Lucene search
+L

317 matches found

prion
prion
added 2009/11/05 4:30 p.m.22 views

Stack overflow

Stack-based buffer overflow in the HsbParser.getSoundBank function in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.127, and SDK and JRE 1.4.x before 1.4.224 allows remote attackers to execute arbitrary code via a long file: URL in a...

9.3CVSS8AI score0.73376EPSS
Exploits11References25Affected Software3
ubuntucve
ubuntucve
added 2009/11/05 4:30 p.m.51 views

CVE-2009-3867

Stack-based buffer overflow in the HsbParser.getSoundBank function in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.127, and SDK and JRE 1.4.x before 1.4.224 allows remote attackers to execute arbitrary code via a long file: URL in a...

9.3CVSS6.4AI score0.73376EPSS
Exploits11References3
prion
prion
added 2009/08/28 3:30 p.m.22 views

Design/Logic Flaw

Mozilla Firefox 3.5.1 and SeaMonkey 1.1.17, and Flock 2.5.1, allow context-dependent attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary file: URL after a victim has visited any file: URL, as demonstrated by a visit to a file: document written by the...

4.3CVSS7AI score0.00642EPSS
Exploits0References2Affected Software3
cvelist
cvelist
added 2009/08/28 3:0 p.m.31 views

CVE-2009-3007

Mozilla Firefox 3.5.1 and SeaMonkey 1.1.17, and Flock 2.5.1, allow context-dependent attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary file: URL after a victim has visited any file: URL, as demonstrated by a visit to a file: document written by the...

6.3AI score0.00642EPSS
Exploits0References2
attackerkb
attackerkb
added 2009/08/12 7:30 p.m.2 views

CVE-2009-2200

WebKit in Apple Safari before 4.0.3 does not properly restrict the URL scheme of the pluginspage attribute of an EMBED element, which allows user-assisted remote attackers to launch arbitrary file: URLs and obtain sensitive information via a crafted HTML document...

7.1CVSS5.7AI score0.02387EPSS
Exploits0References8
nessus
nessus
added 2009/07/21 12:0 a.m.20 views

openSUSE Security Update : opera (opera-366)

Opera 9.63 fixes the following security problems : - Manipulating text input contents can allow execution of arbitrary code - HTML parsing flaw can cause Opera to execute arbitrary code. - Long hostnames in file: URLs can cause execution of arbitrary code. - Script injection in feed preview can...

5.8AI score
Exploits0References1
prion
prion
added 2009/06/12 9:30 p.m.19 views

Design/Logic Flaw

Mozilla Firefox 3 before 3.0.11 associates an incorrect principal with a file: URL loaded through the location bar, which allows user-assisted remote attackers to bypass intended access restrictions and read files via a crafted HTML document, aka a "file-URL-to-file-URL scripting" attack...

5.4CVSS6.6AI score0.07124EPSS
Exploits0References18Affected Software1
cve
cve
added 2009/06/12 9:7 p.m.92 views

CVE-2009-1839

CVE-2009-1839 affects Mozilla Firefox 3.x before 3.0.11. Affected: Firefox 3 up to 3.0.11. Description: loading a file: URL via the location bar could have an incorrect security principal, allowing a user‑supplied crafted HTML document to bypass file access restrictions and read local files, i.e....

5.4CVSS7.2AI score0.07124EPSS
Exploits0References18Affected Software1
cvelist
cvelist
added 2009/06/12 9:7 p.m.20 views

CVE-2009-1839

Mozilla Firefox 3 before 3.0.11 associates an incorrect principal with a file: URL loaded through the location bar, which allows user-assisted remote attackers to bypass intended access restrictions and read files via a crafted HTML document, aka a "file-URL-to-file-URL scripting" attack...

7.3AI score0.07124EPSS
Exploits0References18
redhat
redhat
added 2009/06/11 11:13 p.m.48 views

Critical: Red Hat Security Advisory: seamonkey security update

Updated seamonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat...

9.3CVSS6AI score0.09282EPSS
Exploits4References6
redhat
redhat
added 2009/06/11 10:41 p.m.6 views

file: resources

Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17 associate local documents with external domain names located after the file:// substring in a URL, which allows user-assisted remote attackers to read arbitrary cookies via a crafted HTML document, as demonstrated by a URL with...

4.3CVSS5.9AI score0.02325EPSS
Exploits1References4
osv
osv
added 2009/06/10 6:0 p.m.7 views

CVE-2009-1703

WebKit in Apple Safari before 4.0 does not prevent references to file: URLs within 1 audio and 2 video elements, which allows remote attackers to determine the existence of arbitrary files via a crafted HTML document...

6.2AI score
Exploits0References10
cve
cve
added 2009/06/10 5:37 p.m.62 views

CVE-2009-1703

CVE-2009-1703 concerns WebKit in Apple Safari prior to 4.0, where references to file: URLs within audio and video elements are not blocked. This could let remote attackers determine the existence of arbitrary files by delivering crafted HTML, constituting an information-disclosure risk. The affec...

7.1CVSS7.6AI score0.03013EPSS
Exploits2References10Affected Software1
osv
osv
added 2009/03/05 2:30 a.m.4 views

DEBIAN-CVE-2009-0037

The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPTFOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to 1 trigger arbitrary requests to intranet servers, 2 read or overwrite arbitrary files via a redirect to a file:...

6.8CVSS7.4AI score0.07812EPSS
Exploits2References1
nvd
nvd
added 2009/03/05 2:30 a.m.18 views

CVE-2009-0037

The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPTFOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to 1 trigger arbitrary requests to intranet servers, 2 read or overwrite arbitrary files via a redirect to a file:...

6.8CVSS7AI score0.07812EPSS
Exploits2References32
ubuntucve
ubuntucve
added 2009/03/05 2:30 a.m.34 views

CVE-2009-0037

The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPTFOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to 1 trigger arbitrary requests to intranet servers, 2 read or overwrite arbitrary files via a redirect to a file:...

6.8CVSS7.1AI score0.07812EPSS
Exploits2References2
cvelist
cvelist
added 2008/11/04 1:0 a.m.40 views

CVE-2008-4910

The BasicService in Sun Java Web Start allows remote attackers to execute arbitrary programs on a client machine via a file:// URL argument to the showDocument method...

7.2AI score0.10339EPSS
Exploits0References5
cve
cve
added 2008/11/04 1:0 a.m.64 views

CVE-2008-4910

CVE-2008-4910 affects Sun Java Web Start (BasicService). The vulnerability allows a remote attacker to execute arbitrary programs on a client machine by passing a file:// URL argument to the showDocument method. Impact is described as remote code execution with full confidentiality/integrity/avai...

10CVSS7.2AI score0.10339EPSS
Exploits0References5Affected Software1
nvd
nvd
added 2008/11/04 12:57 a.m.23 views

CVE-2008-4910

The BasicService in Sun Java Web Start allows remote attackers to execute arbitrary programs on a client machine via a file:// URL argument to the showDocument method...

10CVSS7.2AI score0.10339EPSS
Exploits0References5
seebug
seebug
added 2008/09/27 12:0 a.m.25 views

Apple Mac OS X Java插件'file://' URL处理远程代码执行漏洞

BUGTRAQ ID: 31380 CVE ID:CVE-2008-3638 CNCVE ID:CNCVE-20083638 Apple Mac OS X是一款商业性质的操作系统。 Apple Mac OS X不正确处理特殊构建的Java Applet,远程攻击者可以利用漏洞以应用程序上下文执行任意可执行程序。 Java插件没有阻止从file:// URL方式启动,构建恶意的Java Applet,诱使用户装载,可导致'file://' URL装载目标系统上的任意文件,导致任意代码执行。 Apple Mac OS X Server 10.5.5 Apple Mac OS X Server...

9.3CVSS6.4AI score0.0321EPSS
Exploits1
Rows per page
Query Builder