A local file detection bug exists in Adobe SVG Viewer version 3.0.
b56516177838b137c11f376de8fc95ba5e4906d2d1a019f2e5bd11efb8f5d84b
A local file detection flaw has been found in the Adobe Reader ActiveX control. Adobe Reader versions 7.0 and below are affected.
62e66376041cb0ead9f4c69cac186a4d750f6d7ab4a0b76dad3a4a5b944a91d3
Musicmatch installs an ActiveX control which can then be called by other sites (totally unrelated to musicmatch). The ActiveX control allows for arbitrary files on the user's disk to be overwritten.
11fd920c5376d04b6b942e8d782b5ab5c9062b6024be9018a38a7f67cccad923
Older versions of MusicMatch (like a large number of other software packages, including core components of Windows) make an insecure call to CreateProcess. This is a local attack which requires that an attack can write files to the root of the C:\ drive, something that actually is possible with versions of Winows prior to XP.
9faba944c8b50a3f791d05142beaf4ad28418d0d8414df595ed593e83feed2ee
Horde 3.0 contains two XSS attacks that can be exploited through GET requests. Once exploited, these requests could be used to execute any javascript commands in the context of that user, potentially including but not limited to reading and deleting email, and stealing authentication tokens.
74a66b7743cd681267539641ac2b61777f2dca3586fbe4f9c385f6dd94d19edf