13 matches found
SUSE SLES12 Security Update : giflib (SUSE-SU-2026:2667-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2026:2667-1 advisory. This update for giflib fixes the following issue - CVE-2026-26740: heap out-of-bounds read when processing a specially crafted GIF file containing a GC...
EUVD-2012-5767
Malware in sbrugna...
CVE-2021-26804
Insecure Permissions in Centreon Web versions 19.10.18, 20.04.8, and 20.10.2 allows remote attackers to bypass validation by changing any file extension to ".gif", then uploading it in the "Administration/ Parameters/ Images" section of the application...
DEBIAN-CVE-2013-4231
Multiple buffer overflows in libtiff before 4.0.3 allow remote attackers to cause a denial of service out-of-bounds write via a crafted 1 extension block in a GIF image or 2 GIF raster image to tools/gif2tiff.c or 3 a long filename for a TIFF image to tools/rgb2ycbcr.c. NOTE: vectors 1 and 3 are...
TailoredWeb Shell Upload
Title : TailoredWeb FileShell Upload Vulnerability Author: eXeSoul Home : www.indishell.in or www.andhrahackers.com Email : [email protected] date : 19/3/2011 D0rk : Developed By TailoredWeb.com category : Web Apps php .-" "-. / \ | eXeSoul | |, .-. .-. ,| | o/ \o | |/ /\ | @ ^^ \|IIIIII|/ @8@8 /...
MCFileManager Plugin for TinyMCE 3.2.2.3 - Arbitrary File Upload
============================================== File Upload Vulnerability Plugins tinymce ============================================== http://tinymce.moxiecode.com/pluginsfilemanager.php Major version 3 Minor version 2.2.3 Author : Vladimir Vorontsov Contact : d0znpp at gmail dot com Greetz : GN...
CVE-2010-2802
Cross-site scripting XSS vulnerability in MantisBT before 1.2.2 allows remote authenticated users to inject arbitrary web script or HTML via an HTML document with a .gif filename extension, related to inline attachments...
DEBIAN-CVE-2009-0749
Use-after-free vulnerability in the GIFReadNextExtension function in lib/pngxtern/gif/gifread.c in OptiPNG 0.6.2 and earlier allows context-dependent attackers to cause a denial of service application crash via a crafted GIF image that causes the realloc function to return a new pointer, which...
CVE-2006-3128
choosefile.php in easy-CMS 0.1.2, when modmime is installed, does not restrict uploads of filenames with multiple extensions, which allows remote attackers to execute arbitrary PHP code by uploading a PHP file with a GIF file extension, then directly accessing that file in the Repositories...
Design/Logic Flaw
Russcom PHPImages allows remote attackers to upload files of arbitrary types by uploading a file with a .gif extension. NOTE: due to lack of specific information about attack vectors do not depend on the existence of another vulnerability, it is not clear whether this is a vulnerability...
CVE-2006-2588
Russcom PHPImages allows remote attackers to upload files of arbitrary types by uploading a file with a .gif extension. NOTE: due to lack of specific information about attack vectors do not depend on the existence of another vulnerability, it is not clear whether this is a vulnerability...
CVE-2006-2588
CVE-2006-2588 involves Russcom PHPImages, with multiple sources describing that remote attackers could upload files of arbitrary types by using a file with a .gif extension. The entries repeatedly warn that, due to lack of specific information about attack vectors, it is not clear whether this co...
CVE-2006-2588
Russcom PHPImages allows remote attackers to upload files of arbitrary types by uploading a file with a .gif extension. NOTE: due to lack of specific information about attack vectors do not depend on the existence of another vulnerability, it is not clear whether this is a vulnerability...