Lucene search
+L

4 matches found

prion
prion
added 2009/06/16 9:0 p.m.13 views

Security feature bypass

Worldweaver DX Studio Player 3.0.29.0, 3.0.22.0, 3.0.12.0, and probably other versions before 3.0.29.1, when used as a plug-in for Firefox, does not restrict access to the shell.execute JavaScript API method, which allows remote attackers to execute arbitrary commands via a .dxstudio file that...

9.3CVSS7.9AI score0.40176EPSS
Exploits10References8Affected Software1
cvelist
cvelist
added 2009/06/16 8:26 p.m.32 views

CVE-2009-2011

Worldweaver DX Studio Player 3.0.29.0, 3.0.22.0, 3.0.12.0, and probably other versions before 3.0.29.1, when used as a plug-in for Firefox, does not restrict access to the shell.execute JavaScript API method, which allows remote attackers to execute arbitrary commands via a .dxstudio file that...

7.4AI score0.40176EPSS
Exploits10References8
cve
cve
added 2009/06/16 8:26 p.m.53 views

CVE-2009-2011

Summary (CVE-2009-2011) Worldweaver DX Studio Player plugin for Firefox (and related IE/Firefox contexts) is vulnerable to remote command execution via the shell.execute JavaScript API method. The issue affects DX Studio Player versions including 3.0.29.0, 3.0.22.0, 3.0.12.0 and likely other vers...

9.3CVSS7.5AI score0.40176EPSS
Exploits10References8Affected Software1
exploitdb
exploitdb
added 2009/06/10 12:0 a.m.62 views

Worldweaver DX Studio Player < 3.0.29.1 Firefox plugin - Command Injection

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ DX Studio Player Firefox plug-in command injection 1. Advisory Information Title: DX Studio Player Firefox plug-in command injection Advisory ID: CORE-2009-0521...

9.3CVSS6.4AI score0.40176EPSS
Exploits10
Rows per page
Query Builder