CVE-2020-20718

File Upload vulnerability in PluckCMS v.4.7.10 dev versions allows a remote attacker to execute arbitrary code via a crafted image file to the the savefile parameter...

CVE-2020-20718

File Upload vulnerability in PluckCMS v.4.7.10 dev versions allows a remote attacker to execute arbitrary code via a crafted image file to the the savefile parameter...

ImageMagick 缓冲区错误漏洞

ImageMagick is a set of open-source image processing software from the American company ImageMagick. The software can read, convert, or write images in a variety of formats. ImageMagick suffers from a security vulnerability that stems from a stack-based buffer overflow problem found in...

CVE-2023-2819

A stored cross-site scripting vulnerability in the Sources UI in Proofpoint Threat Response/ Threat Response Auto Pull PTR/TRAP could allow an authenticated administrator on an adjacent network to replace the image file with an arbitrary MIME type. This could result in arbitrary javascript code...

CVE-2023-2819

A stored cross-site scripting vulnerability in the Sources UI in Proofpoint Threat Response/ Threat Response Auto Pull PTR/TRAP could allow an authenticated administrator on an adjacent network to replace the image file with an arbitrary MIME type. This could result in arbitrary javascript code...

Important: python-pillow

Issue Overview: Pillow before 2.7.0 allows remote attackers to cause a denial of service via a compressed text chunk in a PNG image that has a large size when it is decompressed. CVE-2014-9601 Pillow before 3.3.2 allows context-dependent attackers to execute arbitrary code by using the "crafted...

OESA-2023-1317 libwebp security update

This is an image format that does lossy compression of digital photographic images. WebP consists of a codec based on VP8, and a container based on RIFF. Webmasters, web developers and browser developers can use WebP to compress, archive and distribute digital images more efficiently. Security...

CVE-2023-30774

A vulnerability was found in the libtiff library. This flaw causes a heap buffer overflow issue via the TIFFTAGINKNAMES and TIFFTAGNUMBEROFINKS values...

CVE-2023-31699

ChurchCRM v4.5.4 is vulnerable to Reflected Cross-Site Scripting XSS via image file...

CVE-2023-31699

ChurchCRM v4.5.4 is vulnerable to Reflected Cross-Site Scripting XSS via image file...

CVE-2023-31699

ChurchCRM v4.5.4 is vulnerable to Reflected Cross-Site Scripting XSS via image file...

Cross site scripting

ChurchCRM v4.5.4 is vulnerable to Reflected Cross-Site Scripting XSS via image file...

CVE-2023-31699

ChurchCRM v4.5.4 is vulnerable to Reflected Cross-Site Scripting XSS via image file...

PT-2023-23420 · Churchcrm · Churchcrm

Name of the Vulnerable Software and Affected Versions: ChurchCRM version 4.5.4 Description: The issue is related to Reflected Cross-Site Scripting XSS via an image file. This means that an attacker could potentially inject malicious scripts into the website, which would then be executed by the...

CVE-2023-31699

ChurchCRM v4.5.4 is vulnerable to Reflected Cross-Site Scripting XSS via image file...

CVE-2023-31699

ChurchCRM v4.5.4 is affected by a Reflected Cross-Site Scripting (XSS) via image file. According to multiple sources (Exploit-DB entry for authenticated exploit and related CVE records), the vulnerability can be triggered through the CSV Import workflow after logging in as an admin, enabling an a...

USN-6078-1: libwebp vulnerability

Irvan Kurniawan discovered that libwebp incorrectly handled certain memory operations. If a user or automated system were tricked into opening a specially crafted image file, a remote attacker could use this issue to cause libwebp to crash, resulting in a denial of service, or possibly execute...

PT-2023-5556 · Accusoft · Accusoft Imagegear

Name of the Vulnerable Software and Affected Versions: Accusoft ImageGear version 20.1 Description: A heap-based buffer overflow vulnerability exists in the create png object functionality. This issue is related to a buffer overflow, which can be triggered by a specially crafted malicious PNG fil...

libtiff: out-of-bounds read in tiffcp in tools/tiffcp.c

A flaw was found in tiffcp, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the tiffcp function in tools/tiffcp.c, resulting in a denial of service and limited information disclosure...

libtiff: out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c

An out-of-bounds write flaw was found in the TIFFmemset function in libtiff/tifunix.c in the libtiff package. By persuading a victim to open a specially-crafted TIFF image file, a remote attacker could cause a denial of service condition...