n.runs-SA-2009.005 - Apple Safari - Information disclosure

n.runs AG http://www.nruns.com/ securityatnruns.com n.runs-SA-2009.005 23-Jun-2009 Vendor: Apple Inc., http://www.apple.com Affected Products: Safari Browser 3.2.3 all platforms Vulnerability: Information disclosure to Denial of Service Risk: MEDIUM Vendor communication: 2009/06/07 Bug found...

file: resources

Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17 associate local documents with external domain names located after the file:// substring in a URL, which allows user-assisted remote attackers to read arbitrary cookies via a crafted HTML document, as demonstrated by a URL with...

Firefox information disclosure flaw

Mozilla Firefox 3 before 3.0.11 associates an incorrect principal with a file: URL loaded through the location bar, which allows user-assisted remote attackers to bypass intended access restrictions and read files via a crafted HTML document, aka a "file-URL-to-file-URL scripting" attack...

RedHat Security Advisory RHSA-2009:0341

The remote host is missing updates announced in advisory RHSA-2009:0341. cURL is a tool for getting files from FTP, HTTP, Gopher, Telnet, and Dict servers, using any of the supported protocols. cURL is designed to work without user interaction or any kind of interactivity. David Kierznowski...

Debian: Security Advisory (DSA-1738-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-1738-1 : curl - arbitrary file access

David Kierznowski discovered that libcurl, a multi-protocol file transfer library, when configured to follow URL redirects automatically, does not question the new target location. As libcurl also supports file:// and scp:// URLs - depending on the setup - an untrusted server could use that to...

Apple AFP Client privilege escalation vulnerability

Overview The Apple File Protocol AFP Client fails to properly clean its environment before executing commands. This vulnerability may allow a local attacker execute commands with elevated privileges. Description The Apple File Protocol service allows Apple Mac OS clients to access files remotely...

security flaw

Cross-zone vulnerability in Mozilla Firefox 1.5.0.9 considers blocked popups to have an internal zone origin, which allows user-assisted remote attackers to cross zone restrictions and read arbitrary file:// URIs by convincing a user to show a blocked popup...

CVE-2006-3351

Buffer overflow in Windows Explorer explorer.exe on Windows XP and 2003 allows user-assisted attackers to cause a denial of service repeated crash and possibly execute arbitrary code via a .url file with an InternetShortcut tag containing a long URL and a large number of "file:" specifiers...

Information disclosure

Unspecified vulnerability in Apple File Protocol AFP server in Apple Mac OS X 10.4 up to 10.4.6 includes the names of restricted files and folders within search results, which might allow remote attackers to obtain sensitive information...

CVE-2006-1468

Unspecified vulnerability in Apple File Protocol AFP server in Apple Mac OS X 10.4 up to 10.4.6 includes the names of restricted files and folders within search results, which might allow remote attackers to obtain sensitive information...

CVE-2003-0049

Apple File Protocol AFP in Mac OS X before 10.2.4 allows administrators to log in as other users by using the administrator password...

CVE-2003-0049

Apple File Protocol AFP in Mac OS X before 10.2.4 allows administrators to log in as other users by using the administrator password...

Minor IE System Info Disclosure

I just stumbled across this the other day when i was playing... a remote server can poll a surfers computer and determin some applications they have installed by trying a load an image with the file:// protocol. if the file is found on disk the javascript onload event fires..if not the onerror...

DoS против MacOS (Apple File Protocol flood)

Большое число нулевых пектов в TCP/548 приводит к зависанию компьютера...