CVE-2019-1079

An information disclosure vulnerability exists when Visual Studio improperly parses XML input in certain settings files, aka 'Visual Studio Information Disclosure Vulnerability'...

Friendica 安全漏洞

Friendica is an application of the German Friendica community. It provides decentralized social networking. A security vulnerability exists in Friendica version 2024.03, which stems from susceptibility to cross-site scripting attacks in settings/configuration files via homepage, xmpp and matrix...

Ferdi 跨站请求伪造漏洞

Ferdi is software used to combine multiple applications together. A security vulnerability exists in Ferdi version 5.8.1, Ferdium version 6.0.0-nightly.98, which stems from a vulnerability that allows an attacker to read files via uploaded files e.g., settings/preferences files...

Canonical Apport 资源管理错误漏洞

Canonical Apport is a toolkit from Canonical UK that collects and provides feedback on error messages information that the operating system considers useful when an application crashes. A resource management error vulnerability exists in Canonical Apport, which arises from the application not...

CVE-2021-39748

In InputMethodEditor, there is a possible way to access some files accessible to Settings due to an unsafe PendingIntent. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

CVE-2019-6854

A CWE-287: Improper Authentication vulnerability exists in a folder within EcoStruxure Geo SCADA Expert ClearSCADA -with initial releases before 1 January 2019- which could cause a low privilege user to delete or modify database, setting or certificate files. Those users must have access to the...

Security update for the information disclosure vulnerability in Visual Studio 2012 Update 5 (KB4506162)

An information disclosure vulnerability exists when Visual Studio improperly parses XML input in certain settings files...

CVE-2019-1079

An information disclosure vulnerability exists when Visual Studio improperly parses XML input in certain settings files, aka 'Visual Studio Information Disclosure Vulnerability'...

(0Day) Microsoft Visual Studio settings XML External Entity Processing Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Visual Studio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

qdPM Information Disclosure Vulnerability

qdPM is a free , open source based on Symfony framework using PHP and MySQL development project management system . An information disclosure vulnerability exists in qdPM version 8.3. A remote attacker can exploit this vulnerability by sending a direct request to core/config/databases.yml,...

Java Web Start may insecurely load settings files

Overview Java Web Start provided Oracle may use unsafe methods for determining how to load settings files. Java Web Start is tool to distribute Java applications over the web and is contained in Java applications such as JRE Java Runtime Environment Java Web Start contains an issue with the file...

JVN#09206238: Java Web Start may insecurely load settings files

Java Web Start is tool to distribute Java applications over the web and is contained in Java applications such as JRE Java Runtime Environment Java Web Start contains an issue with the file search path, which may insecurely load settings files. Impact An attacker may execute arbitrary code with t...