41 matches found
Creating a Linux Application Using VSCodium, Cline, OpenRouter, and Claude
In March I created a Windows Application Using Visual Studio Code, Cline, OpenRouter, and Claude. This was a program that created square screen captures. The user doesn't need to manually ensure the dimensions are a square. The program makes the window grow and shrink while keeping the length equ...
EUVD-2020-2709
Malware in sbrugna...
CVE-2023-21486
Improper export of android application components vulnerability in ImagePreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox...
Gleamtech FileVista 9.2.0.0 Missing Authorization Vulnerability
A vulnerability exists in Gleamtech FileVista version 9.2.0.0 that allows unauthorized access to image files, even after the HTTP cookie associated with the session is deleted. The issue arises due to insufficient validation of session or authentication tokens on the server side. Exploit Title:...
CVE-2023-21486
Improper export of android application components vulnerability in ImagePreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox...
CVE-2022-36048
Zulip is an open-source team collaboration tool with topic-based threading that combines email and chat. When displaying messages with embedded remote images, Zulip normally loads the image preview via a go-camo proxy server. However, an attacker who can send messages could include a crafted URL...
Nextcloud 安全漏洞
Nextcloud is a suite of open source, self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud. An attacker could trigger a denial of service by generating an image preview to overload Nextcloud...
openSUSE 15 Security Update : nextcloud (openSUSE-SU-2021:1255-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1255-1 advisory. - Nextcloud Text is an open source plaintext editing application which ships with the nextcloud server. In affected versions the Nextcloud...
竣禾科技全方位通讯系统跨站脚本漏洞
Junghee Technology Omni-Communication System is an application software of China Junghee Technology Co. It is used for communication gateway system. A cross-site scripting vulnerability exists in the Junghua Technology Omni-Communication System, which originates from the special characters on the...
Authentication flaw
An issue was discovered in ownCloud before 10.4. An attacker can bypass authentication on a password-protected image by displaying its preview...
CVE-2020-10254
An issue was discovered in ownCloud before 10.4. An attacker can bypass authentication on a password-protected image by displaying its preview...
CVE-2020-10254
CVE-2020-10254 affects ownCloud prior to 10.4, where an attacker can bypass authentication by leveraging the preview of a password-protected image. The vulnerability relates to access control on image previews, potentially allowing unauthorized users to view protected content. The issue is docume...
Cross site scripting
An issue was discovered on Cayin SMP-PRO4 devices. They allow imagepreview.html?filename= reflected XSS...
CVE-2020-6955
An issue was discovered on Cayin SMP-PRO4 devices. They allow imagepreview.html?filename= reflected XSS...
Mail.ru: IP address can be leaked on Image preview in ICQ for Android chat
Описание: При отправке пользователю изображения, в android версии в web и mac версии клиента этой проблемы не наблюдаю со внешнего ресурса, при открытии превью изображения "жертвой", отправляется запрос на внешний сервер с IP адреса клиента. Воспроизведение: 1. Отправляем пользователю сообщение с...
Memphis Document Library Plugin <= 3.1.5 - Arbitrary File Download
The function "mdocsimgpreview" is in charge of downloading image previews previously uploaded by the administrator, but it does not sanitize the file path being downloaded, thus, allowing to download arbitrary files in the file system. The vulnerable GET parameter is "mdocs-img-preview". The...
CVE-2014-5237
Server-side request forgery SSRF vulnerability in the documentconverter component in Open-Xchange OX AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allows remote attackers to trigger requests to arbitrary servers and embed arbitrary images via a URL in an embedded image in a Text...
Server side request forgery (ssrf)
Server-side request forgery SSRF vulnerability in the documentconverter component in Open-Xchange OX AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allows remote attackers to trigger requests to arbitrary servers and embed arbitrary images via a URL in an embedded image in a Text...
Remote command injection in Ruby Gem kelredd-pruview 0.3.8
Remote command injection in Ruby Gem kelredd-pruview 0.3.8 Larry W. Cashdollar 4/4/2013 @larry0 Description: "A gem to ease generating image previews thumbnails of various files." https://rubygems.org/gems/kelredd-pruview Remote commands can be executed if the file name contains shell meta...
CVE-2008-6480
CVE-2008-6480 describes a CSRF vulnerability in Datalife Engine 6.7, specifically in engine/modules/imagepreview.php, where an attacker can hijack the authentication of arbitrary users by sending requests with a modified image parameter. The vulnerability affects the imagepreview functionality an...