Your extensions leak clues about you, so we made sure Browser Guard doesn’t

Did you know you can be profiled based on the browser extensions you use? Advertisers can detect which extensions are installed and use that to build a picture of the kind of user you are. For instance, do you pride yourself on being a good online shopper who never pays full price? Maybe you use ...

CVE-2024-48782

CVE-2024-48782 : Affected software is DYCMS Open-Source Version v2.0.9.41. The vulnerability is a file-upload flaw where the frontend only checks the file extension, enabling a remote attacker to execute arbitrary code. Impact is high (remote code execution) as described in connected sources. Som...

Cross site scripting

includes/libs/IEUrlExtension.php in the MediaWiki API in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 does not properly detect extensions when there are an even number of "." period characters in a string, which allows remote attackers to conduct cross-site...

CVE-2013-4303

includes/libs/IEUrlExtension.php in the MediaWiki API in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 does not properly detect extensions when there are an even number of "." period characters in a string, which allows remote attackers to conduct cross-site...

CVE-2018-20129: DedeCMS V5. 7 SP2 front Desk file upload getshell vulnerability alerts-a vulnerability alert-the black bar safety net

2018-12-11 in CVE Chinese application station published a DEDECMS 5.7 SP2 is the latest version there is a file upload vulnerability, with administrator privileges can exploit this vulnerability to upload and getshell execute arbitrary PHP code. After analysis and verification. The vulnerability...

CVE-2018-14334

manager/editor/upload.php in joyplus-cms 1.6.0 allows arbitrary file upload because detection of a prohibited file extension simply sets the $errm value, and does not otherwise alter the flow of control. Consequently, one can upload and execute a .php file, a similar issue to CVE-2018-8766...

CVE-2018-0237

A vulnerability in the file type detection mechanism of the Cisco Advanced Malware Protection AMP for Endpoints macOS Connector could allow an unauthenticated, remote attacker to bypass malware detection. The vulnerability occurs because the software relies on only the file extension for detectin...

Frog CMS Arbitrary File Upload Vulnerability

Frog CMS is a content management system CMS developed by software developer Philippe Archambault. The system provides tools for page templates, user rights management, and document management. A security vulnerability exists in Frog CMS version 0.9.5 due to a lack of extension detection in the...

Fedora 20 : mediawiki-1.21.2-1.fc20 (2013-15937)

SECURITY: Fix extension detection with 2 .'s - SECURITY: Support for the 'gettoken' parameter to action=block and action=unblock, deprecated since 1.20, has been removed. - SECURITY: Sanitize ResourceLoader exception messages - Purge upstream caches when deleting file assets. - Unit test suite...

Fedora 19 : mediawiki-1.21.2-1.fc19 (2013-15984)

SECURITY: Fix extension detection with 2 .'s - SECURITY: Support for the 'gettoken' parameter to action=block and action=unblock, deprecated since 1.20, has been removed. - SECURITY: Sanitize ResourceLoader exception messages - Purge upstream caches when deleting file assets. - Unit test suite...

Fedora 18 : mediawiki-1.19.8-1.fc18 (2013-15994)

SECURITY: Sanitize ResourceLoader exception messages - SECURITY: Token-getting functions will fail when using jsonp callbacks. - SECURITY: Fix extension detection with 2 .'s - Allow a string other than '' as condition for DatabaseBase::delete - Purge upstream caches when deleting file assets. -...

Google Chrome Arbitrary Extensions Detection

Google Chrome Instaled extensions arbitrary detection Vendor url: http://www.google.com Advisore:http://lostmon.blogspot.com/2010/09/google-chrome-instaled-extensions.html Vendor notify:YES vendor confirmed.YES exploit:YES Change log...