CVE-2022-0840

The Easy Social Icons WordPress plugin before 3.2.1 does not properly escape the imagefile field when adding a new social icon, allowing high privileged users to inject arbitrary javascript even when the unfilteredhtml capability is disallowed...

CVE-2022-0840

The Easy Social Icons WordPress plugin before 3.2.1 does not properly escape the imagefile field when adding a new social icon, allowing high privileged users to inject arbitrary javascript even when the unfilteredhtml capability is disallowed...

The vulnerability in the dither.c component of the SIXEL Libsixel encoder/decoder implementation allows a attacker to cause a service failure.

The vulnerability of the dither.c component in the SIXEL Libsixel encoder/decoder implementation is related to errors during resource release. Exploiting this vulnerability allows a remote attacker to cause service interruptions using a specially created PNG file...

The vulnerability of the printLong function in the tags_int.cpp component of the Exiv2 media metadata management library allows a attacker to cause a service failure.

The vulnerability of the printLong function in the tagsint.cpp component of the Exiv2 media metadata management library is related to the lack of checks for division by zero. Exploiting this vulnerability allows a remote attacker to trigger a service failure using a specially created tif file...

OESA-2022-1607 libtiff security update

This provides support for the Tag Image File Format TIFF, a widely used format for storing image data. The latest version of the TIFF specification is available on-line in several different formats.And contains command-line programs for manipulating TIFF format image files using the libtiff...

CVE-2021-30497

Ivanti Avalanche Premise 6.3.2 allows remote unauthenticated users to read arbitrary files via Absolute Path Traversal. The imageFilePath parameter processed by the /AvalancheWeb/image endpoint is not verified to be within the scope of the image folder, e.g., the attacker can obtain sensitive...

Fedora: Security Advisory for libtiff (FEDORA-2022-c39720a0ed)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

The vulnerability of the Exiv2 metadata management library, related to the lack of use of the assert() function, allows a attacker to cause a service failure.

The vulnerability of the Exiv2 metadata management library is related to the insufficient use of the assert function. Exploiting this vulnerability allows a malicious actor to trigger a service failure through a specially created image file...

DEBIAN-CVE-2022-1056

Out-of-bounds Read error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 46dc8fcd...

PT-2022-4904 · Apple · Icloud For Windows +6

Name of the Vulnerable Software and Affected Versions: iCloud for Windows versions prior to 11.4 iCloud for Windows versions prior to 7.21 iOS versions prior to 14.0 iPadOS versions prior to 14.0 watchOS versions prior to 7.0 tvOS versions prior to 14.0 iTunes for Windows versions prior to 12.10....

CVE-2022-25574

A stored cross-site scripting XSS vulnerability in the upload function of /admin/show.php allows attackers to execute arbitrary web scripts or HTML via a crafted image file...

CVE-2022-25574

A stored cross-site scripting XSS vulnerability in the upload function of /admin/show.php allows attackers to execute arbitrary web scripts or HTML via a crafted image file...

Cross site scripting

A stored cross-site scripting XSS vulnerability in the upload function of /admin/show.php allows attackers to execute arbitrary web scripts or HTML via a crafted image file...

CVE-2022-25574

A stored cross-site scripting XSS vulnerability in the upload function of /admin/show.php allows attackers to execute arbitrary web scripts or HTML via a crafted image file...

unchecked size in _load_bmp leads to RAM exhaustion in version 3.10

Description Via a maliciously crafted bmp file with modified dx and dy header field values it is possible to trick the application into allocating huge buffer sizes like 64 Gigabyte upon reading the file from disk or from a virtual buffer. Version This does affect the newest Version of Cimg which...

PT-2022-17376 · Douco · Douphp

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: A stored cross-site scripting XSS issue exists in the upload function of the "/admin/show.php" API endpoint, allowing attackers to execute arbitrary web scripts or HTML via a crafte...

DouPHP 跨站脚本漏洞

A cross-site scripting vulnerability exists in DouPHP, a lightweight enterprise content management system CMS from China DouShell Network Technology. The vulnerability stems from a lack of data validation filtering of user-supplied data and output in the upload function of dmin/show.php. An...

UBUNTU-CVE-2022-27811

GNOME OCRFeeder before 0.8.4 allows OS command injection via shell metacharacters in a PDF or image filename...

WordPress Easy Social Icons plugin cross-site scripting vulnerability

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin for WordPress. A cross-site scripting vulnerability exists in versions of the WordPress Easy Social Icons plugin prior to 3.2.1, which stems from the...

Silicon Graphics LibTIFF 缓冲区错误漏洞

Silicon Graphics LibTIFF is a library for reading and writing TIFF Tagged Image File Format files from Silicon Graphics, USA. The library contains some command line tools for working with TIFF files. A security vulnerability exists in Silicon Graphics LibTIFF. An attacker can force to read an...