CVE-2020-8776

Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 rb65251d6-b368 has XSS via the URL property of a file...

CVE-2011-1503

The XSL Content portlet in Liferay Portal Community Edition CE 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary 1 XSL and 2 XML files via a file:/// URL...

CVE-2012-4903

Google Chrome before 18.0.1025308 on Android does not properly restrict access to file: URLs, which allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by obtaining credential data, a different vulnerability than CVE-2012-4906...

CVE-2012-3697

WebKit in Apple Safari before 6.0 does not properly handle file: URLs, which allows remote attackers to bypass intended sandbox restrictions and read arbitrary files by leveraging a WebProcess compromise...

CVE-2012-4906

Google Chrome before 18.0.1025308 on Android does not properly restrict access to file: URLs, which allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by obtaining credential data, a different vulnerability than CVE-2012-4903...

CVE-2025-3529

The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.1.2 via the 'fileurl' parameter. This makes it possible for unauthenticated attackers to view potentially sensitive information and download a digital...

CVE-2025-3529 WordPress Simple PayPal Shopping Cart <= 5.1.2 - Unauthenticated Information Exposure via file_url Parameter

The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.1.2 via the 'fileurl' parameter. This makes it possible for unauthenticated attackers to view potentially sensitive information and download a digital...

CVE-2024-48346

xtreme1 = v0.9.1 contains a Server-Side Request Forgery SSRF vulnerability in the /api/data/upload path. The vulnerability is triggered through the fileUrl parameter, which allows an attacker to make arbitrary requests to internal or external systems...

Butterfly has path/URL confusion in resource handling leading to multiple weaknesses

Summary The Butterfly framework uses the java.net.URL class to refer to what are expected to be local resource files, like images or templates. This works: "opening a connection" to these URLs opens the local file. However, if a file:/ URL is directly given where a relative path resource name is...

Butterfly 安全漏洞

Butterfly is a modular web application framework open-sourced by OpenRefine. A security vulnerability exists in Butterfly versions prior to 1.2.6, which stems from improper handling of the file protocol in URLs, and could lead to path traversal, server-side request forgery, and cross-site scripti...

PT-2024-8657 · Velocity +2 · Velocity +2

Name of the Vulnerable Software and Affected Versions: Butterfly framework versions prior to 1.2.6 Description: The Butterfly framework has a weakness related to incorrect restriction of the path name to a directory with limited access. This can be exploited by an attacker with network access to...

CVE-2024-43363

Cacti is an open source performance and fault management framework. An admin user can create a device with a malicious hostname containing php code and repeat the installation process completing only step 5 of the installation process is enough, no need to complete the steps before or after it to...

Exploit for Deserialization of Untrusted Data in Apache Activemq

CVE-2023-46604 This repository contains an exploit script and...

WordPress KAP Theme 2.0 Directory Traversal

==================================================================================================================================== | Title : Wordpress KAP-theme v2.0 Directory Traversal Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

CVE-2023-28161

If temporary "one-time" permissions, such as the ability to use the Camera, were granted to a document loaded using a file: URL, that permission persisted in that tab for all other documents loaded from a file: URL. This is potentially dangerous if the local files came from different sources, suc...

CVE-2023-28161

If temporary "one-time" permissions, such as the ability to use the Camera, were granted to a document loaded using a file: URL, that permission persisted in that tab for all other documents loaded from a file: URL. This is potentially dangerous if the local files came from different sources, suc...

CVE-2023-28161

If temporary "one-time" permissions, such as the ability to use the Camera, were granted to a document loaded using a file: URL, that permission persisted in that tab for all other documents loaded from a file: URL. This is potentially dangerous if the local files came from different sources, suc...

CVE-2023-28161

If temporary "one-time" permissions, such as the ability to use the Camera, were granted to a document loaded using a file: URL, that permission persisted in that tab for all other documents loaded from a file: URL. This is potentially dangerous if the local files came from different sources, suc...

CVE-2023-28161

The CVE-2023-28161 issue affects Mozilla Firefox prior to version 111. When a temporary one-time permission (e.g., Camera) is granted to a document loaded via a file: URL, that permission can persist in the tab for subsequent file: URL documents. This could be risky if local files come from diffe...

CVE-2023-28161

If temporary "one-time" permissions, such as the ability to use the Camera, were granted to a document loaded using a file: URL, that permission persisted in that tab for all other documents loaded from a file: URL. This is potentially dangerous if the local files came from different sources, suc...