4 matches found
PortSwigger Web Security: Burp Suite Professional: browser-powered crawl can write attacker-controlled files through file input handling
A vulnerability was discovered in Burp Suite Professional 2026.3.3 on Windows. When Burp Scanner's browser-powered crawler crawled an attacker-controlled website, the website could force Burp to write an attacker-controlled file to an attacker-controlled local path. The issue was caused by Burp's...
PT-2026-7648
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 145.0.7632.45 Description A flaw exists in Google Chrome's file input handling that could allow a remote attacker to perform UI spoofing. This requires convincing a user to interact with a specially crafted HTML...
CVE-2022-23935
lib/Image/ExifTool.pm in ExifTool before 12.38 mishandles a $file = /|$/ check, leading to command injection...
Opera 6.0.1/6.0.2 - Arbitrary File Disclosure
source: https://www.securityfocus.com/bid/4834/info A vulnerability has been reported in Opera 6.01/6.02. The vulnerability is related to handling of the 'file' HTML input-type. It is possible for a server to set the file value, while fooling Opera into thinking no file has been specified. This i...