CVE-2022-47611

The CVE-2022-47611 entry describes a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress Hover Image plugin, affecting versions up to 1.4.1. Affected component: Hover Image plugin for WordPress. Root cause: CSRF vulnerability that can be triggered by an unauthenticated actor to coerc...

PT-2023-15434 · WordPress · Cs&M Hover Image Plugin

Name of the Vulnerable Software and Affected Versions: Julian Weinert // cs&m Hover Image plugin versions 1.4.1 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintende...

WordPress Plugin Hover Image 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

The vulnerability of the Pillow image processing library, related to uncontrolled resource consumption, allows a hacker to perform a type of “denial-of-service” attack.

The vulnerability of the Pillow image-processing library lies in the fact that the application does not properly control the consumption of internal resources in TiffImagePlugin.py during the context setting for image decoding. Exploiting this vulnerability allows a remote attacker to trigger...

The vulnerability of the plugin for viewing RAW images allows a hacker to execute arbitrary code.

The vulnerability of the plugin for viewing RAW images is related to insufficient validation of input data. Exploiting this vulnerability allows an attacker to execute arbitrary code...

SUSE CVE-2014-3589

PIL/IcnsImagePlugin.py in Python Imaging Library PIL and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted block size...

SUSE CVE-2014-3598

The Jpeg2KImagePlugin plugin in Pillow before 2.5.3 allows remote attackers to cause a denial of service via a crafted image...

SUSE CVE-2017-15755

IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to "Data from Faulting Address controls Branch Selection starting at...

SUSE CVE-2017-15758

IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to "Data from Faulting Address controls subsequent Write Address starting at BabaCAD4Image!ShowPlugInOptions+0x000000000004d75b."...

SUSE CVE-2019-19911

There is a DoS vulnerability in Pillow before 6.2.2 caused by FpxImagePlugin.py calling the range function on an unvalidated 32-bit integer if the number of bands is large. On Windows running 32-bit Python, this results in an OverflowError or MemoryError due to the 2 GB limit. However, on Linux...

SUSE CVE-2021-28678

An issue was discovered in Pillow before 8.2.0. For BLP data, BlpImagePlugin did not properly check that reads after jumping to file offsets returned data. This could lead to a DoS where the decoder could be run a large number of times on empty data...

Allegro 缓冲区错误漏洞

Allegro is Allegro open source a cross-platform library mainly for video games and multimedia programming. A security vulnerability exists in Allegro 5.2.6 and earlier versions, which stems from the presence of a buffer overflow vulnerability that can be exploited by an attacker to cause a denial...

The vulnerability of the plugin for viewing RAW images lies in insufficient validation of input data, allowing a hacker to execute arbitrary code.

The vulnerability of the plugin for viewing RAW images is related to insufficient validation of input data. Exploiting this vulnerability allows an attacker to execute arbitrary code using specially created data...

Cross-site Scripting (XSS)

Overview TinyMCE is a web-based JavaScript HTML WYSIWYG editor control. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper user-input sanitization in the alert and confirm dialogs when these dialogs were provided with malicious HTML content. This can occu...

UBUNTU-CVE-2022-23494

tinymce is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in the alert and confirm dialogs when these dialogs were provided with malicious HTML content. This can occur in plugins that use the alert or confirm dialogs, such as in the image plugin, which...

CVE-2022-23494

tinymce is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in the alert and confirm dialogs when these dialogs were provided with malicious HTML content. This can occur in plugins that use the alert or confirm dialogs, such as in the image plugin, which...

CVE-2022-23494

Removed by vendor...

PT-2022-6570 · Pypi +2 · Pillow +2

Name of the Vulnerable Software and Affected Versions: Pillow versions 9.2.0 through 9.2.x and prior to 9.3.0 can be simplified to: Pillow versions 9.2.0 through 9.3.0, but since 9.3.0 is the fixed version, the correct representation is: Pillow versions prior to 9.3.0 Description: The issue is...

Cross-Site Request Forgery (CSRF)

org.apache.jspwiki:jspwiki-builder and org.apache.jspwiki, jspwiki-war are vulnerable to cross-site request forgery CSRF. A remote attacker is able to trigger an CSRF attack on the Image plugin via sending a specifically crafted request, which allows a group privilege escalation of the attacker's...

GHSA-JP3M-P26H-MM7V Apache JSPWiki CSRF due to crafted invocation on the Image plugin

A carefully crafted invocation on the Image plugin could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow a group privilege escalation of the attacker's account. Further examination of this issue established that it could also be used to modify the email associated...