A local file detection bug exists in Adobe SVG Viewer version 3.0.
b56516177838b137c11f376de8fc95ba5e4906d2d1a019f2e5bd11efb8f5d84bA local file detection flaw has been found in the Adobe Reader ActiveX control. Adobe Reader versions 7.0 and below are affected.
62e66376041cb0ead9f4c69cac186a4d750f6d7ab4a0b76dad3a4a5b944a91d3Musicmatch installs an ActiveX control which can then be called by other sites (totally unrelated to musicmatch). The ActiveX control allows for arbitrary files on the user's disk to be overwritten.
11fd920c5376d04b6b942e8d782b5ab5c9062b6024be9018a38a7f67cccad923Older versions of MusicMatch (like a large number of other software packages, including core components of Windows) make an insecure call to CreateProcess. This is a local attack which requires that an attack can write files to the root of the C:\ drive, something that actually is possible with versions of Winows prior to XP.
9faba944c8b50a3f791d05142beaf4ad28418d0d8414df595ed593e83feed2eeHorde 3.0 contains two XSS attacks that can be exploited through GET requests. Once exploited, these requests could be used to execute any javascript commands in the context of that user, potentially including but not limited to reading and deleting email, and stealing authentication tokens.
74a66b7743cd681267539641ac2b61777f2dca3586fbe4f9c385f6dd94d19edf
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed