43 matches found
CVE-2025-30551
CVE-2025-30551 concerns the WordPress plugin Pretty file links, which is affected by a Stored Cross-Site Scripting (XSS) vulnerability. The issue is described as stored XSS in Pretty file links (version range “from n/a through 0.9”). Connected sources indicate the vulnerability status as Unpatche...
WordPress Pretty file links plugin <= 0.9 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by theviper17 in WordPress Plugin Pretty file links versions = 0.9...
WordPress plugin Pretty file links 跨站脚本漏洞
WordPress and the WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in...
CVE-2024-47145 Unauthorized access on archived channels via file links
Mattermost versions 9.5.x = 9.5.8 fail to properly authorize access to archived channels when viewing archived channels is disabled, which allows an attacker to view posts and files of archived channels via file links...
CVE-2024-47145 Unauthorized access on archived channels via file links
Mattermost versions 9.5.x = 9.5.8 fail to properly authorize access to archived channels when viewing archived channels is disabled, which allows an attacker to view posts and files of archived channels via file links...
PT-2024-32434 · Mattermost · Mattermost
Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.5.x through 9.5.8 Description: The issue allows an attacker to view posts and files of archived channels via file links when viewing archived channels is disabled, due to a failure to properly authorize access to archive...
PT-2024-28722 · Vnote · Vnote
Name of the Vulnerable Software and Affected Versions: VNote versions prior to 3.18.1 Description: A code execution issue existed in VNote, allowing an attacker to execute arbitrary programs on the victim's system. This could be achieved by using a crafted URI in a note, such as...
SUSE CVE-2007-5335
Mozilla Firefox 2.0 before 2.0.0.8 allows remote attackers to obtain sensitive system information by using the addMicrosummaryGenerator sidebar method to access file: URIs...
SUSE CVE-2008-5680
Multiple buffer overflows in Opera before 9.63 might allow 1 remote attackers to execute arbitrary code via a crafted text area, or allow 2 user-assisted remote attackers to execute arbitrary code via a long host name in a file: URL. NOTE: this might overlap CVE-2008-5178...
SUSE CVE-2021-39134
@npmcli/arborist, the library that calculates dependency trees and manages the nodemodules folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed into the expected folder...
Mozilla: Arbitrary file read from GTK drag and drop on Linux
The Mozilla Foundation Security Advisory describes this flaw as: Due to the Firefox GTK wrapper code's use of text/plain for drag data and GTK treating all text/plain MIMEs containing file URLs as being dragged a website could arbitrarily read a file via a call to DataTransfer.setData...
PT-2020-3794 · Microsoft · Outlook
Name of the Vulnerable Software and Affected Versions: Microsoft Outlook versions prior to the fixed version Description: An information disclosure issue exists when attaching files to Outlook messages, potentially allowing users to share attached files with anonymous users, even when they should...
CVE-2020-1132
An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles file and folder links, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'...
The vulnerability of the Windows Background Intelligent Transfer Service, a file transfer service between the client and the HTTP server, allows a hacker to escalate their privileges.
The vulnerability of the Windows Background Intelligent Transfer Service, which is responsible for intelligent file transfer between clients and Windows HTTP servers, is related to errors in processing links that point to file and directory paths. Exploiting this vulnerability can allow an attack...
Tor Browser Anonymity Feature Bypass Vulnerability
Tor Browser is prone to anonymity feature bypass vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:tor:torbrowser";...
USN-3210-1: LibreOffice vulnerability
Ben Hayak discovered that it was possible to make LibreOffice Calc and Writer disclose arbitrary files to an attacker if a user opened a specially crafted file with embedded links...
UBUNTU-CVE-2016-3162
The File module in Drupal 7.x before 7.43 and 8.x before 8.0.4 allows remote authenticated users to bypass access restrictions and read, delete, or substitute a link to a file uploaded to an unprocessed form by leveraging permission to create content or comment and upload files...
The vulnerability of the web application for data synchronization with ownCloud allows a hacker to circumvent existing access restrictions and gain access to users’ files.
The vulnerability of the virtual file system of the web application for data synchronization with ownCloud is related to the lack of data validation during data retrieval. Exploiting this vulnerability allows a malicious actor to bypass existing access restrictions and gain access to user files b...
Cybozu Live for Android vulnerable in the WebView class
Overview Cybozu Live for Android contains a vulnerability in the WebView class. Cybozu Live for Android is a client software for Cybozu Live. Cybozu Live for Android contains a vulnerability in the WebView class. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability ...
Printing issue can allow data leaks to other system users, or allow them to corrupt data
When pages are printed by Opera, a temporary file is created, which contains the document to print. This document is not created with the correct permissions, allowing other users of the system to read its contents. When printed with certain popular printing frameworks, an additional temporary fi...