86 matches found
Mozilla Focus 安全漏洞
Mozilla Focus is a browser for iOS devices from the Mozilla Foundation. Mozilla Focus for iOS suffers from a spoofing vulnerability that is caused by an error related to the file scheme for hiding URLs. An attacker can exploit this vulnerability to spoof the address in the location bar...
PT-2024-4554 · Unknown · Focus For Ios
Name of the Vulnerable Software and Affected Versions: Focus for iOS versions prior to 126 Description: The issue is related to the file scheme of URLs being hidden, potentially allowing spoofing of a website's address in the location bar. This could enable a remote attacker to conduct spoofing...
Mlflow 安全漏洞
Mlflow is an open source platform for machine learning lifecycles. A security vulnerability exists in Mlflow that stems from the islocaluri function failing to properly handle URIs that contain null or file schemes, resulting in URIs being incorrectly categorized as non-local, which can be...
PT-2024-26681 · Mlflow · Mlflow
Name of the Vulnerable Software and Affected Versions: mlflow/mlflow affected versions not specified Description: The issue arises from the is local uri function's failure to properly handle URIs with empty or 'file' schemes, leading to the misclassification of URIs as non-local. Attackers can...
Rocky Linux 8 : python27:2.7 (RLSA-2019:3335)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2019:3335 advisory. - In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter. CVE-2019-11236 - The...
CVE-2023-24515
Server-Side Request Forgery SSRF vulnerability in API checker of Pandora FMS. Application does not have a check on the URL scheme used while retrieving API URL. Rather than validating the http/https scheme, the application allows other scheme such as file, which could allow a malicious user to...
Server side request forgery (ssrf)
Server-Side Request Forgery SSRF vulnerability in API checker of Pandora FMS. Application does not have a check on the URL scheme used while retrieving API URL. Rather than validating the http/https scheme, the application allows other scheme such as file, which could allow a malicious user to...
CVE-2023-24515 Server side request forgery in api checker
Server-Side Request Forgery SSRF vulnerability in API checker of Pandora FMS. Application does not have a check on the URL scheme used while retrieving API URL. Rather than validating the http/https scheme, the application allows other scheme such as file, which could allow a malicious user to...
SUSE CVE-2008-2803
The mozIJSSubScriptLoader.LoadScript function in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 does not apply XPCNativeWrappers to scripts loaded from 1 file: URIs, 2 data: URIs, or 3 certain non-canonical chrome: URIs, which allows remote attacker...
SUSE CVE-2019-9948
urllib in Python 2.x through 2.7.16 supports the localfile: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen'localfile:///etc/passwd' call...
PT-2023-14636 · Perfsonar · Perfsonar
Name of the Vulnerable Software and Affected Versions: perfSONAR versions prior to 4.4.6 Description: The issue inadvertently supports the parse option for a file:// URL. Recommendations: For versions prior to 4.4.6, update to version 4.4.6 or later to resolve the issue...
CVE-2022-20205
In isFileUri of FileUtil.java, there is a possible way to bypass the check for a file:// scheme due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersion...
PUB-A-215212561
In isFileUri of FileUtil.java, there is a possible way to bypass the check for a file:// scheme due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
Code injection
PartKeepr versions up to v1.4.0, loads attachments using a URL while creating a part and allows the use of the 'file://' URI scheme, allowing an authenticated user to read local files...
CVE-2022-22701
PartKeepr versions up to v1.4.0, loads attachments using a URL while creating a part and allows the use of the 'file://' URI scheme, allowing an authenticated user to read local files...
PT-2022-15642 · Partkeepr · Partkeepr
Name of the Vulnerable Software and Affected Versions: PartKeepr versions up to v1.4.0 Description: The issue allows an authenticated user to read local files by utilizing the 'file://' URI scheme when loading attachments using a URL while creating a part. Recommendations: For versions up to...
CVE-2021-33359
A vulnerability exists in gowitness 2.3.6 that allows an unauthenticated attacker to perform an arbitrary file read using the file:// scheme in the url parameter to get an image of any file...
sensepost gowitness 授权问题漏洞
gowitness is a website screenshot utility program written in Golang. An authorization issue vulnerability exists in sensepost gowitness that stems from a lack of authentication measures in gowitness. Exploitation of this vulnerability allows an unauthenticated attacker to perform arbitrary file...
Safari Bug Revealed After Apple Takes Nearly a Year to Patch
A security researcher disclosed details of an Apple Safari web browser security hole that could leak files with other browsers and applications and open the door to exploitation by attackers. The disclosure came only after Apple said it would delay patching the vulnerability for nearly a year. Fo...
Security Bulletin: Multiple security vulnerabilities were fixed in IBM Security Access Manager Appliance
Summary Multiple vulnerabilities in the python libraries used by the IBM Security Access Manager appliance. Vulnerability Details CVEID: CVE-2019-9948 DESCRIPTION: urllib in Python 2.x through 2.7.16 supports the localfile: scheme, which makes it easier for remote attackers to bypass protection...