Lucene search
K

270 matches found

BDU FSTEC
BDU FSTEC
added 2025/06/18 12:0 a.m.6 views

The vulnerability in the JavaScript URI Handler component of Mozilla Firefox, Mozilla Firefox ESR, and the email client Mozilla Thunderbird allows a hacker to escalate their privileges.

The vulnerability of the JavaScript URI Handler component in Mozilla Firefox, Mozilla Firefox ESR, and the email client Mozilla Thunderbird relates to reading data beyond the memory boundaries. Exploiting this vulnerability can allow a malicious actor to gain increased privileges remotely...

9.4CVSS7.6AI score0.00379EPSS
Exploits0References19Affected Software8
RedhatCVE
RedhatCVE
added 2025/05/22 4:19 p.m.6 views

CVE-2020-14049

Viber for Windows up to 13.2.0.39 does not properly quote its custom URI handler. A malicious website could launch Viber with arbitrary parameters, forcing a victim to send an NTLM authentication request, and either relay the request or capture the hash for offline password cracking. NOTE: this...

9.3CVSS7.4AI score0.15041EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 10:5 a.m.10 views

CVE-2019-13475

In MobaXterm 11.1, the mobaxterm: URI handler has an argument injection vulnerability that allows remote attackers to execute arbitrary commands when the user visits a specially crafted URL. Based on the available command-line arguments of the software, one can simply inject -exec to execute...

8.8CVSS8AI score0.0411EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:3 a.m.8 views

CVE-2019-25087

A vulnerability was found in RamseyK httpserver. It has been rated as critical. This issue affects the function ResourceHost::getResource of the file src/ResourceHost.cpp of the component URI Handler. The manipulation of the argument uri leads to path traversal: '../filedir'. The attack may be...

7.5CVSS7AI score0.00843EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.182 views

TeamViewer Unquoted URI Handler SMB Redirect

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'TeamViewer Unquoted URI Handler SMB Redirect', 'Description' = %q This module exploits an unquoted parameter call within the Teamviewer URI handl...

8.8CVSS7.1AI score0.25895EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2024/03/15 12:0 a.m.29 views

Mobatek MobaXterm 11.1 (CVE-2019-13475)

The version of Mobatek MobaXterm installed on the remote host is 11.1. It is, therefore, affected by a vulnerability as referenced in the CVE-2019-13475 advisory. - In MobaXterm 11.1, the mobaxterm: URI handler has an argument injection vulnerability that allows remote attackers to execute...

8.8CVSS7.5AI score0.0411EPSS
Exploits3References3
Penetration Testing Lab
Penetration Testing Lab
added 2024/01/02 7:8 a.m.25 views

Initial Access – search-ms URI Handler

Microsoft search protocol enables clients to initiate connections against an enterprise search service such as SharePoint or WebDav. During these search connections the protocol server… Continue reading - Initial Access - search-ms URI Handler...

7.2AI score
Exploits0
Penetration Testing Lab
Penetration Testing Lab
added 2024/01/02 7:8 a.m.18 views

Initial Access – search-ms URI Handler

Microsoft search protocol enables clients to initiate connections against an enterprise search service such as SharePoint or WebDav. During these search connections the protocol server… Continue reading - Initial Access - search-ms URI Handler...

7.2AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 4:14 a.m.3 views

SUSE CVE-2019-9794

A vulnerability was discovered where specific command line arguments are not properly discarded during Firefox invocation as a shell handler for URLs. This could be used to retrieve and execute files whose location is supplied through these command line arguments if Firefox is configured as the...

5CVSS8.6AI score0.01774EPSS
Exploits0References11
OSV
OSV
added 2022/12/27 9:15 a.m.15 views

CVE-2019-25087

A vulnerability was found in RamseyK httpserver. It has been rated as critical. This issue affects the function ResourceHost::getResource of the file src/ResourceHost.cpp of the component URI Handler. The manipulation of the argument uri leads to path traversal: '../filedir'. The attack may be...

7.5CVSS7AI score
Exploits0References3
Prion
Prion
added 2022/12/27 9:15 a.m.22 views

Path traversal

A vulnerability was found in RamseyK httpserver. It has been rated as critical. This issue affects the function ResourceHost::getResource of the file src/ResourceHost.cpp of the component URI Handler. The manipulation of the argument uri leads to path traversal: '../filedir'. The attack may be...

5CVSS7.6AI score0.00843EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2021/12/14 6:15 p.m.13 views

CVE-2021-44042

An issue was discovered in UiPath Assistant 21.4.4. User-controlled data supplied to the --process-start argument of the URI handler for uipath-assistant:// is not correctly encoded, resulting in attacker-controlled content being injected into the error message displayed when the injected content...

9.8CVSS0.01083EPSS
Exploits0References2
OSV
OSV
added 2021/12/14 6:15 p.m.3 views

CVE-2021-44042

An issue was discovered in UiPath Assistant 21.4.4. User-controlled data supplied to the --process-start argument of the URI handler for uipath-assistant:// is not correctly encoded, resulting in attacker-controlled content being injected into the error message displayed when the injected content...

9.8CVSS5.9AI score0.01083EPSS
Exploits0References2
OSV
OSV
added 2021/12/14 6:15 p.m.4 views

CVE-2021-44041

UiPath Assistant 21.4.4 will load and execute attacker controlled data from the file path supplied to the --dev-widget argument of the URI handler for uipath-assistant://. This allows an attacker to execute code on a victim's machine or capture NTLM credentials by supplying a networked or WebDAV...

9.8CVSS5.9AI score0.01747EPSS
Exploits0References2
Prion
Prion
added 2021/12/14 6:15 p.m.14 views

Code injection

An issue was discovered in UiPath Assistant 21.4.4. User-controlled data supplied to the --process-start argument of the URI handler for uipath-assistant:// is not correctly encoded, resulting in attacker-controlled content being injected into the error message displayed when the injected content...

7.5CVSS9.3AI score0.01083EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/12/14 5:49 p.m.25 views

CVE-2021-44041

UiPath Assistant 21.4.4 will load and execute attacker controlled data from the file path supplied to the --dev-widget argument of the URI handler for uipath-assistant://. This allows an attacker to execute code on a victim's machine or capture NTLM credentials by supplying a networked or WebDAV...

9.8AI score0.01747EPSS
Exploits0References2
CNVD
CNVD
added 2021/12/10 12:0 a.m.24 views

Mozilla Firefox ESR input validation error vulnerability

Mozilla Firefox, an open source Web browser from the Mozilla Foundation, is vulnerable to an input validation error in Mozilla Firefox ESR that results from a parameter URL containing spaces that is not properly escaped when invoking a protocol handler for an external protocol. A remote attacker...

6.5CVSS2.2AI score0.00862EPSS
Exploits0References1
Malwarebytes
Malwarebytes
added 2021/12/08 2:52 p.m.37 views

Vulnerability in Windows 10 URI handler leads to remote code execution

Researchers at Positive Security have discovered a drive-by remote code-execution RCE bug in Windows 10. The vulnerability can be triggered by an argument injection in the Windows 10 default handler for ms-officecmd: URIs. It is likely that this vulnerability also exists in Windows 11. What’s...

7.9AI score
Exploits0
NVD
NVD
added 2021/09/22 2:15 a.m.14 views

CVE-2021-38112

In the Amazon AWS WorkSpaces client 3.0.10 through 3.1.8 on Windows, argument injection in the workspaces:// URI handler can lead to remote code execution because of the Chromium Embedded Framework CEF --gpu-launcher argument. This is fixed in 3.1.9...

9.3CVSS0.0647EPSS
Exploits1References2
Cvelist
Cvelist
added 2021/09/22 1:54 a.m.21 views

CVE-2021-38112

In the Amazon AWS WorkSpaces client 3.0.10 through 3.1.8 on Windows, argument injection in the workspaces:// URI handler can lead to remote code execution because of the Chromium Embedded Framework CEF --gpu-launcher argument. This is fixed in 3.1.9...

9.3AI score0.0647EPSS
Exploits1References2
Rows per page
Query Builder