Untrusted Search Path

Overview Affected versions of this package are vulnerable to Untrusted Search Path in resource detection code which executes ioreg, when the PATH environment variable is modified to include a malicious executable. An attacker can execute arbitrary code within the context of the application by...

Untrusted Search Path

Overview Affected versions of this package are vulnerable to Untrusted Search Path in resource detection code which executes ioreg, when the PATH environment variable is modified to include a malicious executable. An attacker can execute arbitrary code within the context of the application by...

CVE-2026-24051 OpenTelemetry-Go Affected by Arbitrary Code Execution via PATH Hijacking

OpenTelemetry-Go is the Go implementation of OpenTelemetry. The OpenTelemetry Go SDK in version v1.20.0-1.39.0 is vulnerable to Path Hijacking Untrusted Search Paths on macOS/Darwin systems. The resource detection code in sdk/resource/hostid.go executes the ioreg system command using a search pat...

CVE-2026-24051

OpenTelemetry-Go is the Go implementation of OpenTelemetry. The OpenTelemetry Go SDK in version v1.20.0-1.39.0 is vulnerable to Path Hijacking Untrusted Search Paths on macOS/Darwin systems. The resource detection code in sdk/resource/hostid.go executes the ioreg system command using a search pat...

OpenTelemetry-Go 代码问题漏洞

OpenTelemetry-Go is an open-source developer toolkit developed by OpenTelemetry - CNCF. Versions of OpenTelemetry-Go from 1.20.0 to 1.39.0 have code vulnerabilities. These vulnerabilities stem from path hijacking during the execution of the ioreg command in resource detection code, which may lead...

Mixed Resource Detection

Scanner discovered that the affected site is utilising both HTTP and HTTPS. While the HTML code is served over HTTPS, the server is also serving resources over an unencrypted channel, which can lead to the compromise of data, while providing a false sense of security to the user. No source data...

Sonar.js - Framework for identifying and launching exploits against internal network hosts

A framework for identifying and launching exploits against internal network hosts. Works via WebRTC IP enumeration, WebSocket host scanning, and external resource fingerprinting. How does it work? Upon loading the sonar.js payload in a modern web browser the following will happen: sonar.js will u...

Opera Web Browser 7.5 Resource Detection Weakness

No description provided by source. source: http://www.securityfocus.com/bid/10961/info Opera Web Browser is prone to a security weakness that may permit an attacker to determine the existence of resources on a vulnerable computer. An attacker can use an IFRAME that is accessible within the same...

Sun Management Center 3.0/3.5 Error Message Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8873/info A problem in the handling of error messages has been identified in Sun Management Center. Because of this, an attacker may be able to gain sensitive information about vulnerable hosts...

Microsoft Internet Explorer 6.0 Resource Detection Weakness

No description provided by source. source: http://www.securityfocus.com/bid/11026/info Microsoft Internet Explorer is prone to a security weakness that may permit an attacker to determine the existence of resources on a vulnerable computer. An attacker can use an IFRAME that is accessible within...

Microsoft Internet Explorer 6 - Resource Detection

Microsoft Internet Explorer 6 - Resource Detection source: https://www.securityfocus.com/bid/11026/info Microsoft Internet Explorer is prone to a security weakness that may permit an attacker to determine the existence of resources on a vulnerable computer. An attacker can use an IFRAME that is...

Microsoft Internet Explorer 6 - Resource Detection

source: https://www.securityfocus.com/bid/11026/info Microsoft Internet Explorer is prone to a security weakness that may permit an attacker to determine the existence of resources on a vulnerable computer. An attacker can use an IFRAME that is accessible within the same domain and change its URI...

Opera < 7.54u1 Web Browser Resource Detection Weakness

Binary data 1782.prm...

Opera Web Browser 7.5 - Resource Detection

Opera Web Browser 7.5 - Resource Detection source: https://www.securityfocus.com/bid/10961/info Opera Web Browser is prone to a security weakness that may permit an attacker to determine the existence of resources on a vulnerable computer. An attacker can use an IFRAME that is accessible within t...

Opera Web Browser 7.5 - Resource Detection

source: https://www.securityfocus.com/bid/10961/info Opera Web Browser is prone to a security weakness that may permit an attacker to determine the existence of resources on a vulnerable computer. An attacker can use an IFRAME that is accessible within the same domain and change its URI to the...