38 matches found
Astra Linux - уязвимость в batik
A Server-Side Request Forgery SSRF vulnerability exists in Batik of Apache XML Graphics, allowing an attacker to load a URL through the jar protocol. This issue affects Apache XML Graphics Batik 1.14...
Astra Linux - уязвимость в firefox
Under specific circumstances, a WebExtension may receive a jar:file:/// URI instead of a moz-extension:/// URI during a load request. This allows directory paths to be accessed on the user’s machine. This vulnerability affects Firefox for Android 112, Firefox 112, and Focus for Android 112...
EUVD-2007-5917
Malware in sbrugna...
EUVD-2007-6555
Malware in sbrugna...
OESA-2023-1651 batik security update
Batik is an inline templating engine for CoffeeScript, inspired by CoffeeKup, that lets you write your template directly as a CoffeeScript function. Security Fixes: Server-Side Request Forgery SSRF vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protoco...
Security Bulletin: Multiple vulnerabilities in Apache Batik affect IBM Application Performance Management products
Summary Apache Batik is used by IBM Application Performance Management. Vulnerability Details CVEID:CVE-2022-40146 DESCRIPTION: Apache Batik is vulnerable to server-side request forgery, caused by a flaw in the DefaultScriptSecurity function. By sending a specially-crafted request, an attacker...
batik: Server-Side Request Forgery
Server-Side Request Forgery SSRF vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14...
batik: Server-Side Request Forgery
Server-Side Request Forgery SSRF vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14...
SUSE CVE-2007-5947
The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 retrieves the inner URL regardless of its MIME type, and considers HTML documents within a jar archive to have the same origin as the inner URL, which allows remote attackers to conduct cross-site scripting XSS...
SUSE CVE-2007-6589
The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 does not update the origin domain when retrieving the inner URL parameter yields an HTTP redirect, which allows remote attackers to conduct cross-site scripting XSS attacks via a jar: URI, a different...
SUSE CVE-2022-38398
Server-Side Request Forgery SSRF vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14...
GHSA-C5XV-QC8P-MH2V Apache Batik Server-Side Request Forgery
Server-Side Request Forgery SSRF vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14...
DEBIAN-CVE-2022-38398
Server-Side Request Forgery SSRF vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14...
UBUNTU-CVE-2022-38398
Server-Side Request Forgery SSRF vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14...
Apache XML Graphics Batik 代码问题漏洞
Apache XML Graphics Batik is a Java-based application from the Apache Foundation that is primarily used to process images in SVG format.A server-side request forgery vulnerability exists in Apache XML Graphics Batik due to a flaw in the A flaw in the DefaultExternalResourceSecurity function cause...
PT-2022-24405 · Apache +5 · Apache Xml Graphics Batik +5
Name of the Vulnerable Software and Affected Versions: Apache XML Graphics Batik version 1.14 Description: A Server-Side Request Forgery SSRF vulnerability in Apache XML Graphics Batik allows an attacker to load a URL through the jar protocol. This issue enables information disclosure...
CVE-2022-38398
Server-Side Request Forgery SSRF vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14...
view-source: protocol
The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to 1 bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; 2 read, create, or modify...
jar: protocol handler
Adobe Flash Player 9.0.124.0 and earlier, when a Mozilla browser is used, does not properly interpret jar: URLs, which allows attackers to obtain sensitive information via unknown vectors...
jar: protocol handler
Adobe Flash Player 9.0.124.0 and earlier, when a Mozilla browser is used, does not properly interpret jar: URLs, which allows attackers to obtain sensitive information via unknown vectors...