NVD-CWE-Other

Google Desktop allows user-assisted remote attackers to execute arbitrary programs via a man-in-the-middle attack that injects JavaScript, a www.google.com search IFRAME, and a META HTTP-EQUIV=”refresh” that targets a www.google.com search for a local .exe file, which is displayed in the “results stored on your computer” portion of the search results, and when clicked invokes Google Desktop to execute this file.

rpttop.htm in the web management interface in Packeteer PacketShaper 7.3.0g2 and 7.5.0g1 allows remote attackers to cause a denial of service (device reboot) via a request with empty values of the OP.MEAS.DATAQUERY and MEAS.TYPE parameters.

c-ares before 1.4.0 uses a predictable seed for the random number generator for the DNS Transaction ID field, which might allow remote attackers to spoof DNS responses by guessing the field value.

Directory traversal vulnerability in Mozilla Firefox 2.0.0.4 and earlier on Mac OS X and Unix allows remote attackers to read arbitrary files via ..%2F (dot dot encoded slash) sequences in a resource:// URI.

Directory traversal vulnerability in Microsoft Internet Explorer allows remote attackers to read arbitrary files via directory traversal sequences in a URI with a certain scheme, possibly related to “..%5C” (encoded backslash) sequences.

A certain ActiveX control in sasatl.dll in Zenturi ProgramChecker allows remote attackers to download arbitrary files to the client system via the DownloadFile function.