CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

119 matches found

UbuntuCve•added 2014/03/19 10:55 a.m.•39 views

CVE-2014-1501

Mozilla Firefox before 28.0 on Android allows remote attackers to bypass the Same Origin Policy and access arbitrary file: URLs via vectors involving the "Open Link in New Tab" menu selection...

5.8CVSS6AI score0.00229EPSS

Exploits0References2

Prion•added 2014/03/19 10:55 a.m.•24 views

Design/Logic Flaw

Mozilla Firefox before 28.0 on Android allows remote attackers to bypass the Same Origin Policy and access arbitrary file: URLs via vectors involving the "Open Link in New Tab" menu selection...

5.8CVSS7.2AI score0.00229EPSS

Exploits0References4Affected Software5

NVD•added 2012/09/13 8:55 p.m.•15 views

CVE-2012-4903

Google Chrome before 18.0.1025308 on Android does not properly restrict access to file: URLs, which allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by obtaining credential data, a different vulnerability than CVE-2012-4906...

5CVSS5.8AI score0.00233EPSS

Exploits1References2

UbuntuCve•added 2012/09/13 8:55 p.m.•17 views

CVE-2012-4903

5CVSS6AI score0.00233EPSS

Exploits1References3

UbuntuCve•added 2012/09/13 8:55 p.m.•29 views

CVE-2012-4906

5CVSS6AI score0.06965EPSS

Exploits1References3

Prion•added 2012/09/13 8:55 p.m.•15 views

Design/Logic Flaw

5CVSS6.1AI score0.06965EPSS

Exploits1References2Affected Software1

Debian CVE•added 2012/09/13 8:0 p.m.•30 views

CVE-2012-4903

Removed by vendor...

5CVSS6.7AI score0.00233EPSS

Exploits1

Debian CVE•added 2012/09/13 8:0 p.m.•23 views

CVE-2012-4906

Removed by vendor...

5CVSS6.7AI score0.06965EPSS

Exploits1

ThreatPost•added 2012/09/13 7:24 p.m.•16 views

Google Updates Chrome for Android, Fixes Several Vulnerabilities

Google has issued a security update for its Chrome operating system on Android devices, resolving seven medium-risk vulnerabilities and paying out a total of $3,500 in rewards to two researchers. On the Google Chrome Blog, software engineer Jay Civelli wrote that the update strengthens Chrome for...

0.7AI score

Exploits0References3

NVD•added 2012/07/25 7:55 p.m.•11 views

CVE-2012-3697

WebKit in Apple Safari before 6.0 does not properly handle file: URLs, which allows remote attackers to bypass intended sandbox restrictions and read arbitrary files by leveraging a WebProcess compromise...

7.1CVSS6.2AI score0.00138EPSS

Exploits1References2

Prion•added 2012/07/25 7:55 p.m.•13 views

Design/Logic Flaw

7.1CVSS6.7AI score0.00138EPSS

Exploits1References2Affected Software1

Packet Storm•added 2011/10/17 12:0 a.m.•43 views

Apple Safari file:// Arbitrary Code Execution

$Id: safarifilepolicy.rb 13967 2011-10-17 03:49:49Z todb $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

6.8CVSS0.3AI score0.64547EPSS

Exploits8

Metasploit•added 2011/10/16 7:31 p.m.•75 views

Apple Safari file:// Arbitrary Code Execution

This module exploits a vulnerability found in Apple Safari on OS X platform. A policy issue in the handling of file:// URLs may allow arbitrary remote code execution under the context of the user. In order to trigger arbitrary remote code execution, the best way seems to be opening a share on the...

6.8CVSS7.4AI score0.64547EPSS

Exploits8

0day.today•added 2011/10/16 12:0 a.m.•27 views

Apple Safari file:// Arbitrary Code Execution

Exploit for macOS platform in category remote exploits $Id: safarifilepolicy.rb 13967 2011-10-17 03:49:49Z todb $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on...

7AI score0.64547EPSS

Exploits8

Cvelist•added 2011/10/14 10:0 a.m.•29 views

CVE-2011-3230

Apple Safari before 5.1.1 on Mac OS X does not enforce an intended policy for file: URLs, which allows remote attackers to execute arbitrary code via a crafted web site...

7.2AI score0.64547EPSS

Exploits8References5

Check Point Advisories•added 2011/10/13 12:0 a.m.•2 views

Apple Safari file URL Arbitrary Code Execution (CVE-2011-3230)

A remote code execution vulnerability has been reported in Apple Safari. The vulnerability is due to an error in Apple Safari while handling of file:// URLs. A remote attacker can exploit this vulnerability to execute arbitrary code...

6.8CVSS7.7AI score0.64547EPSS

Exploits8

Prion•added 2011/05/24 11:55 p.m.•22 views

Code injection

The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a denial of service resource consumption via a crafted URL, as...

6.4CVSS6.6AI score0.01407EPSS

Exploits0References26Affected Software1

Debian CVE•added 2009/08/12 7:0 p.m.•17 views

CVE-2009-2200

Removed by vendor...

7.1CVSS6.7AI score0.00417EPSS

Exploits0

NVD•added 2009/06/10 6:0 p.m.•13 views

CVE-2009-1703

WebKit in Apple Safari before 4.0 does not prevent references to file: URLs within 1 audio and 2 video elements, which allows remote attackers to determine the existence of arbitrary files via a crafted HTML document...

7.1CVSS7.1AI score0.00871EPSS

Exploits2References10

Prion•added 2009/06/10 6:0 p.m.•16 views

Design/Logic Flaw

7.1CVSS6.2AI score0.00871EPSS

Exploits2References10Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by