215 matches found
Xxe
This vulnerability in Apache Solr 6.0.0 to 6.6.4 and 7.0.0 to 7.3.1 relates to an XML external entity expansion XXE in Solr config files currency.xml, enumsConfig.xml referred from schema.xml, TIKA parsecontext config file. In addition, Xinclude functionality provided in these config files is als...
Brave Software: Navigation to restricted origins via "Open in new tab"
Summary: It's possible to open links pointing to file:/// origin from web pages using "Open link in a new tab" in context menu. https://hackerone.com/bugs?reportid=369185 shows unsafe ssh:// protocol handling, which leads to information leak using sshOS username and etc.. The vulnerability is...
CVE-2018-5181
If a URL using the "file:" protocol is dragged and dropped onto an open tab that is running in a different child process the tab will open a local file corresponding to the dropped URL, contrary to policy. One way to make the target tab open more reliably in a separate process is to open it with...
Open redirect
If a URL using the "file:" protocol is dragged and dropped onto an open tab that is running in a different child process the tab will open a local file corresponding to the dropped URL, contrary to policy. One way to make the target tab open more reliably in a separate process is to open it with...
CVE-2018-5181
If a URL using the "file:" protocol is dragged and dropped onto an open tab that is running in a different child process the tab will open a local file corresponding to the dropped URL, contrary to policy. One way to make the target tab open more reliably in a separate process is to open it with...
CVE-2018-5181
CVE-2018-5181 affects Firefox versions prior to 60. Dragging a URL with the file: protocol onto an open tab running in a different child process can cause the tab to display the local file, contrary to policy. A mitigation mentioned in the description is to open the target tab with the noopener k...
Mozilla Firefox Information Disclosure Vulnerability (CNVD-2018-11923)
Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox versions prior to 60. The vulnerability can be exploited by a remote attacker by dragging and dropping a URL that uses the file: protocol to...
XML External Entity (XXE)
Apache Solr is vulnerable to XML enternal entity XXE injection. The attack is possible because Solr config files are accessible through API if Xinclude is enabled. Using file/ftp/http protocols, arbitrary files from the Solr server can be exposed...
UBUNTU-CVE-2018-10583
An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB connection embedded in a malicious file, as demonstrated by xlink:href=file://192.168.0.2/test.jpg within an office:document-content element in a .odt...
chromium-browser: Incorrect handling of plaintext files via file://
Parsing documents as HTML in Downloads in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to cause Chrome to execute scripts via a local non-HTML page...
Xxe
This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an XML external entity expansion XXE in the &dataConfig= parameter of Solr's DataImportHandler. It can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the...
CVE-2018-1308
This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an XML external entity expansion XXE in the &dataConfig= parameter of Solr's DataImportHandler. It can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the...
Selenium Server 未授权访问漏洞
1.开篇 不知道大家在平日工作中有没有遇到过一些端口,使用浏览器打开是下面这样子的: 上图中我找了几个在不同端口下的例子。 2.Selenium-开源的自动化测试利器 本篇主要的主角-Selenium究竟是什么呢?有过QA经验或安全自动化测试经验的朋友应该知道,以下文字来自百度百科:Selenium1 是一个用于Web应用程序测试的工具。Selenium测试直接运行在浏览器中,就像真正的用户在操作一样。支持的浏览器包括IE(7, 8, 9, 10, 11),Mozilla Firefox,Safari,Google Chrome,Opera等。支持自动录制动作和自动生成...
DEBIAN-CVE-2017-16541
Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client IP address via vectors involving a crafted web site that leverages file:// mishandling in Firefox, aka TorMoil. NOTE: Tails is unaffected...
DEBIAN-CVE-2017-9800
A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server to attack another...
Brave Software: Download attribute allows downloading local files
Summary: The attribute download in a a tag allows for download the href target to file and saving it locally. In mozilla and chrome, it is forbidden to download local file via file:// .., in Brave however this is not enforced and it is not clear to the user if they are downloading something remot...
CVE-2017-9502
In curl before 7.54.1 on Windows and DOS, libcurl's default protocol function, which is the logic that allows an application to set which protocol libcurl should attempt to use when given a URL without a scheme part, had a flaw that could lead to it overwriting a heap based memory buffer with sev...
Airmail 3.0.2 - Cross-Site Scripting
Airmail 3.0.2 - Cross-Site Scripting Airmail is a popular email client on iOS and OS X. I found a vulnerability in airmail of the latest version which could cause a file:// xss and arbitrary file read. Author: redrain, [email protected] Date: 2016-08-15 Version: 3.0.2 and earlier Platform: OS X...
UBUNTU-CVE-2016-1671
Google Chrome before 50.0.2661.102 on Android mishandles / slash and \ backslash characters, which allows attackers to conduct directory traversal attacks via a file: URL, related to net/base/escape.cc and net/base/filenameutil.cc...
IBM Spectrum Scale LDAP Password Disclosure Vulnerability
IBM Spectrum Scale is a scalable data and file management solution based on IBM GPFS. When IBM Spectrum Scale deploys the File protocol using LDAP, a local attacker can exploit this vulnerability to obtain the LDAP password...