234 matches found
File input control has access to full path — Mozilla
Mozilla security researcher mozbugra4 reported a mechanism to exploit the control when set to the file type in order to get the full path. This can lead to information leakage and could be combined with other exploits to target attacks on the local file system...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in ownCloud before 4.0.9 and 4.5.0 allow remote attackers to inject arbitrary web script or HTML via the 1 file name to apps/filesversions/js/versions.js or 2 apps/files/js/filelist.js; or 3 event title to 3rdparty/fullcalendar/js/fullcalendar.js...
bsnes v0.87 Local Denial Of Service
Exploit for windows platform in category dos / poc 'Load NES Catridge' that contains 9999 chars 'A', so bsnes should crash. PoC / Code: $buffer = strrepeat'A', 9999; Create 9999 chars'A'.. iffileputcontents'crash.nes', $buffer echo"File created successfuly.\r\bsnes should crash when you open the...
Users can be tricked into uploading unexpected files
Plug-ins may be used to seed the system clipboard with paths to a target file, while the user may not expect that to be the contents of the clipboard. If the user can be convinced to focus a file input and paste the contents of the clipboard, the file can then be immediately uploaded without...
Users can be tricked into uploading unexpected files – Opera Security Advisories
Users can be tricked into uploading unexpected files – Opera Security Advisories OPCOM Team | June 29, 2010 Severity Less severe Description Plug-ins may be used to seed the system clipboard with paths to a target file, while the user may not expect that to be the contents of the clipboard. If th...
Firefox local file stealing with SessionStore
components/sessionstore/src/nsSessionStore.js in Mozilla Firefox before 3.0.6 does not block changes of INPUT elements to type="file" during tab restoration, which allows user-assisted remote attackers to read arbitrary files on a client machine via a crafted INPUT element...
SuSE 10 Security Update : gecko-sdk and mozilla-xulrunner (ZYPP Patch Number 5811)
This update backports the latest security fixes to the Mozilla XULRunner engine. It fixes following security issues : - The http-index-format MIME type parser nsDirIndexParser in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 does not check for an allocatio...
Mozilla crash and remote code execution in nsFrameManager
nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code by modifying properties of a file input element while it is stil...
CVE-2008-5021
nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code by modifying properties of a file input element while it is stil...
CVE-2008-5021
nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code by modifying properties of a file input element while it is stil...
Design/Logic Flaw
nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code by modifying properties of a file input element while it is stil...
Mozilla crash and remote code execution in nsFrameManager
nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code by modifying properties of a file input element while it is stil...
Mozilla crash and remote code execution in nsFrameManager
nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code by modifying properties of a file input element while it is stil...
Crash and remote code execution in nsFrameManager — Mozilla
ling and wushi of team509, via TippingPoint's Zero Day Initiative program, reported a flaw in part of Mozilla's DOM constructing code. This vulnerability can be exploited by modifying certain properties of a file input element before it has finished initializing. When the blur method of the...
openSUSE 10 Security Update : epiphany (epiphany-5102)
The Mozilla XULRunner 1.8.1 engine was updated to security update version 1.8.1.12. This includes fixes for the following security issues : - MFSA 2008-10/CVE-2008-0593 URL token stealing via stylesheet redirect - MFSA 2008-09/CVE-2008-0592 Mishandling of locally-saved plain text files - MFSA...
CVE-2008-1080
Opera before 9.26 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename into a file input...
CVE-2008-1080
Opera before 9.26 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename into a file input...
CVE-2008-1080
Opera before 9.26 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename into a file input...
CVE-2008-1080
Opera before 9.26 is affected by CVE-2008-1080, CVE-2008-1081, and CVE-2008-1082. The issues stem from input handling in file form fields, image comments, and DOM attribute value representation in imported XML documents, allowing a remote attacker to trigger file path manipulation, script executi...
Opera Web浏览器9.26修复多个安全漏洞
BUGTRAQ ID: 27901 Opera是一款流行的WEB浏览器,支持多种平台。 Opera Web浏览器的9.26之前版本中存在多个安全漏洞,可能允许恶意用户执行跨站脚本攻击、泄露敏感信息或绕过某些安全限制。 1 当用户键入文件输入时,脚本可能导致忽略一些键盘动作。如果脚本能够诱骗用户相信正在键入正常的文件输入,而不让用户看到已经忽略了键盘动作,就可能导致输入指向计算机上的文件路径,然后在未经用户交互的情况下上传文件。 2 图形属性中可能包含有自定义标注。在显示图形属性时,Opera可能将这些标注处理为脚本,导致在错误的安全环境中运行脚本。 3...