Page 2 of 15 results (0.004 seconds)

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0

AOL 9.0 Security Edition revision 4184.2340, and probably other versions, uses insecure permissions (Everyone/Full Control) for the "America Online 9.0" directory, which allows local users to gain privileges by replacing critical files. AOL 9.0 Security Edition revision 4184.2340, y probablemente otras versiones, utiliza permisos inseguros (Todos/Control Total) para el directorio "America Online 9.0", lo que permite a usuarios locales obtener privilegios mediante el reemplazo de archivos críticos. • http://secunia.com/advisories/18734 http://secunia.com/secunia_research/2006-08 http://securityreason.com/securityalert/1416 http://securitytracker.com/id?1016717 http://www.osvdb.org/27995 http://www.securityfocus.com/archive/1/443622/100/0/threaded http://www.securityfocus.com/bid/19583 http://www.vupen.com/english/advisories/2006/3317 https://exchange.xforce.ibmcloud.com/vulnerabilities/28445 •

CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 0

The default configuration of the America Online (AOL) client software allows all users to modify a certain registry value that specifies a DLL file name, which might allow local users to gain privileges via a Trojan horse program. • http://www.cs.princeton.edu/~sudhakar/papers/winval.pdf http://www.kb.cert.org/vuls/id/953860 http://www.securityfocus.com/archive/1/423587/100/0/threaded http://www.securityfocus.com/bid/16453 https://exchange.xforce.ibmcloud.com/vulnerabilities/24498 •

CVSS: 10.0EPSS: 33%CPEs: 3EXPL: 0

Buffer overflow in YGPPicFinder.DLL in AOL You've Got Pictures (YGP) Picture Finder Tool ActiveX Control, as used in AOL 8.0, 8.0 Plus, and 9.0 Classic, allows remote attackers to execute arbitrary code via unspecified vectors. • http://news.com.com/2061-10789_3-6027865.html?part=rss&tag=6027865&subj=news http://secunia.com/advisories/18521 http://securitytracker.com/id?1015494 http://www.kb.cert.org/vuls/id/715730 http://www.kb.cert.org/vuls/id/MIMG-6KRSQP http://www.osvdb.org/22486 http://www.securityfocus.com/bid/16262 http://www.vupen.com/english/advisories/2006/0221 https://exchange.xforce.ibmcloud.com/vulnerabilities/24160 •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0

AOL Client Software 9.0 uses insecure permissions for its installation path, which allows local users to execute arbitrary code with SYSTEM privileges by replacing ACSD.exe with a malicious program. • http://archives.neohapsis.com/archives/ntbugtraq/2005-08/0009.html http://www.securityfocus.com/bid/14530 https://exchange.xforce.ibmcloud.com/vulnerabilities/24324 •

CVSS: 7.5EPSS: 1%CPEs: 9EXPL: 0

Format string vulnerability in Ns_PdLog function for the external database driver proxy daemon library (libnspd.a) of AOLServer 3.0 through 3.4.2 allows remote attackers to execute arbitrary code via the Error or Notice parameters. • http://archives.neohapsis.com/archives/bugtraq/2002-04/0195.html http://sourceforge.net/tracker/index.php?func=detail&aid=533141&group_id=3152&atid=303152 http://www.iss.net/security_center/static/8860.php http://www.securityfocus.com/bid/4535 •