CVE-2012-0735

IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly scan file: URLs, which allows man-in-the-middle attackers to obtain sensitive information or possibly have unspecified other impact via a crafted URI...

Ubuntu 10.04 LTS / 10.10 / 11.04 : python3.1, python3.2 vulnerabilities (USN-1314-1)

Giampaolo Rodola discovered that the smtpd module in Python 3 did not properly handle certain error conditions. A remote attacker could exploit this to cause a denial of service via daemon outage. This issue only affected Ubuntu 10.04 LTS. CVE-2010-3493 Niels Heinen discovered that the urllib...

Apple Safari file:// URL远程代码执行漏洞

CVE ID: CVE-2011-3230 Safari是苹果计算机的最新作业系统Mac OS X中的浏览器，使用了KDE的KHTML作为浏览器的运算核心。 Safari在处理file:// URL时存在策略问题，浏览恶意网站可导致任意代码执行。此漏洞不影响Windows系统。 Apple Mac OS X 10.6.8 Apple Mac OS X Server v10.6.8 厂商补丁： Apple ----- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://support.apple.com/...

CVE-2011-3230

Apple Safari before 5.1.1 on Mac OS X does not enforce an intended policy for file: URLs, which allows remote attackers to execute arbitrary code via a crafted web site...

Pidgin code execution

It's possible to execute code via file:// URL...

Code injection

gtkutils.c in Pidgin before 2.10.0 on Windows allows user-assisted remote attackers to execute arbitrary programs via a file: URL in a message...

CVE-2011-3185

gtkutils.c in Pidgin before 2.10.0 on Windows allows user-assisted remote attackers to execute arbitrary programs via a file: URL in a message...

CVE-2011-3185

gtkutils.c in Pidgin before 2.10.0 on Windows allows user-assisted remote attackers to execute arbitrary programs via a file: URL in a message...

Microsoft Internet Explorer Cookie Hijacking Vulnerability

The host is installed with Internet Explorer and is prone to cookie hijacking vulnerability. OpenVAS Vulnerability Test $Id: gbmsiecookiehijackingvuln.nasl 6526 2017-07-05 05:43:52Z cfischer $ Microsoft Internet Explorer Cookie Hijacking Vulnerability Authors: Sooraj KS Copyright: Copyright c 201...

Microsoft Internet Explorer Cookie Hijacking Vulnerability

Internet Explorer is prone to cookie hijacking vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Python Multiple Vulnerabilities (Windows)

This host is installed with Python and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbpythonmultvulnwin.nasl 8160 2017-12-18 15:33:57Z cfischer $ Python Multiple Vulnerabilities Windows Authors: Madhuri D Copyright: Copyright c 2011 Greenbone Networks GmbH,...

Cross site scripting

Microsoft Internet Explorer 8 and earlier, and Internet Explorer 9 beta, does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing a file: URL, as demonstrat...

Information disclosure

Microsoft Internet Explorer 9 and earlier does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing an http: URL that redirects to a file: URL, as demonstrat...

SuSE 10 Security Update : python (ZYPP Patch Number 7509)

This update of python fixes a possible denial of service bug or information leakage vulnerability while using user-crafted ftp:// or file:// URLs with urllib2. CVE-2011-1521: CVSS v2 Base Score: 6.4 AV:N/AC:L/Au:N/C:P/I:N/A:P %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text descripti...

openSUSE Security Update : libpython2_6-1_0 (openSUSE-SU-2011:0484-1)

This update of python fixes a possible denial of service bug or information leakage vulnerability while using user-crafted ftp:// or file:// URLs with urllib2. CVE-2011-1521: CVSS v2 Base Score: 6.4 AV:N/AC:L/Au:N/C:P/I:N/A:P %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive te...

CVE-2011-1503

The XSL Content portlet in Liferay Portal Community Edition CE 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary 1 XSL and 2 XML files via a file:/// URL...

CVE-2011-1503

The CVE-2011-1503 issue affects Liferay Portal Community Edition (CE) 5.x and 6.x prior to 6.0.6 GA. The XSL Content portlet allows remote authenticated users to read arbitrary XSL and XML files via a file:/// URL, indicating an information disclosure vulnerability within the portlet when deploye...

CVE-2011-1503

The XSL Content portlet in Liferay Portal Community Edition CE 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary 1 XSL and 2 XML files via a file:/// URL...

urllib2): Improper management of ftp:// and file:// URL schemes (Issue #11662)

The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a denial of service resource consumption via a crafted URL, as...

Moderate: Red Hat Security Advisory: python security update

Updated python packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...