curl: Path Traversal in file:// protocol allows Arbitrary File Read

Summary: The file:// protocol handler in curl does not properly sanitise or block path traversal sequences ../. This allows a maliciously crafted file:// URL to escape the intended directory and access arbitrary files on the filesystem with the permissions of the user running curl. When curl is...

EUVD-2018-4523

Malware in sbrugna...

CVE-2011-1503

The XSL Content portlet in Liferay Portal Community Edition CE 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary 1 XSL and 2 XML files via a file:/// URL...

CVE-2012-3697

WebKit in Apple Safari before 6.0 does not properly handle file: URLs, which allows remote attackers to bypass intended sandbox restrictions and read arbitrary files by leveraging a WebProcess compromise...

CVE-2025-3529 WordPress Simple PayPal Shopping Cart <= 5.1.2 - Unauthenticated Information Exposure via file_url Parameter

The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.1.2 via the 'fileurl' parameter. This makes it possible for unauthenticated attackers to view potentially sensitive information and download a digital...

CVE-2022-45213

perfSONAR before 4.4.6 inadvertently supports the parse option for a file:// URL...

CVE-2013-1727

Mozilla Firefox before 24.0 on Android allows attackers to bypass the Same Origin Policy, and consequently conduct cross-site scripting XSS attacks or obtain password or cookie information, by using a symlink in conjunction with a file: URL for a local file...