EUVD-2022-1470

Malicious code in bioql PyPI...

CVE-2025-1936 Adding %00 and a fake extension to a jar: URL changed the interpretation of the contents

jar: URLs retrieve local file content packaged in a ZIP archive. The null and everything after it was ignored when retrieving the content from the archive, but the fake extension after the null was used to determine the type of content. This could have been used to hide code in a web extension...

CVE-2025-1936

jar: URLs retrieve local file content packaged in a ZIP archive. The null and everything after it was ignored when retrieving the content from the archive, but the fake extension after the null was used to determine the type of content. This could have been used to hide code in a web extension...

XML External Entity (XXE)

org.cyclonedx:cyclonedx-core-java is vulnerable to XML External Entity XXE.The vulnerability is caused due to improper configuration of the DocumentBuilderFactory used to evaluate XPath expressions to determine the schema version of the BOM before deserializing CycloneDX Bill of Materials in XML...

Arbitrary File Read

ruby-mysql is vulnerable to arbitrary file read. A malicious MySQL server can request local file content from a client without explicit authorization from the user if the filename specified by the server does not match with OPTLOADDATALOCALDIR...

Authorization

A malicious MySQL server can request local file content from a client using ruby-mysql prior to version 2.10.0 without explicit authorization from the user. This issue was resolved in version 2.10.0 and later...

CVE-2022-27193

CVRF-CSAF-Converter before 1.0.0-rc2 resolves XML External Entities XXE. This leads to the inclusion of arbitrary local file content into the generated output document. An attacker can exploit this to disclose information from the system running the converter...

UBUNTU-CVE-2018-5134

WebExtensions may use "view-source:" URLs to view local "file:" URL content, as well as content stored in "about:cache", bypassing restrictions that only allow WebExtensions to view specific content. This vulnerability affects Firefox 59...

FFmpeg arbitrary file read vulnerability analysis-vulnerability warning-the black bar safety net

Vulnerability analysis The vulnerability was originally developed by neex submitted to the HackerOne platform, and eventually get a 1000$bonus, the original link is https://hackerone.com/reports/226756 the. According to the authors, the exploitability of the vulnerability in the FFmpeg can handle...

Mac OS X : Apple Safari < 6.1.5 / 7.0.5 Multiple Vulnerabilities

The version of Apple Safari installed on the remote Mac OS X host is a version prior to 6.1.5 or 7.0.5. It is, therefore, affected by the following vulnerabilities : - Multiple memory corruption vulnerabilities exist in WebKit that could lead to unexpected program termination or arbitrary code...

CentOS Update for firefox CESA-2009:1095 centos5 i386

Check for the Version of firefox OpenVAS Vulnerability Test CentOS Update for firefox CESA-2009:1095 centos5 i386 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

CentOS 3 : seamonkey (CESA-2009:1096)

Updated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat...

Critical: Red Hat Security Advisory: seamonkey security update

Updated seamonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat...

Bugzilla '--attach_path'目录遍历漏洞

BUGTRAQ ID: 30661 CNCAN ID：CNCAN-2008081413 Bugzilla是一款开源的软件bug追踪系统。 Bugzilla存在目录遍历问题，远程攻击者可以利用漏洞以服务程序上下文查看本地文件内容。 当使用importxml.pl导入bugs时，可指定--attachpath选项，指向要导入附件所存储的目录，如果XML文件被importxml.pl读取时包含 data...