The vulnerability of the app.support.baseURL configuration in the Mozilla Firefox browser allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the app.support.baseURL configuration in Mozilla Firefox browser lies in the lack of content sanitization in the URL string. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

Oracle Linux 7 : curl (ELSA-2019-1880)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2019-1880 advisory. - CVE-2016-8615 cookie injection for other servers https://curl.haxx.se/docs/CVE-2016-8615.html - CVE-2016-8616 case insensitive password comparison...

Scientific Linux Security Update : curl on SL7.x x86_64 (20190729)

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes : - curl: NTLM password overflow via integer overflow CVE-2018-14618 For more details about the security issues, including t...

curl, libcurl security update

CentOS Errata and Security Advisory CESA-2019:1880 An update for curl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...

Low: Red Hat Security Advisory: curl security and bug fix update

An update for curl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

CVE-2018-5133

If the "app.support.baseURL" preference is changed by a malicious local program to contain HTML and script content, this content is not sanitized. It will be executed if a user loads "chrome://browser/content/preferences/in-content/preferences.xul" directly in a tab and executes a search. This...

CVE-2018-5133

CVE-2018-5133 affects Firefox before 59, where a malicious local program can set the app.support.baseURL preference to HTML/script, which is not sanitized and can execute when loading chrome://browser/content/preferences/in-content/preferences.xul or when an EME CDM-disabled notification is shown...

modeshutters.com.au XSS vulnerability

Vulnerable URL: http://modeshutters.com.au/svcore/full.html?bg="=http://modeshutters.com.au/gallery3/gallery.xml=http://modeshutters.com.au/gallery3/=http://modeshutters.com.au/gallery3/images/=http://modeshutters.com.au/gallery3/thumbs/=true=true=false=true=true=true=fff=fff=true=-1=Awnings...

Adobe Flash Player 8.0.34.0/9.0.x main.swf baseurl Parameter asfunction: Protocol Handler XSS

No description provided by source. source: http://www.securityfocus.com/bid/26949/info Adobe Flash Player is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code i...

Design/Logic Flaw

Insecure method vulnerability in the Web Scan Object ActiveX control OL2005.dll in Rising Antivirus Online Scanner allows remote attackers to force the download and execution of arbitrary code by setting the BaseURL property and invoking the UpdateEngine method. NOTE: some of these details are...

CVE-2008-1116

Insecure method vulnerability in the Web Scan Object ActiveX control OL2005.dll in Rising Antivirus Online Scanner allows remote attackers to force the download and execution of arbitrary code by setting the BaseURL property and invoking the UpdateEngine method. NOTE: some of these details are...

TYPO3 Security Bulletin

Under special circumstances, setting config.baseURL see typo3.org/documentation/document-library/doccoretsref/quotCONFIGquot/ to a numeric value "1" could be used to spoof a malicious baseURL into your TYPO3 cache. It has now been decided to technically prevent this misconfiguration. Component...