Lucene search
K

41 matches found

Richard Bejtlich's blog
Richard Bejtlich's blog
added 2025/11/04 12:49 a.m.7 views

Creating a Linux Application Using VSCodium, Cline, OpenRouter, and Claude

In March I created a Windows Application Using Visual Studio Code, Cline, OpenRouter, and Claude. This was a program that created square screen captures. The user doesn't need to manually ensure the dimensions are a square. The program makes the window grow and shrink while keeping the length equ...

7.1AI score
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-2709

Malware in sbrugna...

5.9CVSS5.9AI score0.01576EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/05/23 3:10 a.m.5 views

CVE-2023-21486

Improper export of android application components vulnerability in ImagePreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox...

5.3CVSS6.3AI score0.0025EPSS
Exploits0References1
0day.today
0day.today
added 2025/02/09 12:0 a.m.189 views

Gleamtech FileVista 9.2.0.0 Missing Authorization Vulnerability

A vulnerability exists in Gleamtech FileVista version 9.2.0.0 that allows unauthorized access to image files, even after the HTTP cookie associated with the session is deleted. The issue arises due to insufficient validation of session or authentication tokens on the server side. Exploit Title:...

6.5CVSS6.8AI score0.00481EPSS
Exploits3
OSV
OSV
added 2023/05/04 9:15 p.m.4 views

CVE-2023-21486

Improper export of android application components vulnerability in ImagePreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox...

4.6CVSS5.8AI score0.0025EPSS
Exploits0References1
NVD
NVD
added 2022/08/31 8:15 p.m.25 views

CVE-2022-36048

Zulip is an open-source team collaboration tool with topic-based threading that combines email and chat. When displaying messages with embedded remote images, Zulip normally loads the image preview via a go-camo proxy server. However, an attacker who can send messages could include a crafted URL...

4.3CVSS0.00507EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/03/24 12:0 a.m.4 views

Nextcloud 安全漏洞

Nextcloud is a suite of open source, self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud. An attacker could trigger a denial of service by generating an image preview to overload Nextcloud...

5.5AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2021/09/15 12:0 a.m.45 views

openSUSE 15 Security Update : nextcloud (openSUSE-SU-2021:1255-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1255-1 advisory. - Nextcloud Text is an open source plaintext editing application which ships with the nextcloud server. In affected versions the Nextcloud...

10CVSS6.7AI score0.02604EPSS
Exploits0References10
CNNVD
CNNVD
added 2021/05/07 12:0 a.m.7 views

竣禾科技全方位通讯系统跨站脚本漏洞

Junghee Technology Omni-Communication System is an application software of China Junghee Technology Co. It is used for communication gateway system. A cross-site scripting vulnerability exists in the Junghua Technology Omni-Communication System, which originates from the special characters on the...

5.4CVSS5.6AI score0.00586EPSS
Exploits0References1
Prion
Prion
added 2021/02/19 7:15 a.m.18 views

Authentication flaw

An issue was discovered in ownCloud before 10.4. An attacker can bypass authentication on a password-protected image by displaying its preview...

4.3CVSS5.9AI score0.01576EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2021/02/19 6:2 a.m.20 views

CVE-2020-10254

An issue was discovered in ownCloud before 10.4. An attacker can bypass authentication on a password-protected image by displaying its preview...

5.8AI score0.01576EPSS
Exploits1References3
CVE
CVE
added 2021/02/19 6:2 a.m.105 views

CVE-2020-10254

CVE-2020-10254 affects ownCloud prior to 10.4, where an attacker can bypass authentication by leveraging the preview of a password-protected image. The vulnerability relates to access control on image previews, potentially allowing unauthorized users to view protected content. The issue is docume...

5.9CVSS5.8AI score0.01576EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2020/01/13 11:15 p.m.14 views

Cross site scripting

An issue was discovered on Cayin SMP-PRO4 devices. They allow imagepreview.html?filename= reflected XSS...

4.3CVSS6.3AI score0.007EPSS
Exploits1References1
Cvelist
Cvelist
added 2020/01/13 10:17 p.m.19 views

CVE-2020-6955

An issue was discovered on Cayin SMP-PRO4 devices. They allow imagepreview.html?filename= reflected XSS...

6.4AI score0.007EPSS
Exploits1References1
Hacker One
Hacker One
added 2019/11/13 12:7 p.m.24 views

Mail.ru: IP address can be leaked on Image preview in ICQ for Android chat

Описание: При отправке пользователю изображения, в android версии в web и mac версии клиента этой проблемы не наблюдаю со внешнего ресурса, при открытии превью изображения "жертвой", отправляется запрос на внешний сервер с IP адреса клиента. Воспроизведение: 1. Отправляем пользователю сообщение с...

7.1AI score
Exploits0
WPVulnDB
WPVulnDB
added 2016/03/22 12:0 a.m.16 views

Memphis Document Library Plugin <= 3.1.5 - Arbitrary File Download

The function "mdocsimgpreview" is in charge of downloading image previews previously uploaded by the administrator, but it does not sanitize the file path being downloaded, thus, allowing to download arbitrary files in the file system. The vulnerable GET parameter is "mdocs-img-preview". The...

0.6AI score
Exploits0References1Affected Software1
NVD
NVD
added 2014/12/01 3:59 p.m.18 views

CVE-2014-5237

Server-side request forgery SSRF vulnerability in the documentconverter component in Open-Xchange OX AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allows remote attackers to trigger requests to arbitrary servers and embed arbitrary images via a URL in an embedded image in a Text...

4.3CVSS6.7AI score0.02357EPSS
Exploits1References3
Prion
Prion
added 2014/12/01 3:59 p.m.17 views

Server side request forgery (ssrf)

Server-side request forgery SSRF vulnerability in the documentconverter component in Open-Xchange OX AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allows remote attackers to trigger requests to arbitrary servers and embed arbitrary images via a URL in an embedded image in a Text...

4.3CVSS7.3AI score0.02357EPSS
Exploits1References3Affected Software1
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.72 views

Remote command injection in Ruby Gem kelredd-pruview 0.3.8

Remote command injection in Ruby Gem kelredd-pruview 0.3.8 Larry W. Cashdollar 4/4/2013 @larry0 Description: "A gem to ease generating image previews thumbnails of various files." https://rubygems.org/gems/kelredd-pruview Remote commands can be executed if the file name contains shell meta...

8AI score
Exploits0
CVE
CVE
added 2009/03/16 7:0 p.m.40 views

CVE-2008-6480

CVE-2008-6480 describes a CSRF vulnerability in Datalife Engine 6.7, specifically in engine/modules/imagepreview.php, where an attacker can hijack the authentication of arbitrary users by sending requests with a modified image parameter. The vulnerability affects the imagepreview functionality an...

6.8CVSS7.4AI score0.00574EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder