUND Microsoft Internet Explorer and Mozilla Firefox are the two most popular web browsers. Many people have...
Trillian 3.1.6.0 - URI Handler Remote Code Execution
Trillian 3.1.6.0 - URI Handler Remote Code Execution source: https://www.securityfocus.com/bid/24927/info Trillian is prone to remote command- and code-execution vulnerabilities because the application fails to properly handle user-supplied input via a registered URI. Successfully exploiting thes...
Trillian 3.1.6.0 - URI Handler Remote Code Execution
source: https://www.securityfocus.com/bid/24927/info Trillian is prone to remote command- and code-execution vulnerabilities because the application fails to properly handle user-supplied input via a registered URI. Successfully exploiting these issues allows attackers to execute arbitrary comman...
Microsoft Internet Explorer and Mozilla Firefox - URI Handler Command Injection
Microsoft Internet Explorer and Mozilla Firefox - URI Handler Command Injection source: https://www.securityfocus.com/bid/24837/info Microsoft Internet Explorer, Mozilla Firefox and Netscape Navigator are prone to a vulnerability that lets attackers inject commands through the 'firefoxurl' and...
Apple Safari 3 for Windows - Protocol Handler Command Injection
source: https://www.securityfocus.com/bid/24434/info Apple Safari for Windows is prone to a protocol handler command-injection vulnerability. Exploiting the issue allows remote attackers to pass arbitrary command-line arguments to any application that can be called through a protocol handler. Thi...
Cross site scripting
Cross-site scripting XSS vulnerability in the Fizzle 0.5 extension for Firefox allows remote attackers to inject arbitrary web script or HTML via RSS feeds, which are executed by the chrome: URI handler...
CVE-2007-1678
Cross-site scripting XSS vulnerability in the Fizzle 0.5 extension for Firefox allows remote attackers to inject arbitrary web script or HTML via RSS feeds, which are executed by the chrome: URI handler...
CVE-2007-1678
The CVE-2007-1678 entry concerns a Cross-site Scripting (XSS) vulnerability in the Firefox extension Fizzle 0.5. The issue arises when processing RSS feeds, whose content can be injected and is executed by the chrome: URI handler. The vulnerability affects the Fizzle 0.5 extension and enables rem...
Apache Tomcat JK Web Server Connector超长URL栈溢出漏洞
Apache Tomcat是一个流行的开放源码的JSP应用服务器程序。 Tomcat JK Web Server Connector的modjk.so库在处理超长畸形的URL时存在漏洞,远程攻击者可能利用此漏洞控制服务器。 Apache Tomcat JK Web Server Connector的modjk.so库URI处理器mapuritoworker是在native/common/jkuriworkermap.c文件中定义的。当该库在解析超过4095字节的超长URL请求时URI...