CVE-2022-40126

A misconfiguration in the Service Mode profile directory of Clash for Windows v0.19.9 allows attackers to escalate privileges and execute arbitrary commands when Service Mode is activated...

CVE-2012-6472

Opera before 12.12 on UNIX uses weak permissions for the profile directory, which allows local users to obtain sensitive information by reading a 1 cache file, 2 password file, or 3 configuration file, or 4 possibly gain privileges by modifying or overwriting a configuration file...

SUSE CVE-2014-1566

Mozilla Firefox before 31.1 on Android does not properly restrict copying of local files onto the SD card during processing of file: URLs, which allows attackers to obtain sensitive information from the Firefox profile directory via a crafted application. NOTE: this vulnerability exists because o...

SUSE CVE-2020-6828

A malicious Android application could craft an Intent that would have been processed by Firefox for Android and potentially result in a file overwrite in the user's profile directory. One exploitation vector for this would be to supply a user.js file providing arbitrary malicious preference value...

CVE-2022-40126

A misconfiguration in the Service Mode profile directory of Clash for Windows v0.19.9 allows attackers to escalate privileges and execute arbitrary commands when Service Mode is activated...

Mozilla Firefox Security Advisory (MFSA2018-22) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

gcc security and bug fix update

8.3.1-5.0.3 - Fix Orabug 29838827 - provide an option to adjust the maximum depth of nested include This is the same bug as gcc upstream PR90581 from Gcc9: gcc9-pr90581.patch - Fix Orabug 29541051 - confusing error message when there is a problem with ASANOPTIONS 'ERROR: expected '='' This is the...

CVE-2020-6828

A malicious Android application could craft an Intent that would have been processed by Firefox for Android and potentially result in a file overwrite in the user's profile directory. One exploitation vector for this would be to supply a user.js file providing arbitrary malicious preference value...

CVE-2020-6828

A malicious Android application could craft an Intent that would have been processed by Firefox for Android and potentially result in a file overwrite in the user's profile directory. One exploitation vector for this would be to supply a user.js file providing arbitrary malicious preference value...

CVE-2019-18192

GNU Guix 1.0.1 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable, a similar issue to CVE-2019-17365...

CVE-2018-12385

A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. This issue is only exploitable in combination with another vulnerability allowing an attacker to write data into the local cache or from locally...

CVE-2014-1566

CVE-2014-1566 affects Mozilla Firefox on Android (before 31.1). Affected component: processing of file: URLs allows a crafted application to copy local files to the SD card and exfiltrate data from the Firefox profile directory. Root cause noted as an incomplete fix for CVE-2014-1515. Impact desc...

Firefox for Android Profile Directory Derandomization and Data Exfiltration (CVE-2014-1484, CVE-2014-1506, CVE-2014-1515, CVE-2014-1516)

Hi, We have recently discovered a series of vulnerabilities in Firefox for Android that allows a malicious application to successfully derandomize the Firefox profile directory name in a practical amount of time and then leak sensitive data such as cookies and cached information which reside in...

Mozilla Firefox for Android < 28.0.1 Multiple Vulnerabilities

Binary data 8175.prm...

Profile path leaks to Android system log — Mozilla

Mozilla developer Roee Hay reported that Firefox for Android profile paths leak to the Android system log. When running on Android 4.2 or earlier, other applications are able to read these log files, leading to information disclosure from the user's profile directory. This issue was also...

CVE-2013-0774

Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 do not prevent JavaScript workers from reading the browser-profile directory name, which has unspecified impact and remote attack vectors...

CVE-2006-4949

Cross-site scripting XSS vulnerability in the Drupal 4.6 Site Profile Directory profilepages.module before 1.1.2.1 and the Drupal 4.7 Site Profile Directory profilepages.module before 1.2.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "lack o...

CVE-2006-4949

Drupal 4.6 Site Profile Directory (profile_pages.module) before 1.1.2.1 and Drupal 4.7 Site Profile Directory (profile_pages.module) before 1.2.2.1 contain an XSS vulnerability caused by lack of output validation, potentially in the name and title parameters. Remote attackers could inject arbitra...

CVE-2006-4949

Cross-site scripting XSS vulnerability in the Drupal 4.6 Site Profile Directory profilepages.module before 1.1.2.1 and the Drupal 4.7 Site Profile Directory profilepages.module before 1.2.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "lack o...

phpBB 2.0.12 - Change User Rights Authentication Bypass

/ Paisterist's code was nice but heres mil's version. precompiled: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/897.rar Usage: bcc32 897.cpp and place the exe in your firefox profile dir. Usually C:\Documents and Settings\Application...