11 matches found
Worldweaver DX Studio Player <= 3.0.29 shell.execute() Command Execution
No description provided by source. $Id: dxstudioplayerexec.rb 9375 2010-05-26 22:39:56Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms ...
Worldweaver DX Studio Player 3.0.29 - 'shell.execute()' Command Execution (Metasploit)
$Id: dxstudioplayerexec.rb 9375 2010-05-26 22:39:56Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
Worldweaver DX Studio Player shell.execute() Command Execution
This module exploits a command execution vulnerability within the DX Studio Player from Worldweaver for versions 3.0.29 and earlier. The player is a browser plugin for IE ActiveX and Firefox dll. When an unsuspecting user visits a web page referring to a specially crafted .dxstudio document, an...
Worldweaver DX Studio Player <= 3.0.29 shell.execute() Command Execution
$Id: dxstudioplayerexec.rb 8541 2010-02-17 20:14:40Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
Security feature bypass
Worldweaver DX Studio Player 3.0.29.0, 3.0.22.0, 3.0.12.0, and probably other versions before 3.0.29.1, when used as a plug-in for Firefox, does not restrict access to the shell.execute JavaScript API method, which allows remote attackers to execute arbitrary commands via a .dxstudio file that...
CVE-2009-2011
Summary (CVE-2009-2011) Worldweaver DX Studio Player plugin for Firefox (and related IE/Firefox contexts) is vulnerable to remote command execution via the shell.execute JavaScript API method. The issue affects DX Studio Player versions including 3.0.29.0, 3.0.22.0, 3.0.12.0 and likely other vers...
CVE-2009-2011
Worldweaver DX Studio Player 3.0.29.0, 3.0.22.0, 3.0.12.0, and probably other versions before 3.0.29.1, when used as a plug-in for Firefox, does not restrict access to the shell.execute JavaScript API method, which allows remote attackers to execute arbitrary commands via a .dxstudio file that...
PT-2009-4465 · Mozilla +1 · Firefox +1
Name of the Vulnerable Software and Affected Versions: Worldweaver DX Studio Player versions prior to 3.0.29.1 Description: The issue allows remote attackers to execute arbitrary commands via a .dxstudio file that invokes the shell.execute JavaScript API method, due to a lack of access restrictio...
DX Studio Player < 3.0.29.1 Firefox plug-in Command Injection Vuln
No description provided by source. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ DX Studio Player Firefox plug-in command injection 1. Advisory Information Title: DX Studio Player Firefox plug-in command injectio...
Worldweaver DX Studio Player 3.0.29.1 Firefox plugin - Command Injection
Worldweaver DX Studio Player 3.0.29.1 Firefox plugin - Command Injection -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ DX Studio Player Firefox plug-in command injection 1. Advisory Information Title: DX Studio...
Worldweaver DX Studio Player < 3.0.29.1 Firefox plugin - Command Injection
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ DX Studio Player Firefox plug-in command injection 1. Advisory Information Title: DX Studio Player Firefox plug-in command injection Advisory ID: CORE-2009-0521...