trick software vulnerabilities
vulnerabilities.aspcode.net
Searching trick software vulnerabilities
Mozilla Firefox before the Preview Release, Moz
Release
|
Preview
|
Mozilla
|
Firefox
|
before
|
Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 may allow remote attackers to trick users into performing unexpected actions, including installing software, via signed scripts that request enhanced abilities using the enablePrivilege parameter, then modify the meaning of certain security-relevant dialog messages.
Mozilla before 1.6 does not display the entire
facilitate
|
attackers
|
untrusted
|
clicking
|
contains
|
phishing
|
attacks
|
unknown
|
display
|
Mozilla
|
remote
|
before
|
entire
|
status
|
trick
|
sites
|
users
|
which
|
could
|
allow
|
link
|
does
|
into
|
not
|
URL
|
%00
|
bar
|
Mozilla before 1.6 does not display the entire URL in the status bar when a link contains %00, which could allow remote attackers to trick users into clicking on unknown or untrusted sites and facilitate phishing attacks.
Opera Web Browser 7.0 through 7.23 allows remot
Browser
|
through
|
Opera
|
Web
|
Opera Web Browser 7.0 through 7.23 allows remote attackers to trick users into executing a malicious file by embedding a CLSID in the file name, which causes the malicious file to appear as a trusted file type, aka "File Download Extension Spoofing."
Mozilla Firefox before 1.0 truncates long filen
downloading
|
extensions
|
filenames
|
dangerous
|
attackers
|
truncates
|
download
|
Firefox
|
Mozilla
|
remote
|
easier
|
before
|
dialog
|
files
|
users
|
trick
|
which
|
makes
|
file
|
long
|
into
|
box
|
Mozilla Firefox before 1.0 truncates long filenames in the file download dialog box, which makes it easier for remote attackers to trick users into downloading files with dangerous extensions.
Internet Explorer 6 on Windows XP SP2 allows re
unknowledgeable
|
createElement
|
demonstrated
|
containing
|
executing
|
arbitrary
|
attackers
|
possibly
|
function
|
download
|
Explorer
|
Internet
|
element
|
Windows
|
warning
|
onclick
|
bypass
|
remote
|
allows
|
dialog
|
using
|
trick
|
body
|
code
|
user
|
into
|
page
|
file
|
SP2
|
web
|
via
|
tag
|
Internet Explorer 6 on Windows XP SP2 allows remote attackers to bypass the file download warning dialog and possibly trick an unknowledgeable user into executing arbitrary code via a web page with a body element containing an onclick tag, as demonstrated using the createElement function.
Yahoo! Messenger 6.0.0.1750, and possibly other
Messenger
|
Yahoo
|
Yahoo! Messenger 6.0.0.1750, and possibly other versions before 6.0.0.1921, does not properly display long filenames in file dialog boxes, which could allow remote attackers to trick users into downloading and executing programs via file names containing a large number of spaces and multiple file extensions.
BibORB 1.3.2, and possibly earlier versions, do
BibORB
|
BibORB 1.3.2, and possibly earlier versions, does not properly enforce a restriction for uploading only PDF and PS files, which allows remote attackers to upload arbitrary files that are presented to other users with PDF or PS icons, which may trick some users into downloading and executing those files.
Opera 7.54 and earlier does not properly valida
Opera
|
Opera 7.54 and earlier does not properly validate base64 encoded binary data in a data: (RFC 2397) URL, which causes the URL to be obscured in a download dialog, which may allow remote attackers to trick users into executing arbitrary code.
Firefox before 1.0.1 and Mozilla before 1.7.6 a
Firefox
|
before
|
Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to spoof the extensions of files to download via the Content-Disposition header, which could be used to trick users into downloading dangerous content.
Firefox before 1.0.1 allows remote attackers to
Firefox
|
before
|
Firefox before 1.0.1 allows remote attackers to spoof the (1) security and (2) download modal dialog boxes, which could be used to trick users into executing script or downloading and executing a file, aka "Firespoofing."
Groove Virtual Office before 3.1 build 2338, be
Virtual
|
before
|
Office
|
Groove
|
build
|
Groove Virtual Office before 3.1 build 2338, before 3.1a build 2364, and Groove Workspace before 2.5n build 1871 does not properly display file extensions on attached or embedded files in a compound document, which may allow remote attackers to trick users into executing malicious code.
Opera 8.01, when the "Arial Unicode MS" font (A
Opera
|
Opera 8.01, when the "Arial Unicode MS" font (ARIALUNI.TTF) is installed, does not properly handle extended ASCII characters in the file download dialog box, which allows remote attackers to spoof file extensions and possibly trick users into executing arbitrary code.
Opera before 8.50 allows remote attackers to sp
before
|
Opera
|
Opera before 8.50 allows remote attackers to spoof the content type of files via a filename with a trailing "." (dot), which might allow remote attackers to trick users into processing dangerous content.
The LDAP client on Microsoft Windows 2000 befor
Microsoft
|
Windows
|
client
|
LDAP
|
The LDAP client on Microsoft Windows 2000 before Update Rollup 1 for SP4 accepts certificates using LDAP Secure Sockets Layer (LDAPS) even when the Certificate Authority (CA) is not trusted, which could allow attackers to trick users into believing that they are accessing a trusted site.
OpenOffice.org 2.0 and earlier, when hyperlinks
OpenOfficeorg
|
WWW-browser
|
hyperlinks
|
attackers
|
bypassing
|
Hyperlink
|
clicking
|
security
|
settings
|
disabled
|
intended
|
earlier
|
prevent
|
easier
|
dialog
|
button
|
trick
|
which
|
makes
|
does
|
been
|
user
|
into
|
has
|
not
|
OpenOffice.org 2.0 and earlier, when hyperlinks has been disabled, does not prevent the user from clicking the WWW-browser button in the Hyperlink dialog, which makes it easier for attackers to trick the user into bypassing intended security settings.
Hummingbird Collaboration (aka Hummingbird Ente
Collaboration
|
Hummingbird
|
Hummingbird Collaboration (aka Hummingbird Enterprise Collaboration) 5.21 and earlier allows remote attackers to misrepresent the type and name of a file via modified doc_ext and id parameters, which might trick a user into downloading dangerous or unexpected content.
Unspecified vulnerability in Safari, LaunchServ
LaunchServices
|
vulnerability
|
Unspecified
|
CoreTypes
|
and/or
|
Safari
|
Apple
|
Mac
|
Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type. NOTE: due to the lack of specific information in the vendor advisory, it is not clear how CVE-2006-0397, CVE-2006-0398, and CVE-2006-0399 are different.
Unspecified vulnerability in util.php in Galler
authenticated
|
vulnerability
|
Unspecified
|
modifying
|
executing
|
involving
|
arbitrary
|
possibly
|
Gallery
|
152-pl2
|
utilphp
|
vectors
|
crafted
|
before
|
stored
|
allows
|
remote
|
trick
|
users
|
album
|
owner
|
link
|
file
|
data
|
into
|
code
|
via
|
Unspecified vulnerability in util.php in Gallery before 1.5.2-pl2 allows remote authenticated users with trick an owner into modifying stored album data and possibly executing arbitrary code via unspecified vectors involving a crafted link to a crafted file.
CRLF injection vulnerability in Utils.py in Mai
vulnerability
|
administrator
|
return/line
|
attackers
|
malicious
|
injection
|
sequences
|
messages
|
carriage
|
visiting
|
possibly
|
Utilspy
|
Mailman
|
219rc1
|
before
|
remote
|
allows
|
spoof
|
trick
|
error
|
feed
|
CRLF
|
into
|
URLs
|
URI
|
log
|
via
|
CRLF injection vulnerability in Utils.py in Mailman before 2.1.9rc1 allows remote attackers to spoof messages in the error log and possibly trick the administrator into visiting malicious URLs via a carriage return/line feed sequences in the URI.
Mozilla Firefox does not properly manage a dela
confirmation
|
confirming
|
execution
|
attackers
|
properly
|
Firefox
|
Mozilla
|
dialogs
|
"dialog
|
refocus
|
remote
|
action
|
unsafe
|
manage
|
users
|
timer
|
delay
|
might
|
which
|
trick
|
allow
|
bug"
|
does
|
file
|
used
|
into
|
such
|
aka
|
not
|
Mozilla Firefox does not properly manage a delay timer used in confirmation dialogs, which might allow remote attackers to trick users into confirming an unsafe action, such as remote file execution, aka the "dialog refocus bug."
Software vulnerabilities results 1 to 20 of 40
Page:
1
2
3
►