45 matches found
VulnCheck KEV: CVE-2017-11511
The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the filepath parameter for the download-file URL. An unauthenticated remote attacker can use this vulnerability to download arbitrary files...
CVE-2024-39904
VNote (note‑taking platform) before version 3.18.1 is affected by a code execution vulnerability that can be triggered via crafted notes containing local file references (for example, file:///C:/WINDOWS/system32/cmd.exe or calc.exe). The underlying issue is a local file path handling/URI embeddin...
The vulnerability of the 3D Builder software for designing and preparing objects for 3D printing lies in the possibility of an operation exceeding the buffer boundaries in memory, allowing a hacker to execute arbitrary code.
The vulnerability of the 3D Builder software for designing and preparing objects for 3D printing is related to the execution of operations beyond the buffer boundaries in memory when processing PLY format files. Exploiting this vulnerability allows an attacker to execute arbitrary code by loading...
SUSE CVE-2008-4910
The BasicService in Sun Java Web Start allows remote attackers to execute arbitrary programs on a client machine via a file:// URL argument to the showDocument method...
Cross site scripting
In kippo-graph before version 1.5.1, there is a cross-site scripting vulnerability in $filelink in class/KippoInput.class.php...
kippo-graph 跨站脚本漏洞
kippo-graph is a full-featured script by the individual developer Ioannis Koniaris. It is used to visualize statistics for Kippo-based SSH honeypots. A security vulnerability exists in kippo-graph versions prior to 1.5.1, which stems from a cross-site scripting vulnerability in $filelink in...
Nystudio107 Seomatic 跨站脚本漏洞
Nystudio107 Seomatic is a comprehensive, powerful and flexible turnkey SEO system in the USA. Facilitates modern SEO best practices and implementation of Craft CMS 3. A security vulnerability exists in Nystudio107 Seomatic version 3.4.10, which can be exploited by a remote attacker to inject...
Proofpoint Phish Harvests Microsoft O365, Google Logins
Phishers are impersonating Proofpoint, the cybersecurity firm, in an attempt to make off with victims’ Microsoft Office 365 and Google email credentials. According to researchers at Armorblox, they spotted one such campaign lobbed at an unnamed global communications company, with nearly a thousan...
CVE-2011-1136
In tesseract 2.03 and 2.04, an attacker can rewrite an arbitrary user file by guessing the PID and creating a link to the user's file...
PT-2019-15171 · Pdf Xchange · Pdf-Xchange Editor
Name of the Vulnerable Software and Affected Versions: PDF-XChange Editor versions prior to 8.0.330.0 Description: The issue allows for NTLM SSO hash theft using crafted FDF or XFDF files. This can occur when a link to a file, such as '192.168.0.2C$file.pdf', is accessed without user interaction,...
LibreOffice 6.03 /Apache OpenOffice 4.1.5 Malicious ODT File Generator
Generates a Malicious ODT File which can be used with auxiliary/server/capture/smb or similar to capture hashes. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'base64' require 'rex/zip' class MetasploitModul...
DEBIAN-CVE-2018-10583
An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB connection embedded in a malicious file, as demonstrated by xlink:href=file://192.168.0.2/test.jpg within an office:document-content element in a .odt...
Cross site scripting
Cross-site scripting XSS vulnerability in MediaWiki before 1.18.5 and 1.19.x before 1.19.2 allows remote attackers to inject arbitrary web script or HTML via a File: link to a nonexistent image...
CVE-2012-4377
Cross-site scripting XSS vulnerability in MediaWiki before 1.18.5 and 1.19.x before 1.19.2 allows remote attackers to inject arbitrary web script or HTML via a File: link to a nonexistent image...
UBUNTU-CVE-2012-4377
Cross-site scripting XSS vulnerability in MediaWiki before 1.18.5 and 1.19.x before 1.19.2 allows remote attackers to inject arbitrary web script or HTML via a File: link to a nonexistent image...
CVE-2012-4377
Cross-site scripting XSS vulnerability in MediaWiki before 1.18.5 and 1.19.x before 1.19.2 allows remote attackers to inject arbitrary web script or HTML via a File: link to a nonexistent image...
CVE-2012-4377
Cross-site scripting XSS vulnerability in MediaWiki before 1.18.5 and 1.19.x before 1.19.2 allows remote attackers to inject arbitrary web script or HTML via a File: link to a nonexistent image...
CVE-2017-2426
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "iBooks" component. It allows remote attackers to obtain sensitive information from local files via a file: URL in an iBooks file...
Cybozu KUNAI for Android vulnerable in the WebView class
Overview Cybozu KUNAI for Android contains a vulnerability in the WebView class. Cybozu KUNAI is a mobile client software for using Cybozu. Cybozu KUNAI for Android contains a vulnerability in the WebView class. Impact When there is a malicious file in the user's Android device, clicking a file:/...
WordPress PICA Photo Gallery 1.0 File Disclosure
Description : Wordpress Plugins - PICA Photo Gallery Remote File Disclosure Vulnerability Version : 1.0 Link : http://wordpress.org/extend/plugins/pica-photo-gallery/ Plugins : http://downloads.wordpress.org/plugin/pica-photo-gallery.zip Date : 30-05-2012 Google Dork :...