18 matches found
MAL-2026-5648 Malicious code in unified-ui-components-library (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 78fe6900f4329c8e4c7bb5322f0e30a3f3b90e289c45852fca61c4fd16f43fd8 On npm install, the package's postinstall.js collects os.hostname and os.userInfo.username and embeds them as query-string parameters in a plaintext...
Linux Distros Unpatched Vulnerability : CVE-2018-6152
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The implementation of the Page.downloadBehavior backend unconditionally marked downloaded files as safe, regardless of file type in Google Chrome prior to...
Cross-site Scripting (XSS)
org.dspace:dspace-server-webapp is vulnerable to Cross-site Scripting XSS. The vulnerability is caused by improper validation of download behavior for HTML, XML, or JavaScript Bitstreams, allowing embedded JavaScript to execute in the user's browser, which could potentially lead to XSS attacks...
CVE-2024-0551
Enable exports of the database and associated exported information of the system via the default user role. The attacked would have to have been granted access to the system prior to the attack. It is worth noting that the deterministic nature of the export name is lower risk as the UI for...
ICA file not opening automatically instead it is downloading on browser on Double hop scenario
Every time an application is launched, it opens with a browser instead locally installed workspace app even though the native workspace app is the default selection...
SUSE CVE-2018-6152
The implementation of the Page.downloadBehavior backend unconditionally marked downloaded files as safe, regardless of file type in Google Chrome prior to 66.0.3359.117 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted...
SUSE CVE-2018-18344
Inappropriate allowance of the setDownloadBehavior devtools protocol feature in Extensions in Google Chrome prior to 71.0.3578.80 allowed a remote attacker with control of an installed extension to access files on the local file system via a crafted Chrome Extension...
Mozilla Firefox ESR < 91.7
The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 91.7. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-11 advisory. - If an attacker could control the contents of an iframe sandboxed with allow-popups but not allow-scripts,...
The vulnerability in the implementation of the Page.downloadBehavior backend of the Google Chrome browser allows a hacker to persuade users to install a malicious extension.
The vulnerability of the PagedownloadBehavior implementation in Google Chrome’s browser lies in the lack of restrictions on file downloads. Exploiting this vulnerability can allow a malicious actor to persuade a user to install a malicious extension through a specially created HTML page...
The vulnerability of the setDownloadBehavior function in the Google Chrome web browser allows a hacker to gain unauthorized access to files in the local file system.
The vulnerability of the setDownloadBehavior function in the Google Chrome web browser arises from an operation that goes beyond the buffer in memory. Exploiting this vulnerability can allow a malicious actor to gain unauthorized access to files in the local file system through a specially create...
UBUNTU-CVE-2018-18344
Inappropriate allowance of the setDownloadBehavior devtools protocol feature in Extensions in Google Chrome prior to 71.0.3578.80 allowed a remote attacker with control of an installed extension to access files on the local file system via a crafted Chrome Extension...
Google Chrome Security Bypass Vulnerability (CNVD-2019-01773)
Google Chrome is the United States Google Google company developed a Web browser. Devtools is one of the development and debugging tools. A security vulnerability exists in DevTools in versions of Google Chrome prior to 68.0.3440.75, which stems from an implementation of the Page.downloadBehavior...
MS IE 5.0 Download Behavior Vulnerability
No description provided by source. Microsoft Internet Explorer 5.0 for Windows 95/Windows 98/Windows NT 4 Download Behavior Vulnerability source: http://www.securityfocus.com/bid/674/info The download behavior feature of Microsoft's Internet Explorer 5 may allow a malicious web site operator to...
Internet Explorer DHTML"Download Behavior" can be tricked into exposing local files
Overview The download behavior of Internet Explorer 5.0 can be used to perform arbitrary operations on local files. Description Internet Explorer 5.0 includes a dynamic HTML DHTML behavior called "download behavior." A "behavior" is a software object that specifies some behavior of a web page...
IE5_download_vuln.txt
The following is a Security Bulletin from the Microsoft Product Security Notification Service. Please do not reply to this message, as it was sent from an unattended mailbox. Microsoft Security Bulletin MS99-040 -------------------------------------- Patch Available for "Download Behavior"...
IE5_vuln.txt
After hearing of some confusion regarding this vulnerability I thought it might be useful to post the description from our SF database to the list. This was written up by Eric Schultze and myself, and we would like to thank Georgi Guninski, Steve Lipner, and David LeBlanc for their help. Thanks...
Microsoft Internet Explorer 5 - Download Behaviour
Microsoft Internet Explorer 5.0 for Windows 95/Windows 98/Windows NT 4 Download Behavior Vulnerability source: https://www.securityfocus.com/bid/674/info The "download behavior" feature of Microsoft's Internet Explorer 5 may allow a malicious web site operator to read files on an IE5 client...
Microsoft Internet Explorer 5 - Download Behaviour
Microsoft Internet Explorer 5 - Download Behaviour Microsoft Internet Explorer 5.0 for Windows 95/Windows 98/Windows NT 4 Download Behavior Vulnerability source: https://www.securityfocus.com/bid/674/info The "download behavior" feature of Microsoft's Internet Explorer 5 may allow a malicious web...