Improper access control

BigBlueButton before 2.2.27 has an unsafe JODConverter setting in which LibreOffice document conversions can access external files...

CVE-2020-27603

BigBlueButton before 2.2.27 has an unsafe JODConverter setting in which LibreOffice document conversions can access external files...

The vulnerability of the Bundler’s package manager in Ruby projects allows attackers to execute arbitrary code by exploiting the use of files and directories accessible from external sources.

The vulnerability of the Bundler’s package manager in Ruby projects relates to the use of files and directories accessible from external sources. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

Directory Traversal

smarty/smarty is vulnerable to directory traversal attacks. The vulnerability exists due to the lack of sanitization of file path that allows the external files to be references through trusteddir, causing a directory traversal attack. This issue is also referenced in CVE-2018-13982...

The vulnerability of Mozilla Firefox’s toolbars allows a hacker to gain unauthorized access to protected information.

The vulnerability of Mozilla Firefox’s developer tools is related to the use of files and directories accessible from external parties. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

XML External Entity (XXE)

retrofit is vulnerable to XML external entity XXE attacks. The vulnerability exists due to the lack of proper default configuration to disable support for external entities, allowing external files to be read and displayed when processing a malicious XML file...

arxius: Local File Disclosure via ffmpeg

Summary ffmpeg is a video and audio software that is used for generating previews and for converting videos. Your current installation allows HLS playlists that contain references to external files, which leads to local file disclosure. Reproduction 1. Download this script...

Remote File Inclusion Vulnerability in Hitachi Command Suite

Overview A Remote File Inclusion Vulnerability was found in Hitachi Command Suite. Impact Malicious attacker might exploit this vulnerability to load external files into a browser. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate actio...

Reflected Cross-Site Scripting (XSS) in Flash Version of Flowplayer

Description: The flash file accept its configuration via a JSON object. This object can be passed directly or via a file. The old version of this flash file was vulnerable because of loading insecure external flash files. The latest version and the previous ones are also vulnerable because of lac...

CVE-2014-3756

The client in Mumble 1.2.x before 1.2.6 allows remote attackers to force the loading of an external file and cause a denial of service hang and resource consumption via a crafted string that is treated as rich-text by a Qt widget, as demonstrated by the 1 user or 2 channel name in a Qt dialog, 3...

SiteGo Remote File Inclusion Vulnerability

No description provided by source. Exploit Title: SiteGo Remote File Inclusion Vulnerability Date: 10/09/2012 Author: L0n3ly-H34rT Contact: [email protected] My Site: http://se3c.blogspot.com/ Vendor Link: http://site-go.com/ Software Link: http://site-go.com/free/site-go.zip Tested on:...

Laurent Adda Les Commentaires 2.0 PHP Script derniers_commentaires.php Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/9536/info It has been reported that Les Commentaires may be prone to a file include vulnerability in various modules, that may allow an attacker to include malicious external files containing arbitrary PHP code to be...

openSUSE Security Update : postgresql (openSUSE-SU-2012:1299-1)

This version upgrade of PostgreSQL fixes following issues : - Bugfix release 9.0.10 : - Fix planner's assignment of executor parameters, and fix executor's rescan logic for CTE plan nodes. - Improve page-splitting decisions in GiST indexes. - Fix cascading privilege revoke to stop if privileges a...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in ownCloud 4.5.x before 4.5.7 allow remote attackers to inject arbitrary web script or HTML via 1 a crafted iCalendar file to the calendar application, the 2 dir or 3 file parameter to apps/filespdfviewer/viewer.php, or the 4 mountpoint parameter...

Debian Security Advisory DSA 2534-1 (postgresql-8.4 - several vulnerabilities)

Two vulnerabilities related to XML processing were discovered in PostgreSQL, an SQL database. CVE-2012-3488contrib/xml2's xsltprocess can be used to read and write external files and URLs. CVE-2012-3489xmlparse fetches external files or URLs to resolve DTD and entity references in XML values. Thi...

PHP-Fusion: source code security analysis report

Several vulnerabilities were discovered in PHP-Fusion 'PHP-Fusion' software: Incorrect User Input Filtration when Connecting to External Files File System Path Manipulation Incorrect User Input Filtration when Using Regular Expressions while Calling the pregreplace Function Using Insufficiently...

SuSE 11.1 Security Update : PostgreSQL (SAT Patch Number 6697)

This update provides PostgreSQL 8.3.20. As part of this update, the packaging scheme has been changed to accomodate an optional parallel installation of newer PostgreSQL versions. The changes in 8.3.20 are : - Prevent access to external files/URLs via XML entity references. xmlparse would attempt...

Mandriva Linux Security Advisory : postgresql (MDVSA-2012:139)

Multiple vulnerabilities has been discovered and corrected in postgresql : Prevent access to external files/URLs via contrib/xml2's xsltprocess Peter Eisentraut. libxslt offers the ability to read and write both files and URLs through stylesheet commands, thus allowing unprivileged database users...

Skype zero day HTML/(Javascript) code injection

Skype zero day HTML/Javascript code injection Noptri Public Security Advisory has publised a working skype zero day vulnerability with POC for skype. Skype users need be aware of this vulnerability. Affected Software: Software: Skype = 5.5.0.113 Affected Platforms: Windows XP, Vista, 7 Problem...

mxBB Module WebLinks <= 2.05 Remote Inclusion Vulnerability

No description provided by source. Title : mxBB Module WebLinks = 2.05mxrootpath Remote File Include Vulnerability Author : ajann Contact : : S.Page : http://www.mx-system.com Dork : /modules/mxlinks/ ERROR------------------------------------------------------ .... .. includeonce $mxrootpath...