31 matches found
Flowise 代码问题漏洞
Flowise is an open-source tool developed by FlowiseAI, designed for easily building LLM applications. Prior versions of Flowise, such as 3.1.0, contained code vulnerabilities. These vulnerabilities stemmed from multiple logical flaws in the security wrapper, allowing attackers to bypass the...
GHSA-QQVM-66Q4-VF5C Flowise: SSRF Protection Bypass via Direct node-fetch / axios Usage (Patch Enforcement Failure)
Summary Flowise introduced SSRF protections through a centralized HTTP security wrapper httpSecurity.ts that implements deny-list validation and IP pinning logic. However, multiple tool implementations directly import and invoke raw HTTP clients node-fetch, axiosInstead of using the secured...
SUSE CVE-2009-2665
The nsDocument::SetScriptGlobalObject function in content/base/src/nsDocument.cpp in Mozilla Firefox 3.5.x before 3.5.2, when certain add-ons are enabled, does not properly handle a Link HTTP header, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafte...
Mozilla Firefox Security Advisory (MFSA2014-91) - Linux
This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...
Information Disclosure
firefox is vulnerable to information disclosure. The vulnerability exists the security wrapper does not deny access to some exposed properties using the deprecated exposedProps mechanism on proxy objects...
Denial Of Service (DoS)
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. CVE-2012-1948,...
Same Origin Policy Bypass
xulrunner is vulnerable to same origin policy bypass attacks. It omits a security check in the defaultValue function during the unwrapping of security wrappers, which allows remote attackers to bypass the Same Origin Policy and read the properties of a Location object, or execute arbitrary...
CVE-2017-7831
A vulnerability where the security wrapper does not deny access to some exposed properties using the deprecated "exposedProps" mechanism on proxy objects. These properties should be explicitly unavailable to proxy objects. This vulnerability affects Firefox 57...
CVE-2017-7831
A vulnerability where the security wrapper does not deny access to some exposed properties using the deprecated "exposedProps" mechanism on proxy objects. These properties should be explicitly unavailable to proxy objects. This vulnerability affects Firefox 57...
CVE-2017-7831
A vulnerability where the security wrapper does not deny access to some exposed properties using the deprecated "exposedProps" mechanism on proxy objects. These properties should be explicitly unavailable to proxy objects. This vulnerability affects Firefox 57...
CVE-2017-7831
A vulnerability where the security wrapper does not deny access to some exposed properties using the deprecated "exposedProps" mechanism on proxy objects. These properties should be explicitly unavailable to proxy objects. This vulnerability affects Firefox 57...
CVE-2017-7831
CVE-2017-7831 affects Firefox before 57. The vulnerability arises from the security wrapper not denying access to some exposed properties via the deprecated exposedProps mechanism on proxy objects. Multiple connected Nessus entries map this CVE to Firefox < 57.0 and refer to Mozilla’s mfsa2017...
CVE-2017-7831
A vulnerability where the security wrapper does not deny access to some exposed properties using the deprecated "exposedProps" mechanism on proxy objects. These properties should be explicitly unavailable to proxy objects. This vulnerability affects Firefox 57...
Firefox 17.0.1 Flash Privileged Code Injection
This exploit gains remote code execution on Firefox 17 and 17.0.1, provided the user has installed Flash. No memory corruption is used. First, a Flash object is cloned into the anonymous content of the SVG "use" element in the This module requires Metasploit: https://metasploit.com/download Curre...
openSUSE: Security Advisory for Mozilla (openSUSE-SU-2013:0323-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Mozilla Firefox ESR Multiple Vulnerabilities - November12 (Windows)
This host is installed with Mozilla Firefox ESR and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbmozillafirefoxesrmultvulnnov12win.nasl 6104 2017-05-11 09:03:48Z teissa $ Mozilla Firefox ESR Multiple Vulnerabilities - November12 Windows Authors: Arun Kallavi Copyright:...
Mozilla Firefox Multiple Vulnerabilities (Nov 2012) - Windows
Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mozilla Thunderbird Multiple Vulnerabilities - November12 (Windows)
This host is installed with Mozilla Thunderbird and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbmozillathunderbirdmultvulnnov12win.nasl 6086 2017-05-09 09:03:30Z teissa $ Mozilla Thunderbird Multiple Vulnerabilities - November12 Windows Authors: Arun Kallavi Copyright:...
Mozilla Seamonkey Multiple Vulnerabilities - November12 (Windows)
This host is installed with Mozilla Seamonkey and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbmozillaseamonkeymultvulnnov12win.nasl 6079 2017-05-08 09:03:33Z teissa $ Mozilla Seamonkey Multiple Vulnerabilities - November12 Windows Authors: Arun Kallavi Copyright:...
Mozilla Firefox Multiple Vulnerabilities - November12 (Windows)
This host is installed with Mozilla Firefox and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbmozillaprdtsmultvulnnov12win.nasl 5956 2017-04-14 09:02:12Z teissa $ Mozilla Firefox Multiple Vulnerabilities - November12 Windows Authors: Rachana Shetty Copyright: Copyright c...