236 matches found
CVE-2017-5414
The file picker dialog can choose and display the wrong local default directory when instantiated. On some operating systems, this can lead to information disclosure, such as the operating system or the local account name. This vulnerability affects Firefox 52 and Thunderbird 52...
CVE-2017-5414
The file picker dialog can choose and display the wrong local default directory when instantiated. On some operating systems, this can lead to information disclosure, such as the operating system or the local account name. This vulnerability affects Firefox 52 and Thunderbird 52...
Design/Logic Flaw
The file picker dialog can choose and display the wrong local default directory when instantiated. On some operating systems, this can lead to information disclosure, such as the operating system or the local account name. This vulnerability affects Firefox 52 and Thunderbird 52...
CVE-2017-5454
A mechanism to bypass file system access protections in the sandbox to use the file picker to access different files than those selected in the file picker through the use of relative paths. This allows for read only access to the local file system. This vulnerability affects Thunderbird 52.1,...
CVE-2017-5414
The file picker dialog can choose and display the wrong local default directory when instantiated. On some operating systems, this can lead to information disclosure, such as the operating system or the local account name. This vulnerability affects Firefox 52 and Thunderbird 52...
CVE-2017-5414
CVE-2017-5414 affects Mozilla Firefox (and Thunderbird) prior to version 52. The file picker dialog can instantiate and display the wrong local default directory, potentially disclosing OS or local account name. Remediation from connected docs: upgrade to Firefox 52.0+ (and Thunderbird 52.0+ as a...
CVE-2017-5414
The file picker dialog can choose and display the wrong local default directory when instantiated. On some operating systems, this can lead to information disclosure, such as the operating system or the local account name. This vulnerability affects Firefox 52 and Thunderbird 52...
CVE-2017-5454
A mechanism to bypass file system access protections in the sandbox to use the file picker to access different files than those selected in the file picker through the use of relative paths. This allows for read only access to the local file system. This vulnerability affects Thunderbird 52.1,...
CVE-2018-6095
Inappropriate dismissal of file picker on keyboard events in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to read local files via a crafted HTML page...
CMS Made Simple Arbitrary File Deletion Vulnerability
CMS Made Simple CMSMS is an open source content management system CMS developed by CMSMS team. The system supports role-based permission management system , wizard-based installation and update mechanism , intelligent caching mechanism , etc. admin dashboard is one of the administration panel . A...
CVE-2017-11405
In CMS Made Simple CMSMS 2.2.2, remote authenticated administrators can upload a .php file via a CMSContentManager action to admin/moduleinterface.php, followed by a FilePicker action to admin/moduleinterface.php in which type=image is changed to type=file...
Multiple Cross-Site Scripting (XSS)
Moodle is vulnerable to multiple cross-site scripting XSS attacks. The attacks can be triggered because the file picker module does not properly handle filenames from users, allowing the attackers to upload files with filenames containing malicious code...
Schneider Electric U.motion Builder file_picker remote code execution vulnerability
U.motion Builder is a builder product from Schneider Electric France. A remote code execution vulnerability exists in Schneider Electric U.motion Builder filepicker. The user-specified upload path is not constrained, so any logged-in user can upload a file to any location in the system that is...
Mozilla: Sandbox escape allowing file system read access through file picker (MFSA 2017-12)
A mechanism to bypass file system access protections in the sandbox to use the file picker to access different files than those selected in the file picker through the use of relative paths. This allows for read only access to the local file system. This vulnerability affects Thunderbird 52.1,...
Mozilla: Sandbox escape allowing file system read access through file picker (MFSA 2017-12)
A mechanism to bypass file system access protections in the sandbox to use the file picker to access different files than those selected in the file picker through the use of relative paths. This allows for read only access to the local file system. This vulnerability affects Thunderbird 52.1,...
UBUNTU-CVE-2017-5454
A mechanism to bypass file system access protections in the sandbox to use the file picker to access different files than those selected in the file picker through the use of relative paths. This allows for read only access to the local file system. This vulnerability affects Thunderbird 52.1,...
[ASA-201703-3] firefox: multiple issues
Arch Linux Security Advisory ASA-201703-3 ========================================= Severity: Critical Date : 2017-03-10 CVE-ID : CVE-2017-5398 CVE-2017-5399 CVE-2017-5400 CVE-2017-5401 CVE-2017-5402 CVE-2017-5403 CVE-2017-5404 CVE-2017-5405 CVE-2017-5406 CVE-2017-5407 CVE-2017-5408 CVE-2017-5410...
CVE-2017-5414
The file picker dialog can choose and display the wrong local default directory when instantiated. On some operating systems, this can lead to information disclosure, such as the operating system or the local account name. This vulnerability affects Firefox 52 and Thunderbird 52...
UBUNTU-CVE-2017-5414
The file picker dialog can choose and display the wrong local default directory when instantiated. On some operating systems, this can lead to information disclosure, such as the operating system or the local account name. This vulnerability affects Firefox 52 and Thunderbird 52...
SUSE SLED12 / SLES12 Security Update : libqt4 (SUSE-SU-2015:1359-1)
The libqt4 library was updated to fix several security and non security issues. The following vulnerabilities were fixed : - bsc921999: CVE-2015-0295: division by zero when processing malformed BMP files - bsc927806: CVE-2015-1858: segmentation fault in BMP Qt Image Format Handling - bsc927807:...