CVE-2024-33880

An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. It discloses full pathnames via Virto.SharePoint.FileDownloader/Api/Download.ashx?action=archive...

CVE-2024-33880

An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. It discloses full pathnames via Virto.SharePoint.FileDownloader/Api/Download.ashx?action=archive...

CVE-2024-33880

An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. It discloses full pathnames via Virto.SharePoint.FileDownloader/Api/Download.ashx?action=archive...

Mozilla Firefox Sensitive Information Disclosure Vulnerability (CNVD-2016-08176)

Mozilla Firefox is an open source web browser. A vulnerability in Mozilla Firefox's handling of drag-and-drop operations can be exploited by remote attackers to construct a malicious web page that can be parsed to obtain full-pathname information...

UBUNTU-CVE-2016-5279

Mozilla Firefox before 49.0 allows user-assisted remote attackers to obtain sensitive full-pathname information during a local-file drag-and-drop operation via crafted JavaScript code...

DEBIAN-CVE-2015-2304

Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier allows remote attackers to write to arbitrary files via a full pathname in an archive...

CVE-2014-2377

Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to discover full pathnames via an application tag...

Code injection

Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to discover full pathnames via an application tag...

CVE-2014-2377 Ecava IntegraXor SCADA Server Information Exposure Through Environmental Variables

Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to discover full pathnames via an application tag...

CVE-2014-1816

Microsoft XML Core Services aka MSXML 3.0 and 6.0 does not properly restrict the information transmitted by Internet Explorer during a download action, which allows remote attackers to discover 1 full pathnames on the client system and 2 local usernames embedded in these pathnames via a crafted w...

CVE-2014-1816

Microsoft XML Core Services aka MSXML 3.0 and 6.0 does not properly restrict the information transmitted by Internet Explorer during a download action, which allows remote attackers to discover 1 full pathnames on the client system and 2 local usernames embedded in these pathnames via a crafted w...

CVE-2013-6660

The drag-and-drop implementation in Google Chrome before 33.0.1750.117 does not properly restrict the information in WebDropData data structures, which allows remote attackers to discover full pathnames via a crafted web site...

CVE-2013-6660

The drag-and-drop implementation in Google Chrome before 33.0.1750.117 does not properly restrict the information in WebDropData data structures, which allows remote attackers to discover full pathnames via a crafted web site...

Code injection

The drag-and-drop implementation in Google Chrome before 33.0.1750.117 does not properly restrict the information in WebDropData data structures, which allows remote attackers to discover full pathnames via a crafted web site...

CVE-2013-6660

Removed by vendor...

CVE-2013-6660

The drag-and-drop implementation in Google Chrome before 33.0.1750.117 does not properly restrict the information in WebDropData data structures, which allows remote attackers to discover full pathnames via a crafted web site...

Mozilla Foundation Security Advisory 2007-32

Mozilla Foundation Security Advisory 2007-32 Title: File input focus stealing vulnerability Impact: Moderate Announced: October 18, 2007 Reporter: hong, Charles McAuley Products: Firefox, SeaMonkey Fixed in: Firefox 2.0.0.8 SeaMonkey 1.1.5 Description A user on the Sla.ckers.org forums named hong...