Lucene search
+L

317 matches found

OSV
OSV
added 2024/10/30 9:15 p.m.11 views

CVE-2024-48346

xtreme1 = v0.9.1 contains a Server-Side Request Forgery SSRF vulnerability in the /api/data/upload path. The vulnerability is triggered through the fileUrl parameter, which allows an attacker to make arbitrary requests to internal or external systems...

6.1CVSS5.9AI score0.0022EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2024/10/24 6:16 p.m.33 views

Butterfly has path/URL confusion in resource handling leading to multiple weaknesses

Summary The Butterfly framework uses the java.net.URL class to refer to what are expected to be local resource files, like images or templates. This works: "opening a connection" to these URLs opens the local file. However, if a file:/ URL is directly given where a relative path resource name is...

9.1CVSS7AI score0.01602EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2024/10/24 12:0 a.m.9 views

PT-2024-8657 · Velocity +2 · Velocity +2

Name of the Vulnerable Software and Affected Versions: Butterfly framework versions prior to 1.2.6 Description: The Butterfly framework has a weakness related to incorrect restriction of the path name to a directory with limited access. This can be exploited by an attacker with network access to...

9.4CVSS7.2AI score0.01602EPSS
Exploits1References17
CNNVD
CNNVD
added 2024/10/24 12:0 a.m.6 views

Butterfly 安全漏洞

Butterfly is a modular web application framework open-sourced by OpenRefine. A security vulnerability exists in Butterfly versions prior to 1.2.6, which stems from improper handling of the file protocol in URLs, and could lead to path traversal, server-side request forgery, and cross-site scripti...

9.1CVSS8.3AI score0.01602EPSS
Exploits1References2
AlpineLinux
AlpineLinux
added 2024/10/07 8:40 p.m.54 views

CVE-2024-43363

Cacti is an open source performance and fault management framework. An admin user can create a device with a malicious hostname containing php code and repeat the installation process completing only step 5 of the installation process is enough, no need to complete the steps before or after it to...

7.2CVSS7.5AI score0.35611EPSS
Exploits2References2
GithubExploit
GithubExploit
added 2023/11/04 11:58 a.m.785 views

Exploit for Deserialization of Untrusted Data in Apache Activemq

CVE-2023-46604 This repository contains an exploit script and...

10CVSS9.4AI score0.99654EPSS
Exploits31
Packet Storm
Packet Storm
added 2023/07/25 12:0 a.m.276 views

WordPress KAP Theme 2.0 Directory Traversal

==================================================================================================================================== | Title : Wordpress KAP-theme v2.0 Directory Traversal Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

7.1AI score
Exploits0
OSV
OSV
added 2023/06/02 5:15 p.m.5 views

CVE-2023-28161

If temporary "one-time" permissions, such as the ability to use the Camera, were granted to a document loaded using a file: URL, that permission persisted in that tab for all other documents loaded from a file: URL. This is potentially dangerous if the local files came from different sources, suc...

8.8CVSS7.4AI score0.00619EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/06/02 5:15 p.m.5 views

CVE-2023-28161

If temporary "one-time" permissions, such as the ability to use the Camera, were granted to a document loaded using a file: URL, that permission persisted in that tab for all other documents loaded from a file: URL. This is potentially dangerous if the local files came from different sources, suc...

8.8CVSS7.2AI score0.00619EPSS
Exploits0References3
NVD
NVD
added 2023/06/02 5:15 p.m.23 views

CVE-2023-28161

If temporary "one-time" permissions, such as the ability to use the Camera, were granted to a document loaded using a file: URL, that permission persisted in that tab for all other documents loaded from a file: URL. This is potentially dangerous if the local files came from different sources, suc...

8.8CVSS8AI score0.00619EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2023/06/02 12:0 a.m.77 views

CVE-2023-28161

If temporary "one-time" permissions, such as the ability to use the Camera, were granted to a document loaded using a file: URL, that permission persisted in that tab for all other documents loaded from a file: URL. This is potentially dangerous if the local files came from different sources, suc...

8.8CVSS9.2AI score0.00619EPSS
Exploits0
Cvelist
Cvelist
added 2023/06/02 12:0 a.m.39 views

CVE-2023-28161

If temporary "one-time" permissions, such as the ability to use the Camera, were granted to a document loaded using a file: URL, that permission persisted in that tab for all other documents loaded from a file: URL. This is potentially dangerous if the local files came from different sources, suc...

8.1AI score0.00619EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/06/02 12:0 a.m.7 views

CVE-2023-28161

If temporary "one-time" permissions, such as the ability to use the Camera, were granted to a document loaded using a file: URL, that permission persisted in that tab for all other documents loaded from a file: URL. This is potentially dangerous if the local files came from different sources, suc...

8AI score0.00619EPSS
Exploits0References2
CVE
CVE
added 2023/06/02 12:0 a.m.164 views

CVE-2023-28161

The CVE-2023-28161 issue affects Mozilla Firefox prior to version 111. When a temporary one-time permission (e.g., Camera) is granted to a document loaded via a file: URL, that permission can persist in the tab for subsequent file: URL documents. This could be risky if local files come from diffe...

8.8CVSS7.8AI score0.00619EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/03/15 12:0 a.m.3 views

UBUNTU-CVE-2023-28161

If temporary "one-time" permissions, such as the ability to use the Camera, were granted to a document loaded using a file: URL, that permission persisted in that tab for all other documents loaded from a file: URL. This is potentially dangerous if the local files came from different sources, suc...

8.8CVSS7.3AI score0.00619EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2023/03/15 12:0 a.m.54 views

CVE-2023-28161

If temporary "one-time" permissions, such as the ability to use the Camera, were granted to a document loaded using a file: URL, that permission persisted in that tab for all other documents loaded from a file: URL. This is potentially dangerous if the local files came from different sources, suc...

8.8CVSS7.2AI score0.00619EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/03/15 12:0 a.m.31 views

Ubuntu 18.04 LTS / 20.04 LTS : Firefox vulnerabilities (USN-5954-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5954-1 advisory. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could...

8.8CVSS7.8AI score0.00713EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2023/02/15 6:21 a.m.4 views

SUSE CVE-2002-1467

Macromedia Flash Plugin before 6,0,47,0 allows remote attackers to bypass the same-domain restriction and read arbitrary files via 1 an HTTP redirect, 2 a "file://" base in a web document, or 3 a relative URL from a web archive mht file...

5CVSS7AI score0.01907EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:19 a.m.4 views

SUSE CVE-2004-1392

PHP 4.0 with cURL functions allows remote attackers to bypass the openbasedir setting and read arbitrary files via a file: URL argument to the curlinit function...

5CVSS7.1AI score0.10394EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:3 a.m.4 views

SUSE CVE-2009-1839

Mozilla Firefox 3 before 3.0.11 associates an incorrect principal with a file: URL loaded through the location bar, which allows user-assisted remote attackers to bypass intended access restrictions and read files via a crafted HTML document, aka a "file-URL-to-file-URL scripting" attack...

5.4CVSS6.5AI score0.07124EPSS
Exploits0References4
Rows per page
Query Builder