Lucene search
+L

317 matches found

OSV
OSV
added 2015/04/19 10:59 a.m.3 views

UBUNTU-CVE-2015-3336

Google Chrome before 42.0.2311.90 does not always ask the user before proceeding with CONTENTSETTINGSTYPEFULLSCREEN and CONTENTSETTINGSTYPEMOUSELOCK changes, which allows user-assisted remote attackers to cause a denial of service UI disruption by constructing a crafted HTML document containing...

4.3CVSS5.9AI score0.01473EPSS
Exploits1References4
Prion
Prion
added 2015/04/19 10:59 a.m.19 views

Design/Logic Flaw

Google Chrome before 42.0.2311.90 does not always ask the user before proceeding with CONTENTSETTINGSTYPEFULLSCREEN and CONTENTSETTINGSTYPEMOUSELOCK changes, which allows user-assisted remote attackers to cause a denial of service UI disruption by constructing a crafted HTML document containing...

4.3CVSS6.7AI score0.01473EPSS
Exploits1References5Affected Software3
UbuntuCve
UbuntuCve
added 2015/04/19 10:59 a.m.35 views

CVE-2015-3336

Google Chrome before 42.0.2311.90 does not always ask the user before proceeding with CONTENTSETTINGSTYPEFULLSCREEN and CONTENTSETTINGSTYPEMOUSELOCK changes, which allows user-assisted remote attackers to cause a denial of service UI disruption by constructing a crafted HTML document containing...

4.3CVSS5.9AI score0.01473EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2015/04/19 10:59 a.m.26 views

CVE-2015-1247

The SearchEngineTabHelper::OnPageHasOSDD function in browser/ui/searchengines/searchenginetabhelper.cc in Google Chrome before 42.0.2311.90 does not prevent use of a file: URL for an OpenSearch descriptor XML document, which might allow remote attackers to obtain sensitive information from local...

5CVSS7.4AI score0.01406EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2015/04/16 8:33 a.m.5 views

chromium-browser: Scheme issues in OpenSearch

The SearchEngineTabHelper::OnPageHasOSDD function in browser/ui/searchengines/searchenginetabhelper.cc in Google Chrome before 42.0.2311.90 does not prevent use of a file: URL for an OpenSearch descriptor XML document, which might allow remote attackers to obtain sensitive information from local...

5CVSS7.4AI score0.01406EPSS
Exploits0References5
CERT
CERT
added 2015/04/13 12:0 a.m.109 views

Microsoft Windows NTLM automatically authenticates via SMB when following a file:// URL

Overview Software running on Microsoft Windows that utilizes HTTP requests can be forwarded to a file:// protocol on a malicious server, which causes Windows to automatically attempt authentication via SMB to the malicious server in some circumstances. The encrypted form of the user's credentials...

7.4CVSS8AI score0.04478EPSS
Exploits1References15
Debian CVE
Debian CVE
added 2015/01/07 7:0 p.m.55 views

CVE-2014-9493

The V2 API in OpenStack Image Registry and Delivery Service Glance before 2014.2.2 and 2014.1.4 allows remote authenticated users to read or delete arbitrary files via a full pathname in a file: URL in the image location property...

5.5CVSS6.1AI score0.0277EPSS
Exploits0
NVD
NVD
added 2014/09/03 10:55 a.m.25 views

CVE-2014-1566

Mozilla Firefox before 31.1 on Android does not properly restrict copying of local files onto the SD card during processing of file: URLs, which allows attackers to obtain sensitive information from the Firefox profile directory via a crafted application. NOTE: this vulnerability exists because o...

4.3CVSS5.7AI score0.01177EPSS
Exploits0References6
NVD
NVD
added 2014/07/01 10:17 a.m.23 views

CVE-2014-1369

WebKit in Apple Safari before 6.1.5 and 7.x before 7.0.5 allows user-assisted remote attackers to access file: URLs by leveraging a URL drag operation that originates at a crafted web site...

4.3CVSS6.1AI score0.00988EPSS
Exploits0References2
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.19 views

Windows 95/98 UNC Buffer Overflow Vulnerability (1)

No description provided by source. source: http://www.securityfocus.com/bid/779/info There is a overflowable buffer in the networking code for Windows 95 and 98 all versions. The buffer is in the part of the code that handles filenames. By specifying an exceptionally long filename, an attacker ca...

7.1AI score
Exploits0
0day.today
0day.today
added 2014/06/27 12:0 a.m.1596 views

elFinder 2.0 - file manager for web(rc1) - File Upload Vulnerability

Usage Info Info : u can upload .php .php3 .php6 .txt .html .pl .htaccess and ... Upload Your webshell and load from : site.com/var/upload/ro0t.php site.com/files/upload/ro0t.php site.com/var/upload/ro0t.php for get file url double click on your file to open file iframe page |/ o o...

7.1AI score
Exploits0
NVD
NVD
added 2014/04/12 4:37 a.m.16 views

CVE-2014-0772

The BWOCXRUN.BwocxrunCtrl.1 control contains a method named OpenUrlToBufferTimeout. This method takes a URL as a parameter and returns its contents to the caller in JavaScript. The URLs are accessed in the security context of the current browser session. The control does not perform any URL...

5CVSS6.5AI score0.01448EPSS
Exploits1References4
Prion
Prion
added 2014/04/12 4:37 a.m.17 views

Buffer overflow

The OpenUrlToBuffer method in the BWOCXRUN.BwocxrunCtrl.1 ActiveX control in bwocxrun.ocx in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a file: URL...

5CVSS7AI score0.01409EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2014/04/12 4:37 a.m.23 views

Buffer overflow

The OpenUrlToBufferTimeout method in the BWOCXRUN.BwocxrunCtrl.1 ActiveX control in bwocxrun.ocx in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a file: URL...

5CVSS7AI score0.01448EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2014/04/12 1:0 a.m.26 views

CVE-2014-0771 Advantech WebAccess File and Directory Information Exposure

The BWOCXRUN.BwocxrunCtrl.1 control contains a method named “OpenUrlToBuffer.” This method takes a URL as a parameter and returns its contents to the caller in JavaScript. The URLs are accessed in the security context of the current browser session. The control does not perform any URL validation...

7.5CVSS6.4AI score0.01409EPSS
Exploits1References3
CVE
CVE
added 2014/04/12 1:0 a.m.76 views

CVE-2014-0771

Advantech WebAccess BWOCXRUN.BwocxrunCtrl.1 OpenUrlToBuffer in bwocxrun.ocx allows reading arbitrary files via file:// URLs because there is no URL validation. This enables remote-access scenarios where an attacker could read local or reachable files through JavaScript, within the browser context...

7.5CVSS6.2AI score0.01409EPSS
Exploits1References4Affected Software1
OpenVAS
OpenVAS
added 2014/04/10 12:0 a.m.24 views

Adobe Reader 'file://' URL Information Disclosure Vulnerability (Feb 2007) - Mac OS X

Adobe Reader is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

4.3CVSS6AI score0.1039EPSS
Exploits1References3
OpenVAS
OpenVAS
added 2014/04/10 12:0 a.m.23 views

Adobe Reader 'file://' URL Information Disclosure Vulnerability (Feb 2007) - Linux

Adobe Reader is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

4.3CVSS6AI score0.1039EPSS
Exploits1References3
Prion
Prion
added 2014/03/25 1:25 p.m.21 views

Design/Logic Flaw

Mozilla Firefox before 28.0.1 on Android processes a file: URL by copying a local file onto the SD card, which allows attackers to obtain sensitive information from the Firefox profile directory via a crafted application...

1.9CVSS6AI score0.00283EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2014/03/25 1:0 a.m.57 views

CVE-2014-1515

CVE-2014-1515 affects Mozilla Firefox for Android prior to 28.0.1. It occurs when processing a file: URL by copying a local file to the SD card, allowing an attacker with a crafted application to read sensitive data from the Firefox profile directory. CVSSv2 base score 1.9 (LOW) with LOCAL access...

1.9CVSS5.6AI score0.00283EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder