CVE-2008-4910

The BasicService in Sun Java Web Start allows remote attackers to execute arbitrary programs on a client machine via a file:// URL argument to the showDocument method...

CVE-2008-4910

CVE-2008-4910 affects Sun Java Web Start (BasicService). The vulnerability allows a remote attacker to execute arbitrary programs on a client machine by passing a file:// URL argument to the showDocument method. Impact is described as remote code execution with full confidentiality/integrity/avai...

CVE-2008-4910

The BasicService in Sun Java Web Start allows remote attackers to execute arbitrary programs on a client machine via a file:// URL argument to the showDocument method...

Apple Mac OS X Java插件'file://' URL处理远程代码执行漏洞

BUGTRAQ ID: 31380 CVE ID：CVE-2008-3638 CNCVE ID：CNCVE-20083638 Apple Mac OS X是一款商业性质的操作系统。 Apple Mac OS X不正确处理特殊构建的Java Applet，远程攻击者可以利用漏洞以应用程序上下文执行任意可执行程序。 Java插件没有阻止从file:// URL方式启动，构建恶意的Java Applet，诱使用户装载，可导致'file://' URL装载目标系统上的任意文件，导致任意代码执行。 Apple Mac OS X Server 10.5.5 Apple Mac OS X Server...

Design/Logic Flaw

Java on Apple Mac OS X 10.5.4 and 10.5.5 does not prevent applets from accessing file:// URLs, which allows remote attackers to execute arbitrary programs...

Apple QuickTime Player 7.5修复多个安全漏洞

BUGTRAQ ID: 29619 CVECAN ID: CVE-2008-1581,CVE-2008-1582,CVE-2008-1583,CVE-2008-1584,CVE-2008-1585 Apple QuickTime是一款非常流行的多媒体播放器。 QuickTime的7.5之前版本存在多个安全漏洞，允许用户通过畸形的媒体文件获得敏感信息或完全入侵用户系统。 CVE-2008-1581 QuickTime在处理PICT图形中的PixData结构时存在堆溢出漏洞，如果用户受骗打开了恶意的PICT图形的话就会导致播放器终止或执行任意指令。 CVE-2008-1582...

CVE-2008-0039

Unspecified vulnerability in Mail in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary commands via a crafted file:// URL...

Code injection

Unspecified vulnerability in Mail in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary commands via a crafted file:// URL...

CVE-2008-0039

Unspecified vulnerability in Mail in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary commands via a crafted file:// URL...

Apple Mac OS X v10.4.11之前版本多个安全漏洞

BUGTRAQ ID: 26444 CVECAN ID:...

CVE-2006-3351

Buffer overflow in Windows Explorer explorer.exe on Windows XP and 2003 allows user-assisted attackers to cause a denial of service repeated crash and possibly execute arbitrary code via a .url file with an InternetShortcut tag containing a long URL and a large number of "file:" specifiers...

CVE-2006-1942

Mozilla Firefox 1.5.0.2 and possibly other versions before 1.5.0.4, Netscape 8.1, 8.0.4, and 7.2, and K-Meleon 0.9.13 allows user-assisted remote attackers to open local files via a web page with an IMG element containing a SRC attribute with a non-image file:// URL, then tricking the user into...

CVE-2005-4590

Spb Kiosk Engine 1.0.0.1 allows local users to bypass restrictions on allowed applications via 1 removable media containing a program that will execute because of the autorun setting and 2 applications that are able to invoke other applications, as demonstrated by a file: URL specifying a .exe fi...

CVE-2005-4590

Spb Kiosk Engine 1.0.0.1 allows local users to bypass restrictions on allowed applications via 1 removable media containing a program that will execute because of the autorun setting and 2 applications that are able to invoke other applications, as demonstrated by a file: URL specifying a .exe fi...

CVE-2005-2455

Greasemonkey before 0.3.5 allows remote web servers to 1 read arbitrary files via a GET request to a file:// URL in the GMxmlhttpRequest API function, 2 list installed scripts using GMscripts, or obtain sensitive information via 3 GMsetValue and GMgetValue...

CVE-2002-1770

Qualcomm Eudora 5.1 allows remote attackers to execute arbitrary code via an HTML e-mail message that uses a file:// URL in a t:video tag to reference an attached Windows Media Player file containing JavaScript code, which is launched and executed in the My Computer zone by Internet Explorer...

security flaw

PHP 4.0 with cURL functions allows remote attackers to bypass the openbasedir setting and read arbitrary files via a file: URL argument to the curlinit function...

security flaw

PHP 4.0 with cURL functions allows remote attackers to bypass the openbasedir setting and read arbitrary files via a file: URL argument to the curlinit function...

PHP+cURL local file access protection bypass

It's possible to address any local file by file:// URL...

GLSA-200408-05 : Opera: Multiple new vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200408-05 Opera: Multiple new vulnerabilities Multiple vulnerabilities have been found in the Opera web browser. Opera fails to deny write access to the 'location' browser object. An attacker can overwrite methods in this object a...