Mail.ru: Stealing Arbitrary Private Files of MyMail App

It was possible for local malware application to steal sensitive local files of MyMail / Mail.Ru Mail application due to specifics of file:// schema URI handling in SharingActivity...

Samsung Email Arbitrary File Read Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Samsung Email. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

CVE-2016-5266

Mozilla Firefox before 48.0 does not properly restrict drag-and-drop aka dataTransfer actions for file: URIs, which allows user-assisted remote attackers to access local files via a crafted web site...

Reading sensitive profile files through local HTML file on Android — Mozilla

Security researcher Jordi Chancel reported an issue in Firefox for Android where a locally saved HTML file could use file: URIs to trigger the download of additional files or opening of cached profile data without user awareness...

CVE-2007-5896

Mozilla Firefox 2.0.0.9 allows remote attackers to cause a denial of service CPU consumption and crash via an iframe with Javascript that sets the document.location to contain a leading NULL byte \x00 and a 1 res://, 2 about:config, or 3 file:/// URI...

Cisco WebEx Meetings Server Information Disclosure Vulnerability

A vulnerability in the file URI scheme of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to access sensitive information. The vulnerability is due to inclusion of sensitive information in URLs. An attacker could exploit the vulnerability by viewing application URL...

Information disclosure

Cisco WebEx Meeting Center does not properly restrict the content of URLs, which allows remote attackers to obtain sensitive information via vectors related to file: URIs, aka Bug ID CSCus18281...

CVE-2014-0233

Red Hat OpenShift Enterprise 2.0 and 2.1 and OpenShift Origin allow remote authenticated users to execute arbitrary commands via shell metacharacters in a directory name that is referenced by a cartridge using the file: URI scheme...

Design/Logic Flaw

Red Hat OpenShift Enterprise 2.0 and 2.1 and OpenShift Origin allow remote authenticated users to execute arbitrary commands via shell metacharacters in a directory name that is referenced by a cartridge using the file: URI scheme...

PT-2014-3550 · Red Hat · Openshift Origin +1

Name of the Vulnerable Software and Affected Versions: Red Hat OpenShift Enterprise versions 2.0 through 2.1 OpenShift Origin affected versions not specified Description: The issue allows remote authenticated users to execute arbitrary commands via shell metacharacters in a directory name that is...

Macromedia Flash Player 6.0.x Flash Cookie Predictable File Location Weakness

No description provided by source. source: http://www.securityfocus.com/bid/8900/info Macromedia Flash Player is reported to store Flash cookies .sol files in a predictable location on client systems. Other attacks are possible given the ability to store content on a system in a predictable...

OpenShift: downloadable cartridge source url file command execution as root

Red Hat OpenShift Enterprise 2.0 and 2.1 and OpenShift Origin allow remote authenticated users to execute arbitrary commands via shell metacharacters in a directory name that is referenced by a cartridge using the file: URI scheme...

Pidgin Libpurple Protocol Plugins Denial of Service Vulnerabilities (Windows)

This host is installed with Pidgin and is prone to denial of service vulnerabilities. OpenVAS Vulnerability Test $Id: gbpidginlibpurpleprotocolpluginsdosvulnwin.nasl 7024 2017-08-30 11:51:43Z teissa $ Pidgin Libpurple Protocol Plugins Denial of Service Vulnerabilities Windows Authors: Rachana...

Pidgin < 2.10.0 Multiple Vulnerabilities

The version of Pidgin installed on the remote host is earlier than 2.10.0. As such, it is potentially affected by the following issues : - A code execution vulnerability caused by clicking on a file:// URI received in an IM that Pidgin will attempt to execute. This can result in the execution of...

CVE-2009-4321

Zen Cart CVE-2009-4321 affects extras/curltest.php in Zen Cart 1.3.8/1.3.8a (and possibly other versions), allowing remote attackers to read arbitrary local files via a file:// URI. The root cause cited is insufficient sanitization of user-supplied data, enabling information disclosure through th...

RedHat Update for firefox RHSA-2008:0978-01

Check for the Version of firefox OpenVAS Vulnerability Test RedHat Update for firefox RHSA-2008:0978-01 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

Opera file URI buffer overflow

Added: 01/13/2009 CVE: CVE-2008-5178 BID: 32323 OSVDB: 49882 Background Opera is a web browser which is available for multiple platforms. Problem A buffer overflow vulnerability allows command execution when a user opens a long, specially crafted file:// URI. Resolution Upgrade to Opera 9.63 or...

Opera file URI buffer overflow

Added: 01/13/2009 CVE: CVE-2008-5178 BID: 32323 OSVDB: 49882 Background Opera is a web browser which is available for multiple platforms. Problem A buffer overflow vulnerability allows command execution when a user opens a long, specially crafted file:// URI. Resolution Upgrade to Opera 9.63 or...

Opera Web Browser Heap Based Buffer Overflow Vulnerability (Windows)

The host is installed with Opera Web Browser and is prone to buffer overflow vulnerability. OpenVAS Vulnerability Test $Id: gboperafileheapbofvulnwin.nasl 6519 2017-07-04 14:08:14Z cfischer $ Opera Web Browser Heap Based Buffer Overflow Vulnerability Windows Authors: Chandan S Copyright: Copyrigh...

Opera Web Browser Heap Based Buffer Overflow Vulnerability - Windows

Opera Web Browser is prone to a buffer overflow vulnerability. SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...