CVE-2023-26448

Open-Xchange AppSuite is affected by CVE-2023-26448 due to unsafe handling of customized login/logout locations defined as jslob, which were not validated for malicious protocol handlers. The underlying issue allows malicious script code to execute in the victim’s context, potentially enabling se...

Beyond File Search: A Novel Method

Beyond File Search: A Novel Method for Exploiting the "search-ms" URI Protocol Handler By Mathanraj Thangaraju and Sijo Jacob · July 26, 2023 Threat Summary In the ever-evolving landscape of cyber threats, malware authors continuously explore new avenues to exploit unsuspecting users. The Windows...

CVE-2023-35174 Livebook Desktop's protocol handler can be exploited to execute arbitrary command on Windows

Livebook is a web application for writing interactive and collaborative code notebooks. On Windows, it is possible to open a livebook:// link from a browser which opens Livebook Desktop and triggers arbitrary code execution on victim's machine. Any user using Livebook Desktop on Windows is...

Livebook 操作系统命令注入漏洞

Livebook is a web application for writing interactive and collaborative code notebooks. Livebook suffers from an operating system command injection vulnerability that originates from allowing an attacker to execute arbitrary commands using Desktop's protocol handler. Affected products and version...

Livebook Desktop's protocol handler can be exploited to execute arbitrary command on Windows

On Windows, it is possible to open a livebook:// link from a browser which opens Livebook Desktop and triggers arbitrary code execution on victim's machine. Any user using Livebook Desktop on Windows is potentially vulnerable to arbitrary code execution when they expect Livebook to be opened from...

Ubiquiti EdgeRouter 命令注入漏洞

Ubiquiti EdgeRouter is a router from Ubiquiti USA. A security vulnerability exists in Ubiquiti EdgeRouter X version 2.0.9-hotfix.6, which stems from the presence of an unknown function in the component OSPF Handler, which leads to command injection via the parameter areaa...

Exploit for CVE-2022-44666

Microsoft Windows Contacts VCF/Contact/LDAP syslink control...

SUSE CVE-2010-0191

Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allow attackers to execute arbitrary code via unspecified vectors, related to a "prefix protocol handler vulnerability."...

SUSE CVE-2010-3625

Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code via unspecified vectors, related to a "prefix protocol handler vulnerability."...

SUSE CVE-2016-1937

The protocol-handler dialog in Mozilla Firefox before 44.0 allows remote attackers to conduct clickjacking attacks via a crafted web site that triggers a single-click action in a situation where a double-click action was intended...

SUSE CVE-2018-6043

Insufficient data validation in External Protocol Handler in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially execute arbitrary programs on user machine via a crafted HTML page...

SUSE CVE-2018-12399

When a new protocol handler is registered, the API accepts a title argument which can be used to mislead users about which domain is registering the new protocol. This may result in the user approving a protocol handler that they otherwise would not have. This vulnerability affects Firefox 63...

SUSE CVE-2020-15680

If a valid external protocol handler was referenced in an image tag, the resulting broken image size could be distinguished from a broken image size of a non-existent protocol handler. This allowed an attacker to successfully probe whether an external protocol handler was registered. This...

Improper Neutralization

Overview Affected versions of this package are vulnerable to Improper Neutralization in the self.metaset function of the component Meta Protocol Handler. PoC ruby require 'dalli' $mcmeta = Dalli::Client.new'localhost:11211', protocol: :meta $mcmeta.set'xhzeem','meta' $mcmeta.get"xhzeem"...

Unsanitized input leading to code injection in Dalli

A vulnerability was found in Dalli. Affected is the function self.metaset of the file lib/dalli/protocol/meta/requestformatter.rb of the component Meta Protocol Handler. The manipulation leads to injection. The exploit has been disclosed to the public and may be used. The name of the patch is...

GHSA-3XG8-CC8F-9WV2 Unsanitized input leading to code injection in Dalli

A vulnerability was found in Dalli. Affected is the function self.metaset of the file lib/dalli/protocol/meta/requestformatter.rb of the component Meta Protocol Handler. The manipulation leads to injection. The exploit has been disclosed to the public and may be used. The name of the patch is...

CVE-2022-4064

A vulnerability was found in Dalli up to 3.2.2. It has been classified as problematic. Affected is the function self.metaset of the file lib/dalli/protocol/meta/requestformatter.rb of the component Meta Protocol Handler. The manipulation of the argument cas/ttl leads to injection. It is possible ...

CVE-2022-4064

A vulnerability was found in Dalli up to 3.2.2. It has been classified as problematic. Affected is the function self.metaset of the file lib/dalli/protocol/meta/requestformatter.rb of the component Meta Protocol Handler. The manipulation of the argument cas/ttl leads to injection. It is possible ...

UBUNTU-CVE-2022-4064

A vulnerability was found in Dalli up to 3.2.2. It has been classified as problematic. Affected is the function self.metaset of the file lib/dalli/protocol/meta/requestformatter.rb of the component Meta Protocol Handler. The manipulation of the argument cas/ttl leads to injection. It is possible ...

Design/Logic Flaw

A vulnerability was found in Dalli. It has been classified as problematic. Affected is the function self.metaset of the file lib/dalli/protocol/meta/requestformatter.rb of the component Meta Protocol Handler. The manipulation leads to injection. The exploit has been disclosed to the public and ma...