CURL-CVE-2017-1000099 FILE buffer read out of bounds

When asking to get a file from a file:// URL, libcurl provides a feature that outputs meta-data about the file using HTTP-like headers. The code doing this would send the wrong buffer to the user stdout or the application's provide callback, which could lead to other private data from the heap to...

CVE-2017-1000099

When asking to get a file from a file:// URL, libcurl provides a feature that outputs meta-data about the file using HTTP-like headers. The code doing this would send the wrong buffer to the user stdout or the application's provide callback, which could lead to other private data from the heap to...

CVE-2017-9502

In curl before 7.54.1 on Windows and DOS, libcurl's default protocol function, which is the logic that allows an application to set which protocol libcurl should attempt to use when given a URL without a scheme part, had a flaw that could lead to it overwriting a heap based memory buffer with sev...

CURL-CVE-2017-9502 URL file scheme drive letter buffer overflow

When libcurl is given either 1. a file: URL that does not use two slashes following the colon, or 2. is told that file is the default scheme to use for URLs without scheme ... and the given path starts with a drive letter and libcurl is built for Windows or DOS, then libcurl would copy the path...

Apple macOS iBooks Sensitive Information Disclosure Vulnerability

Apple macOS is a specialized operating system developed by Apple Inc. for Mac computers. iBooks is one of the e-book reading components. A sensitive information disclosure vulnerability exists in the iBooks component of Apple macOS versions prior to 10.12.4. The vulnerability can be exploited by ...

CVE-2017-2426

An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "iBooks" component. It allows remote attackers to obtain sensitive information from local files via a file: URL in an iBooks file...

chromium-browser: smb relay attack via save page as

The download implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly restrict saving a file:// URL that is referenced by an http:// URL, which makes it easier for user-assisted remote attackers to discover NetNTLM hashes and condu...

CVE-2016-5166

The download implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly restrict saving a file:// URL that is referenced by an http:// URL, which makes it easier for user-assisted remote attackers to discover NetNTLM hashes and condu...

UBUNTU-CVE-2016-5166

The download implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly restrict saving a file:// URL that is referenced by an http:// URL, which makes it easier for user-assisted remote attackers to discover NetNTLM hashes and condu...

CVE-2016-5166

The download implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly restrict saving a file:// URL that is referenced by an http:// URL, which makes it easier for user-assisted remote attackers to discover NetNTLM hashes and condu...

CVE-2016-3321

Microsoft Internet Explorer 10 and 11 load different files for attempts to open a file:// URL depending on whether the file exists, which allows local users to enumerate files via vectors involving a file:// URL and an HTML5 sandbox iframe, aka "Internet Explorer Information Disclosure...

CVE-2016-3321

Microsoft Internet Explorer 10 and 11 load different files for attempts to open a file:// URL depending on whether the file exists, which allows local users to enumerate files via vectors involving a file:// URL and an HTML5 sandbox iframe, aka "Internet Explorer Information Disclosure...

Information disclosure

Microsoft Internet Explorer 10 and 11 load different files for attempts to open a file:// URL depending on whether the file exists, which allows local users to enumerate files via vectors involving a file:// URL and an HTML5 sandbox iframe, aka "Internet Explorer Information Disclosure...

Google Chrome Directory Traversal Vulnerability (CNVD-2016-03258)

Google Chrome on Android is a web browser developed by the American company Google Google for the Android platform. A directory traversal vulnerability exists in versions of Google Chrome prior to 50.0.2661.102 on the Android platform, which stems from the program's failure to properly handle the...

CVE-2016-1671

Google Chrome before 50.0.2661.102 on Android mishandles / slash and \ backslash characters, which allows attackers to conduct directory traversal attacks via a file: URL, related to net/base/escape.cc and net/base/filenameutil.cc...

Code injection

mail/compose/ComposeActivity.java in AOSP Mail in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 supports file:///data attachments, which allows attackers to obtain sensitive information via a crafted application, aka internal bugs 7154234 and 26989185...

Joomla Shape 5 MP3 Player 2.0 Local File Disclosure Exploit

Joomla Shape 5 MP3 Player version 2.0 suffers from a local file disclosure vulnerability. Joomla = Shape 5 MP3 Player 2.0 Local File Disclosure Exploit My + Author : KnocKout Contact : email protected Skype : email protected HomePage : http://h4x0resec.blogspot.com Greetz : b3mb4m, ZoRLu, KedAns-...

CVE-2015-7186

Mozilla Firefox before 42.0 on Android allows user-assisted remote attackers to bypass the Same Origin Policy and trigger 1 a download or 2 cached profile-data reading via a file: URL in a saved HTML document...

Mac OSX Safari 8.0.5 UXSS vulnerability technical analysis-vulnerability warning-the black bar safety net

Vulnerability description: The vulnerability affects version 6. 2. 6,7. 1. 6,8. 0. 61before the Apple Safari browser, the attacker can be through carefully constructed URLs to bypass the same origin policy any read the file. Vulnerability description: In the Safari browser, similar...

Directory traversal

Directory traversal vulnerability in IBM Business Process Manager BPM 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 and WebSphere Lombardi Edition WLE 7.2 through 7.2.0.5 allows remote authenticated users to read arbitrary files via a crafted...