Design/Logic Flaw

IBM Spectrum Scale 4.1.1.x before 4.1.1.4 and 4.2.x before 4.2.0.1, in certain LDAP File protocol configurations, allows remote attackers to discover an LDAP password via unspecified vectors...

CVE-2015-7488

IBM Spectrum Scale (GPFS) is affected by CVE-2015-7488 in versions 4.1.1.x before 4.1.1.4 and 4.2.x before 4.2.0.1. Descriptions across IBM security bulletins indicate that a local unprivileged user or a user with network access could obtain the LDAP bind directory password when the File protocol...

用友FE协作办公系统 ProxyServletUtil file:// 协议文件读取漏洞

No description provided by source...

Mozilla Firefox Information Disclosure Vulnerability (CNVD-2015-07432)

Mozilla Firefox is an open source web browser. A security vulnerability exists in Mozilla Firefox that allows remote attackers to bypass the same-origin policy and read downloaded or cached profile data using the file: URL in a saved HTML document...

curl security, bug fix, and enhancement update

7.19.7-46 - require credentials to match for NTLM re-use CVE-2015-3143 - close Negotiate connections when done CVE-2015-3148 7.19.7-45 - reject CRLFs in URLs passed to proxy CVE-2014-8150 7.19.7-44 - use only full matches for hosts used as IP address in cookies CVE-2014-3613 - fix handling of...

Moderate: Red Hat Security Advisory: curl security, bug fix, and enhancement update

Updated curl packages that fix multiple security issues, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give...

UBUNTU-CVE-2015-1247

The SearchEngineTabHelper::OnPageHasOSDD function in browser/ui/searchengines/searchenginetabhelper.cc in Google Chrome before 42.0.2311.90 does not prevent use of a file: URL for an OpenSearch descriptor XML document, which might allow remote attackers to obtain sensitive information from local...

CVE-2014-9046

The OCUtil::getUrlContent function in ownCloud Server before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote attackers to read arbitrary files via a file:// protocol...

Android browser cross-domain data theft, and the Intent of the Scheme to attack-vulnerability warning-the black bar safety net

We next want to introduce this vulnerability, which affects versions of Android 4. 4 The following comes with the browser and some other specific Android browser, which allowed hackers to read the sqlite format of the cookie database file, thereby stealing cookies. Along with this problem, we hav...

Server: Potential local file disclosure

ownCloud offers the OCUtil::getUrlContent to developers. Using this function applications can download content from remote websites. Due to a newly introduced bug in this functionality it was following redirects to other protocols such as file://. Thus, an attacker may be able to gain access to...

Profile directory file access through file: protocol — Mozilla

Security researcher Yu Dongsong reported on Firefox for Android that a file: protocol hyperlink could link to a local file in the Firefox profile directory, bypassing access restrictions. This issue was previously addressed in Mozilla Foundation Security Advisory 2014-33 but not completely...

Mozilla Firefox for Android 'file'协议信息泄露漏洞

BUGTRAQ ID:66393 CVE ID:CVE-2014-1515 Mozilla Firefox for Android是移动设备上使用的网络浏览器。 Mozilla Firefox for Android 28.0.1之前版本处理file: URL时，会将本地文件复制到SD卡，这可使攻击者通过特制的应用利用此漏洞获取Firefox配置目录的敏感信息。 0 Mozilla Firefox for Android 28.0.1 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.mozilla.org/security/...

Scientific Linux Security Update : curl on SL3.x, SL4.x, SL5.x i386/x86_64

David Kierznowski discovered a flaw in libcurl where it would not differentiate between different target URLs when handling automatic redirects. This caused libcurl to follow any new URL that it understood, including the 'file://' URL type. This could allow a remote server to force a local...

Android Webkit XSS / Cross Domain Issues

Android Multiple Vulnerabilities Author: www.80vul.com Email:5up3rh3igmail.com Release Date: 2012/2/8 References: http://www.80vul.com/android/android-0days.txt Ph4nt0m Webzine 0x06 has been releasedhttp://www.80vul.com/webzine0x06/,there three papers on the android application security about the...

Microsoft Internet Explorer Information Disclosure Vulnerability (980088)

Internet Explorer is prone to an information disclosure vulnerability. This VT has been deprecated and replaced by the VT with the OID: 1.3.6.1.4.1.25623.1.0.902191. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C ...

Zen Cart extras/curltest.php Information Disclosure

The installed version of Zen Cart includes a test script, 'extras/curltest.php', intended for testing that the curl PHP library is installed and working properly. It fails, though, to restrict access and can be abused to access arbitrary URLs, including local files via the 'file' protocol handler...

CVE-2009-2420

Apple Safari 3.2.3 does not properly implement the file: protocol handler, which allows remote attackers to read arbitrary files or cause a denial of service launch of multiple Windows Explorer instances via vectors involving an unspecified HTML tag, possibly a related issue to CVE-2009-1703...

Design/Logic Flaw

Apple Safari 3.2.3 does not properly implement the file: protocol handler, which allows remote attackers to read arbitrary files or cause a denial of service launch of multiple Windows Explorer instances via vectors involving an unspecified HTML tag, possibly a related issue to CVE-2009-1703...

CVE-2009-2420

Technical details about CVE-2009-2420 are not publicly provided in the supplied documents. No concrete information on affected products, root cause, or remediation is included here; monitor for updates.

CVE-2009-2420

Apple Safari 3.2.3 does not properly implement the file: protocol handler, which allows remote attackers to read arbitrary files or cause a denial of service launch of multiple Windows Explorer instances via vectors involving an unspecified HTML tag, possibly a related issue to CVE-2009-1703...