CyberSecurityBoard
Sponsor Register Login

CVE-2025-1244

A flaw was found in the Emacs text editor. Improper handling of custom "man" URI schemes allows attackers to execute arbitrary shell commands by tricking users into visiting a specially crafted website or an HTTP URL with a redirect.

This Cyber News was published on www.tenable.com. Publication date: Wed, 12 Feb 2025 17:11:03 +0000


Cyber News related to CVE-2025-1244

CVE-2025-1244 - A flaw was found in the Emacs text editor. Improper handling of custom "man" URI schemes allows attackers to execute arbitrary shell commands by tricking users into visiting a specially crafted website or an HTTP URL with a redirect. ...
4 hours ago Tenable.com
CVE-2025-0977 - Update the openssl crate to version 0.10.70 and the openssl-sys crate to version 0.9.105. ...
6 days ago Tenable.com
Microsoft releases first Windows Server 2025 preview build - Microsoft has released Windows Server Insider Preview 26040, the first Windows Server 2025 build for admins enrolled in its Windows Insider program. This build is the first pushed for the next Windows Server Long-Term Servicing Channel Preview, which ...
1 year ago Bleepingcomputer.com
CVE-2019-1251 - An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1244, CVE-2019-1245. ...
5 years ago
CVE-2019-1245 - An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1244, CVE-2019-1251. ...
5 years ago
CVE-2019-1244 - An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1245, CVE-2019-1251. ...
5 years ago
CVE-2006-1244 - Unspecified vulnerability in certain versions of xpdf after 3.00, as used in various products including (a) pdfkit.framework, (b) gpdf, (c) pdftohtml, and (d) libextractor, has unknown impact and user-assisted attack vectors, possibly involving ...
6 years ago
CVE-2020-1244 - A denial of service vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations, aka 'Connected User Experiences and Telemetry Service Denial of Service Vulnerability'. This CVE ID is unique ...
4 years ago
CVE-2020-1120 - A denial of service vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations, aka 'Connected User Experiences and Telemetry Service Denial of Service Vulnerability'. This CVE ID is unique ...
3 years ago
CVE-2008-7115 - The web interface to the Belkin Wireless G router and ADSL2 modem F5D7632-4V6 with firmware 6.01.08 allows remote attackers to bypass authentication and gain administrator privileges via a direct request to (1) statusprocess.exe, (2) system_all.exe, ...
7 years ago
CVE-2009-1244 - Unspecified vulnerability in the virtual machine display function in VMware Workstation 6.5.1 and earlier; VMware Player 2.5.1 and earlier; VMware ACE 2.5.1 and earlier; VMware Server 1.x before 1.0.9 build 156507 and 2.x before 2.0.1 build 156745; ...
6 years ago
CVE-2003-1244 - SQL injection vulnerability in page_header.php in phpBB 2.0, 2.0.1 and 2.0.2 allows remote attackers to brute force user passwords and possibly gain unauthorized access to forums via the forum_id parameter to index.php. ...
16 years ago
CVE-2005-3360 - The installation of Trend Micro PC-Cillin Internet Security 2005 12.00 build 1244, and probably previous versions, uses insecure default ACLs, which allows local users to cause a denial of service (disabled service) and gain system privileges by ...
13 years ago
CVE-2013-1244 - Cross-site scripting (XSS) vulnerability in the portal module in Cisco WebEx Social allows remote authenticated users to inject arbitrary web script or HTML via a javascript: URL in the link field in a post, aka Bug ID CSCue67199. ...
11 years ago
CVE-2014-8510 - The AdminUI in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) before 6.0 HF build 1244 allows remote authenticated users to read arbitrary files via vectors related to configuration input when saving filters. ...
10 years ago
CVE-2014-1244 - Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding. ...
9 years ago
CVE-2002-1244 - Format string vulnerability in Pablo FTP Server 1.5, 1.3, and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via format strings in the USER command. ...
8 years ago
CVE-2015-1244 - The URLRequest::GetHSTSRedirect function in url_request/url_request.cc in Google Chrome before 42.0.2311.90 does not replace the ws scheme with the wss scheme whenever an HSTS Policy is active, which makes it easier for remote attackers to obtain ...
8 years ago
CVE-2005-1244 - ** DISPUTED ** Directory traversal vulnerability in the third party tool from NetIQ, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via ".." sequences in a ...
7 years ago
CVE-2010-1244 - Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter ...
7 years ago
CVE-2012-1244 - The NTT DOCOMO sp mode mail application 5400 and earlier for Android does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. ...
7 years ago
CVE-1999-1244 - IPFilter 3.2.3 through 3.2.10 allows local users to modify arbitrary files via a symlink attack on the saved output file. ...
7 years ago
CVE-2008-1244 - cgi-bin/setup_dns.exe on the Belkin F5D7230-4 router with firmware 9.01.10 does not require authentication, which allows remote attackers to perform administrative actions, as demonstrated by changing a DNS server via the dns1_1, dns1_2, dns1_3, and ...
6 years ago
CVE-2004-1244 - Windows Media Player 9 allows remote attackers to execute arbitrary code via a PNG file containing large (1) width or (2) height values, aka the "PNG Processing Vulnerability." ...
1 year ago
CVE-2007-1244 - Cross-site request forgery (CSRF) vulnerability in the AdminPanel in WordPress 2.1.1 and earlier allows remote attackers to perform privileged actions as administrators, as demonstrated using the delete action in wp-admin/post.php. NOTE: this issue ...
6 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)