778 matches found
CVE-2012-5138
Google Chrome before 23.0.1271.95 does not properly handle file paths, which has unspecified impact and attack vectors...
Design/Logic Flaw
Google Chrome before 23.0.1271.95 does not properly handle file paths, which has unspecified impact and attack vectors...
CVE-2012-5138
Google Chrome before 23.0.1271.95 does not properly handle file paths, which has unspecified impact and attack vectors...
CVE-2012-5138
Removed by vendor...
FreeBSD Ports: chromium
The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2012 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
Error pages can be used to guess local file paths – Opera Security Advisories
Remote web pages should not be able to detect what files a user has on their local machine. Certain error pages do not apply this restriction correctly, allowing web pages to produce an error page where a script can run. The script can then use various events to detect whether files on the user’s...
versant-info NSE Script
Extracts information, including file paths, version and database names from a Versant object database. Example Usage nmap -p 5019 --script versant-info Script Output PORT STATE SERVICE REASON 5019/tcp open versant syn-ack | versant-info: | Hostname: WIN-S6HA7RJFAAR | Root path: C:\Versant\8 |...
Fedora 16 : BackupPC-3.2.1-7.fc16 (2012-0825)
change %%sharedstatedir to %%localstatedir/lib as these expand differently on EL bz 767719 - fix XSS vulnerability bz 749846, bz 749847, bz 749848 CVE-2011-3361 - additional documentation about enabling correct channels in RHEL to resolve all dependencies bz 749627 - fix bug with missing...
winwebmail mention the right-vulnerability warning-the black bar safety net
Another collection below winwebmail default installation path, this is for if in Start—program there is no winwebmail shortcut. c:\winwebmail\web if you cannot browse to change to the d:\winwebmail\web\ In addition, if you can not find the path please use Registry to read the...
VMCPlayer 1.0 Denial Of Service
done by BraniX www.hackers.org.pl found: 2011.03.22 published: 2011.03.22 tested on: Windows XP SP3 Home Edition App: VMCPlayer 1.0 App Url: http://files.videomobileconverter.com/vmcplayer.exe VMCPlayer.exe MD5: 8a98ffbb404731f8f5ffbf3eaf30a327 VMCPlayer can be DoS'ed in two or probably more ways...
Вышел PHP 5.3.4
ChangeLog Выпуск новой версии не был бы настолько примечателен, если бы не следующая строчка в ченджлоге: Цитата: Paths with NULL in them foo\0bar.txt are now considered as invalid. Rasmus --- Видимо усечение пути нулл-байтом теперь останется в прошлом. Решение проблемы на примере функции file: S...
File inputs can disclose the path to selected files – Opera Security Advisories
File inputs can disclose the path to selected files – Opera Security Advisories OPCOM Team | June 29, 2010 Severity Less severe Description When a file is selected in a file upload input, the path to that file is not exposed through the input’s value property. This is done to protect any sensitiv...
Ubuntu: Security Advisory (USN-953-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : fastjar vulnerability (USN-953-1)
Dan Rosenberg discovered that fastjar incorrectly handled file paths containing '..' when unpacking archives. If a user or an automated system were tricked into unpacking a specially crafted jar file, arbitrary files could be overwritten with user privileges. Note that Tenable Network Security ha...
USN-953-1: fastjar vulnerability
Dan Rosenberg discovered that fastjar incorrectly handled file paths containing ".." when unpacking archives. If a user or an automated system were tricked into unpacking a specially crafted jar file, arbitrary files could be overwritten with user privileges...
Phreebooks 2.0 - Local File Inclusion
Advisory Name: Local File Inclusion in Phreebooks v2.0 Internal Cybsec Advisory Id: Vulnerability Class: Local File Inclusion Release Date: 2010-05-26 Affected Applications: Phreebooks v2.0 Affected Platforms: Any running Phreebooks v2.0 Local / Remote: Remote Severity: Medium – CVSS: 5...
SAP BusinessObjects 'HappyAxis2.jsp' Information Disclosure
The SAP BusinessObjects installation on the remote web server is leaking information via '/BusinessProcessBI/axis2-web/HappyAxis.jsp'. This page contains debugging information such as local file paths, operating system version, and Java version. A remote attacker could use this information to mou...
Ubuntu: Security Advisory (USN-723-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-723-1: Git vulnerabilities
It was discovered that Git did not properly handle long file paths. If a user were tricked into performing commands on a specially crafted Git repository, an attacker could possibly execute arbitrary code with the privileges of the user invoking the program. CVE-2008-3546 It was discovered that t...
Firefox javascript arbitrary code execution
The mozIJSSubScriptLoader.LoadScript function in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 does not apply XPCNativeWrappers to scripts loaded from 1 file: URIs, 2 data: URIs, or 3 certain non-canonical chrome: URIs, which allows remote attacker...