27 matches found
EUVD-2014-1606
Malware in sbrugna...
Path Traversal
typo3/cms-core is vulnerable to Path Traversal. The vulnerability arises due to a lack of file path sanitization in the baseuri field within the /typo3/record/edit endpoint, allowing an attacker with administrator privileges to arbitrary view files from the filesystem...
Directory traversal
In TYPO3 11.5.24, the filelist component allows attackers who have access to the administrator panel to read arbitrary files via directory traversal in the baseuri field, as demonstrated by POST /typo3/record/edit with ../../../ in datasysfilestoragedatasDEFlDEFbasePathvDEF...
PT-2023-22698 · Typo3 · Typo3
Name of the Vulnerable Software and Affected Versions: TYPO3 version 11.5.24 Description: The filelist component in TYPO3 allows attackers with access to the administrator panel to read arbitrary files via directory traversal in the baseuri field. This can be demonstrated by sending a POST reques...
TYPO3 Path Traversal Vulnerability
TYPO3 is a free and open source content management system framework CMS/CMF from TYPO3 Association in Switzerland. A path traversal vulnerability exists in TYPO3 version 11.5.24. An attacker could use this vulnerability to read arbitrary files via the Baseuri field using directory traversal...
SUSE CVE-2014-1530
The docshell implementation in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to trigger the loading of a URL with a spoofed baseURI property, and conduct cross-site scripting XSS attacks, via a crafted web sit...
SUSE CVE-2018-5168
Sites can bypass security checks on permissions to install lightweight themes by manipulating the "baseURI" property of the theme element. This could allow a malicious site to install a theme without user interaction which could contain offensive or embarrassing images. This vulnerability affects...
DEBIAN-CVE-2018-5168
Sites can bypass security checks on permissions to install lightweight themes by manipulating the "baseURI" property of the theme element. This could allow a malicious site to install a theme without user interaction which could contain offensive or embarrassing images. This vulnerability affects...
CVE-2018-5168
Sites can bypass security checks on permissions to install lightweight themes by manipulating the "baseURI" property of the theme element. This could allow a malicious site to install a theme without user interaction which could contain offensive or embarrassing images. This vulnerability affects...
Security feature bypass
Sites can bypass security checks on permissions to install lightweight themes by manipulating the "baseURI" property of the theme element. This could allow a malicious site to install a theme without user interaction which could contain offensive or embarrassing images. This vulnerability affects...
CVE-2018-5168
CVE-2018-5168 is a vulnerability in Thunderbird and Firefox where an attacker can bypass permission checks by manipulating the baseURI of the theme element, enabling a user interaction-free installation of a theme that could contain offensive images. Affected products and versions per the records...
CVE-2018-5168
Sites can bypass security checks on permissions to install lightweight themes by manipulating the "baseURI" property of the theme element. This could allow a malicious site to install a theme without user interaction which could contain offensive or embarrassing images. This vulnerability affects...
CVE-2018-5168
Sites can bypass security checks on permissions to install lightweight themes by manipulating the "baseURI" property of the theme element. This could allow a malicious site to install a theme without user interaction which could contain offensive or embarrassing images. This vulnerability affects...
Mozilla: Lightweight themes can be installed without user interaction
Sites can bypass security checks on permissions to install lightweight themes by manipulating the "baseURI" property of the theme element. This could allow a malicious site to install a theme without user interaction which could contain offensive or embarrassing images. This vulnerability affects...
Mozilla: Lightweight themes can be installed without user interaction
Sites can bypass security checks on permissions to install lightweight themes by manipulating the "baseURI" property of the theme element. This could allow a malicious site to install a theme without user interaction which could contain offensive or embarrassing images. This vulnerability affects...
Mozilla: Lightweight themes can be installed without user interaction
Sites can bypass security checks on permissions to install lightweight themes by manipulating the "baseURI" property of the theme element. This could allow a malicious site to install a theme without user interaction which could contain offensive or embarrassing images. This vulnerability affects...
Mozilla: Lightweight themes can be installed without user interaction
Sites can bypass security checks on permissions to install lightweight themes by manipulating the "baseURI" property of the theme element. This could allow a malicious site to install a theme without user interaction which could contain offensive or embarrassing images. This vulnerability affects...
Mozilla Firefox Lightweight Themes Installation Vulnerability
Mozilla Firefox browser Firefox is a free and open source browser for Windows, Linux and MacOSX platforms. A lightweight theme installation vulnerability exists in Mozilla Firefox. An attacker can exploit this vulnerability by manipulating the baseURI attribute of a theme element to install a the...
UBUNTU-CVE-2018-5168
Sites can bypass security checks on permissions to install lightweight themes by manipulating the "baseURI" property of the theme element. This could allow a malicious site to install a theme without user interaction which could contain offensive or embarrassing images. This vulnerability affects...
CVE-2018-5168
Sites can bypass security checks on permissions to install lightweight themes by manipulating the "baseURI" property of the theme element. This could allow a malicious site to install a theme without user interaction which could contain offensive or embarrassing images. This vulnerability affects...