36 matches found
CVE-2026-20847 Microsoft Windows File Explorer Spoofing Vulnerability
...
EUVD-2018-16958
Malware in sbrugna...
EUVD-2015-5031
Malware in sbrugna...
EUVD-2019-5178
Malware in sbrugna...
EUVD-2005-3701
Malware in sbrugna...
CVE-2010-3292
The updatebad,phishingsites scripts in mailscanner 4.79.11-2 downloads files and trusts them without using encryption e.g., https or digital signature checking which could allow an attacker to replace certain configuration files e.g., phishing whitelist via dns/packet spoofing...
Cisco Webex Teams 安全漏洞
Cisco Webex Teams is a comprehensive communications application designed to provide you with all the necessary tools and the right environment to enhance team collaboration. A shared file manipulation vulnerability exists in versions prior to Cisco Webex Teams 40.12.0.17293. The vulnerability ste...
CVE-2019-13762
Insufficient policy enforcement in downloads in Google Chrome on Windows prior to 79.0.3945.79 allowed a local attacker to spoof downloaded files via local code...
CVE-2019-13762
Insufficient policy enforcement in downloads in Google Chrome on Windows prior to 79.0.3945.79 allowed a local attacker to spoof downloaded files via local code...
Fake 'Windows Update' Installs Cyborg Ransomware
A malicious spam campaign that informs victims it contains a “critical Windows update” instead leads to the installation of Cyborg ransomware, researchers have found. Further, they were able to access its builder, which can be used to create malware variants. The email-based threat, discovered...
Design/Logic Flaw
It is possible to spoof the filename of an attachment and display an arbitrary attachment name. This could lead to a user opening a remote attachment which is a different file type than expected. This vulnerability affects Thunderbird ESR 52.8 and Thunderbird 52.8...
FreeBSD : mozilla -- multiple vulnerabilities (5aefc41e-d304-4ec8-8c82-824f84f08244)
Mozilla Foundation reports : CVE-2018-5183: Backport critical security fixes in Skia CVE-2018-5154: Use-after-free with SVG animations and clip paths CVE-2018-5155: Use-after-free with SVG animations and text paths CVE-2018-5157: Same-origin bypass of PDF Viewer to view protected PDF files...
mozilla -- multiple vulnerabilities
Mozilla Foundation reports: CVE-2018-5183: Backport critical security fixes in Skia CVE-2018-5154: Use-after-free with SVG animations and clip paths CVE-2018-5155: Use-after-free with SVG animations and text paths CVE-2018-5157: Same-origin bypass of PDF Viewer to view protected PDF files...
CVE-2009-1197
CVE-2009-1197 concerns Apache jUDDI prior to 2.0, where an error in logging keys via uddiget.jsp can allow an attacker to spoof entries in log files. The affected component is the logging path tied to uddiget.jsp; the underlying issue is log spoofing through error logging of keys. The published d...
CVE-2017-14604
GNOME Nautilus before 3.23.90 allows attackers to spoof a file type by using the .desktop file extension, as demonstrated by an attack in which a .desktop file's Name field ends in .pdf but this file's Exec field launches a malicious "sh -c" command. In other words, Nautilus provides no UI...
CVE-2017-14604
GNOME Nautilus before 3.23.90 allows attackers to spoof a file type by using the .desktop file extension, as demonstrated by an attack in which a .desktop file's Name field ends in .pdf but this file's Exec field launches a malicious "sh -c" command. In other words, Nautilus provides no UI...
Command injection
GNOME Nautilus before 3.23.90 allows attackers to spoof a file type by using the .desktop file extension, as demonstrated by an attack in which a .desktop file's Name field ends in .pdf but this file's Exec field launches a malicious "sh -c" command. In other words, Nautilus provides no UI...
UBUNTU-CVE-2017-14604
GNOME Nautilus before 3.23.90 allows attackers to spoof a file type by using the .desktop file extension, as demonstrated by an attack in which a .desktop file's Name field ends in .pdf but this file's Exec field launches a malicious "sh -c" command. In other words, Nautilus provides no UI...
CVE-2017-14604
GNOME Nautilus before 3.23.90 allows attackers to spoof a file type by using the .desktop file extension, as demonstrated by an attack in which a .desktop file's Name field ends in .pdf but this file's Exec field launches a malicious "sh -c" command. In other words, Nautilus provides no UI...
CVE-2017-14604
GNOME Nautilus before 3.23.90 is vulnerable to spoofing a file type via the .desktop extension, allowing a .desktop file (e.g., named as something.pdf) whose Exec launches a malicious command to be displayed as a safe document. The attack depends on the file having execute permissions, and Nautil...