SUSE CVE-2021-38504

When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-free could have resulted, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox 94, Thunderbird 91.3, and Firefox ESR 91.3...

WEBY 1.2.5 Cross Site Request Forgery

==================================================================================================================================== | Title : WEBY v.1.2.5 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 108.0.132-bit | | Vendor :...

PT-2023-19308 · Pimcore · Pimcore

Name of the Vulnerable Software and Affected Versions: Pimcore versions prior to 10.5.16 Description: The upload functionality for updating user profiles does not properly validate the file content-type, allowing any authenticated user to bypass this security check by adding a valid signature e.g...

CVE-2022-45928

A remote OScript execution issue was discovered in OpenText Content Suite Platform 22.1 16.2.19.1803. Multiple endpoints allow the user to pass the parameter htmlFile, which is included in the HTML output rendering pipeline of a request. Because the Content Server evaluates and executes Oscript...

PT-2023-14801 · Opentext · Opentext Content Suite Platform

Name of the Vulnerable Software and Affected Versions: OpenText Content Suite Platform version 16.2.19.1803 Description: A remote OScript execution issue was discovered, allowing an attacker to execute OScript code by passing the htmlFile parameter through multiple endpoints. The Content Server...

Out-of-Bounds Write

w3m is vulnerable to out-of-bounds writes. checkType located in etc.c could be triggered by sending a crafted HTML file to the w3m binary, which allows an attacker to cause Denial of Service or possibly have unspecified other impact...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : w3m vulnerability (USN-5796-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5796-1 advisory. It was discovered that w3m incorrectly handled certain HTML files. A remote attacker could use this issue to cause w3m to crash, resulting...

memos 跨站脚本漏洞

memos is an open source hosted memos center with knowledge management and social features. Versions of memos prior to 0.10.0 suffer from a cross-site scripting vulnerability that stems from the fact that its resource upload feature does not restrict the type of file that can be uploaded leading t...

Blind Eagle Hackers Return with Refined Tools and Sophisticated Infection Chain

A financially motivated threat actor tracked as Blind Eagle has resurfaced with a refined toolset and an elaborate infection chain as part of its attacks targeting organizations in Colombia and Ecuador. Check Point's latest research offers new insights into the Spanish-speaking group's tactics an...

Amazon Linux 2022 : clamav (ALAS2022-2022-229)

The version of clamav installed on the remote host is prior to 0.103.7-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-229 advisory. - A vulnerability in the OOXML parsing module in Clam AntiVirus ClamAV Software version 0.104.1 and LTS version 0.103.4...

CVE-2022-47933

Brave Browser before 1.42.51 allowed a remote attacker to cause a denial of service via a crafted HTML file that references the IPFS scheme. This vulnerability is caused by an uncaught exception in the function ipfs::OnBeforeURLRequestIPFSRedirectWork in ipfsredirectnetworkdelegatehelper.cc...

CVE-2022-47934

Brave Browser before 1.43.88 allowed a remote attacker to cause a denial of service in private and guest windows via a crafted HTML file that mentions an ipfs:// or ipns:// URL. This is caused by an incomplete fix for CVE-2022-47932 and CVE-2022-47934...

CVE-2022-47932

Brave Browser before 1.43.34 allowed a remote attacker to cause a denial of service via a crafted HTML file that mentions an ipfs:// or ipns:// URL. This vulnerability is caused by an incomplete fix for CVE-2022-47933...

CVE-2022-47934

Brave Browser before 1.43.88 allowed a remote attacker to cause a denial of service in private and guest windows via a crafted HTML file that mentions an ipfs:// or ipns:// URL. This is caused by an incomplete fix for CVE-2022-47932 and CVE-2022-47934...

CVE-2022-47932

Brave Browser before 1.43.34 allowed a remote attacker to cause a denial of service via a crafted HTML file that mentions an ipfs:// or ipns:// URL. This vulnerability is caused by an incomplete fix for CVE-2022-47933...

Design/Logic Flaw

Brave Browser before 1.42.51 allowed a remote attacker to cause a denial of service via a crafted HTML file that references the IPFS scheme. This vulnerability is caused by an uncaught exception in the function ipfs::OnBeforeURLRequestIPFSRedirectWork in ipfsredirectnetworkdelegatehelper.cc...

Stored XSS in resource file uploading

Description The Resources upload feature does not restrict the type of uploaded file. An attacker can upload an html file and the browser still renders it. The CSP is set to default-src 'self' to prevent inline script execution. However, this can be easily bypassed by uploading a .js file then...

Stored XSS via XML File

Description When user upload a file with .xml extension and direct access this file, the server response with Content-type: image/svg+xml lead to processing XML as HTML file POC POST /flatpress-master/admin.php?p=uploader&action=default HTTP/1.1 Host: localhost Content-Length: 639 Origin:...

Brave 安全漏洞

Brave is a fast, private and secure web browser from Brave USA. A security vulnerability exists in versions prior to Brave Browser 1.43.34 that originated from a vulnerability that allows remote attackers to cause a denial of service via a crafted HTML file...

PT-2022-7098 · Brave · Brave Browser

Name of the Vulnerable Software and Affected Versions: Brave Browser affected versions not specified Description: The issue is related to incorrect memory cleanup or deallocation in the Brave Browser, which can be exploited by a remote attacker using a specially crafted html file to cause a denia...