Searching untrusted software vulnerabilities

MSHTML.DLL in Internet Explorer 5.0 allows a re

"untrusted | described | intrinsic | MSHTMLDLL | Internet | Explorer | scripted | attacker | variant | control | upload | remote | allows | paste" | paste | file | name | into |

MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to paste a file name into the file upload intrinsic control, a variant of "untrusted scripted paste" as described in MS:MS98-013.


Untrusted search path vulnerability in day5data

day5datacopier | vulnerability | environment | arbitrary | malicious | Untrusted | variable | modified | commands | execute | program | search | points | allows | local | users | path | IRIX | via | SGI |

Untrusted search path vulnerability in day5datacopier in SGI IRIX 6.2 allows local users to execute arbitrary commands via a modified PATH environment variable that points to a malicious cp program.


The wrapper program in mailman 2.0beta3 and 2.0

privileges | untrusted | properly | cleanse | strings | mailman | program | wrapper | 20beta3 | 20beta4 | allows | format | local | users | which | gain | does | not |

The wrapper program in mailman 2.0beta3 and 2.0beta4 does not properly cleanse untrusted format strings, which allows local users to gain privileges.


Untrusted search path vulnerability in Pedro Li

vulnerability | chetcpasswd | Untrusted | search | Lineu | Pedro | path | Orso |

Untrusted search path vulnerability in Pedro Lineu Orso chetcpasswd 2.4.1 and earlier allows local users to gain privileges via a modified PATH that references a malicious cp binary. NOTE: this issue might overlap CVE-2006-6639.


Sun Java Runtime Environment (JRE) and SDK 1.4.

Environment | Runtime | Java | Sun |

Sun Java Runtime Environment (JRE) and SDK 1.4.0_01 and earlier allows untrusted applets to access certain information within trusted applets, which allows attackers to bypass the restrictions of the Java security model.


Mozilla Firefox before the Preview Release, Moz

Release | Preview | Mozilla | Firefox | before |

Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows untrusted Javascript code to read and write to the clipboard, and possibly obtain sensitive information, via script-generated events such as Ctrl-Ins.


Untrusted execution path vulnerability in chcod

vulnerability | Untrusted | execution | chcod | path | IBM | AIX |

Untrusted execution path vulnerability in chcod on AIX IBM 5.1.0, 5.2.0, and 5.3.0 allows local users to execute arbitrary programs by modifying the PATH environment variable to point to a malicious "grep" program, which is executed from chcod.


Untrusted execution path vulnerability in the P

vulnerability | execution | Untrusted | daemon | PPPoE | path |

Untrusted execution path vulnerability in the PPPoE daemon (PPPoEd) in QNX RTP 6.1 allows local users to execute arbitrary programs by modifying the PATH environment variable to point to a malicious mount program.


Mozilla before 1.6 does not display the entire

facilitate | attackers | untrusted | clicking | contains | phishing | attacks | unknown | display | Mozilla | remote | before | entire | status | trick | sites | users | which | could | allow | link | does | into | not | URL | %00 | bar |

Mozilla before 1.6 does not display the entire URL in the status bar when a link contains %00, which could allow remote attackers to trick users into clicking on unknown or untrusted sites and facilitate phishing attacks.


Argument injection vulnerability in Java Web St

vulnerability | injection | Argument | Start | J2SE | Java | Web |

Argument injection vulnerability in Java Web Start for J2SE 1.4.2 up to 1.4.2_06 allows untrusted applications to gain privileges via the value parameter of a property tag in a JNLP file.


The ij_untrusted_url function in JunkBuster 2.0

ij_untrusted_url | single-threaded | JunkBuster | overwrite | attackers | referrer | function | request | crafted | enabled | 202-r2 | allows | remote | field | HTTP | mode | via |

The ij_untrusted_url function in JunkBuster 2.0.2-r2, with single-threaded mode enabled, allows remote attackers to overwrite the referrer field via a crafted HTTP request.


Untrusted search path vulnerability in the crtt

vulnerability | Untrusted | Neutrino | command | crttrap | search | RTOS | path | QNX |

Untrusted search path vulnerability in the crttrap command in QNX Neutrino RTOS 6.2.1 allows local users to load arbitrary libraries via a LD_LIBRARY_PATH environment variable that references a malicious library.


Unspecified vulnerability in Java 1.3.1 before

vulnerability | Unspecified | Java |

Unspecified vulnerability in Java 1.3.1 before 1.3.1_16 on Apple Mac OS X allows an untrusted applet to gain privileges, related to "Mac OS X specific extensions."


The Java extensions for QuickTime 6.52 and earl

extensions | QuickTime | Java |

The Java extensions for QuickTime 6.52 and earlier in Apple Mac OS X 10.3.9 allow untrusted applets to call arbitrary functions in system libraries, which allows remote attackers to execute arbitrary code.


Unspecified vulnerability in BEA WebLogic Serve

vulnerability | applications | Unspecified | untrusted | WebLogic | identity | server's | unknown | vectors | Express | attack | allows | Server | obtain | SP5 | SSL | BEA | via |

Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 8.1 SP5 allows untrusted applications to obtain the server's SSL identity via unknown attack vectors.


Untrusted search path vulnerability in acctctl

vulnerability | Untrusted | acctctl | search | path | AIX | IBM |

Untrusted search path vulnerability in acctctl in IBM AIX 5.3.0 allows local users to execute arbitrary commands by modifying the path to point to a malicious mkdir program.


Untrusted search path vulnerability in Rumpus 5

vulnerability | privileges | Untrusted | malicious | modified | earlier | program | search | points | allows | Rumpus | users | local | ipfw | path | gain | via |

Untrusted search path vulnerability in Rumpus 5.1 and earlier allows local users to gain privileges via a modified PATH that points to a malicious ipfw program.


Untrusted search path vulnerability in the add_

intl/gettext/loadmsgcatc | add_filename_to_string | vulnerability | Untrusted | function | Elinks | search | path |

Untrusted search path vulnerability in the add_filename_to_string function in intl/gettext/loadmsgcat.c for Elinks 0.11.1 allows local users to cause Elinks to use an untrusted gettext message catalog (.po file) in a "../po" directory, which can be leveraged to conduct format string attacks.


Java Web Start in Sun JDK and JRE 5.0 Update 12

user-assisted | applications | restrictions | application | untrusted | attackers | properly | Windows | enforce | earlier | Update | access | remote | allows | 142_15 | local | which | Start | files | Java | does | read | via | Web | not | SDK | JRE | Sun | JDK |

Java Web Start in Sun JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier, on Windows does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to read local files via an untrusted application.


Java Web Start in Sun JDK and JRE 6 Update 2 an

vulnerabilities" | user-assisted | applications | restrictions | application | attackers | untrusted | properly | enforce | earlier | Update | remote | allows | modify | access | local | which | Start | files | read | does | Java | "two | aka | Web | via | JRE | not | Sun | JDK |

Java Web Start in Sun JDK and JRE 6 Update 2 and earlier does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to read and modify local files via an untrusted application, aka "two vulnerabilities."


Software vulnerabilities results 1 to 20 of 97     
Page: 12345