CVE-2009-4338

CVE-2009-4338 affects the Flash SlideShow (slideshow) extension for TYPO3, version 0.2.2. The vulnerability is a SQL injection that allows remote attackers to execute arbitrary SQL commands via unknown vectors. The issue is documented across multiple sources (NVD, CVE lists) with a consistent des...

Stack overflow

Multiple stack-based buffer overflows in Photodex ProShow Gold 4.0.2549 allow remote attackers to execute arbitrary code via a crafted Slideshow project .psh file, related to the 1 celln.imagesm.image and 2 celln.sound.file fields...

CVE-2009-3214

Multiple stack-based buffer overflows in Photodex ProShow Gold 4.0.2549 allow remote attackers to execute arbitrary code via a crafted Slideshow project .psh file, related to the 1 celln.imagesm.image and 2 celln.sound.file fields...

Ultimate Fade-in slideshow 1.51 Shell Upload Vulnerability

Exploit for unknown platform in category web applications ========================================================== Ultimate Fade-in slideshow 1.51 Shell Upload Vulnerability ========================================================== ================== NaMe: Ultimate Fade-in slideshow 1.51 = She...

Ultimate Fade-in Slideshow 1.51 Shell Upload

================== NaMe: Ultimate Fade-in slideshow 1.51 = Shell Upload Vulnerability Author : NeX HaCkeR Contact: [email protected] ================== Script site : http://www.dynamicdrive.com ================== ExplOiT: 1: register in site http://www.xxx.com/path/userregister.php 2: go to your Ad...

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. PHPSlideshow: crossite scripting. Athree CMS: information leak, SQL injection, DoS...

InselPhoto 1.1 Cross Site Scripting

Software: InselPhoto v1.1 Persistent XSS Vulnerability Discovered by: Paul Hand aka rAWjAW Blog: http://rawjaw-security.blogspot.com E-mail: phand3754gmailcom Shouts: rBg && eternalsecurity For this Persistent XSS to work you have to: 1. Create a user account 2. Create an album 3. Upload any...

InselPhoto 1.1 Persistent XSS Vulnerability

Exploit for unknown platform in category web applications =========================================== InselPhoto 1.1 Persistent XSS Vulnerability =========================================== Software: InselPhoto v1.1 Persistent XSS Vulnerability Discovered by: Paul Hand aka rAWjAW For this...

CVE-2008-4549

The ImageShack Toolbar ActiveX control ImageShackToolbar.dll in ImageShack Toolbar 4.5.7, possibly including 4.5.7.69, allows remote attackers to force the upload of arbitrary image files to the ImageShack site via a file: URI argument to the BuildSlideShow method...

Unfixed XSS vulnerability at www.smudo.org

Security researcher Uber0n, has submitted on 15/09/2008 a cross-site-scripting XSS vulnerability affecting www.smudo.org, which at the time of submission ranked 1809539 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 19/09/2008. It is currently...

[SECURITY] Fedora 7 Update: feh-1.3.4-8.fc7

feh is a versatile and fast image viewer using imlib2, the premier image file handling library. feh has many features, from simple single file viewing, to multiple file modes using a slideshow or multiple windows. feh supports the creation of montages as index prints with many user-configurable...

XnView幻灯片FontName参数栈溢出漏洞

CVECAN ID: CVE-2008-0069 XnView是一款浏览的图片查看器，支持多种图形格式。 XnView在处理幻灯片文件（.sld）的FontName参数时存在栈溢出漏洞，如果用户受骗打开了带有超长参数的幻灯片文件的话，就可以触发这个溢出，导致执行任意指令。 0 XnView XnView 1.92.1 XnView XnView 1.92 XnView ------ 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： a href=http://pagesperso-orange.fr/pierre.g/xnview/endownload.html...

Stack overflow

Stack-based buffer overflow in XnView 1.92 and 1.92.1 allows user-assisted remote attackers to execute arbitrary code via a long FontName parameter in a slideshow .sld file, a different vector than CVE-2008-1461...

CVE-2008-0069

Stack-based buffer overflow in XnView 1.92 and 1.92.1 allows user-assisted remote attackers to execute arbitrary code via a long FontName parameter in a slideshow .sld file, a different vector than CVE-2008-1461...

XnView 1.92.1 Slideshow (FontName) Buffer Overflow Exploit

Exploit for unknown platform in category local exploits ========================================================== XnView 1.92.1 Slideshow FontName Buffer Overflow Exploit ========================================================== !/usr/bin/perl...

XnView 1.92.1 - 'FontName' Slideshow Buffer Overflow

!/usr/bin/perl ================================================================ XnView 1.92.1 Slideshow "FontName" Buffer Overflow ================================================================ Calc execution POC Exploit for WinXP SP1 pro English Found by : Stefan Cornelius, Secunia Research...

XnView 1.92.1 - FontName Slideshow Buffer Overflow

XnView 1.92.1 - FontName Slideshow Buffer Overflow !/usr/bin/perl ================================================================ XnView 1.92.1 Slideshow "FontName" Buffer Overflow ================================================================ Calc execution POC Exploit for WinXP SP1 pro Engli...

Information disclosure

Multiple unspecified vulnerabilities in Menalto Gallery before 2.2.4 have unknown impact, related to 1 "hotlink protection" in the URL rewrite module, 2 a WebDAV view in the WebDAV module, 3 a comment view in the Comment module, 4 unspecified "item information disclosure attacks" in the Core modu...

CVE-2007-6691

Multiple unspecified vulnerabilities in Menalto Gallery before 2.2.4 have unknown impact, related to 1 "hotlink protection" in the URL rewrite module, 2 a WebDAV view in the WebDAV module, 3 a comment view in the Comment module, 4 unspecified "item information disclosure attacks" in the Core modu...

CVE-2007-6691

Multiple unspecified vulnerabilities in Menalto Gallery before 2.2.4 have unknown impact, related to 1 "hotlink protection" in the URL rewrite module, 2 a WebDAV view in the WebDAV module, 3 a comment view in the Comment module, 4 unspecified "item information disclosure attacks" in the Core modu...