22 matches found
AVideo: Unauthenticated Arbitrary Image Read via Path Traversal in `view/img/image404Raw.php`
Summary The endpoint requires no authentication. An unauthenticated remote attacker can read arbitrary image files anywhere on disk that the PHP user can open — including private user-profile photos that the application's normal serving wrappers gate behind ACLs, admin-uploaded thumbnails,...
PT-2026-41994
Name of the Vulnerable Software and Affected Versions AVideo versions 29.0 and earlier Description An unauthenticated remote attacker can read arbitrary image files from the disk that the PHP user has permission to open. This includes private user-profile photos protected by Access Control Lists...
EUVD-2013-3587
Malware in sbrugna...
EUVD-2006-7085
Malware in sbrugna...
CVE-2018-19124
PrestaShop 1.6.x before 1.6.1.23 and 1.7.x before 1.7.4.4 on Windows allows remote attackers to write to arbitrary image files...
CVE-2018-0587
Unrestricted file upload vulnerability in Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated users to upload arbitrary image files via unspecified vectors...
Unrestricted file upload
Unrestricted file upload vulnerability in Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated users to upload arbitrary image files via unspecified vectors...
CVE-2018-0587
Unrestricted file upload vulnerability in Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated users to upload arbitrary image files via unspecified vectors...
CVE-2018-0587
Summary: CVE-2018-0587 affects the WordPress plugin Ultimate Member prior to version 2.0.4. The vulnerability is described as an arbitrary file upload that allows a remote authenticated user to upload arbitrary image files via unspecified vectors. The related documents consistently tie this to th...
CVE-2013-3654
Directory traversal vulnerability in LOCKON EC-CUBE 2.12.0 through 2.12.4 allows remote attackers to read arbitrary image files via vectors related to data/class/SCCheckError.php and data/class/SCFormParam.php, a different vulnerability than CVE-2013-3650...
Directory traversal
Directory traversal vulnerability in LOCKON EC-CUBE 2.12.0 through 2.12.4 allows remote attackers to read arbitrary image files via vectors related to data/class/SCCheckError.php and data/class/SCFormParam.php, a different vulnerability than CVE-2013-3650...
CVE-2013-3654
Directory traversal vulnerability in LOCKON EC-CUBE 2.12.0 through 2.12.4 allows remote attackers to read arbitrary image files via vectors related to data/class/SCCheckError.php and data/class/SCFormParam.php, a different vulnerability than CVE-2013-3650...
CVE-2013-3654
CVE-2013-3654 is a confirmed vulnerability affecting LOCKON EC-CUBE versions 2.12.0 through 2.12.4. The issue is a directory traversal that allows remote attackers to read arbitrary image files via vectors related to data/class/SC_CheckError.php and data/class/SC_FormParam.php. This is described ...
EC-CUBE vulnerable to directory traversal
Overview EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a directory traversal vulnerability. Note that this vulnerability is different from JVN04161229. Gen Sato reported this vulnerability to IPA. JPCERT/CC coordinated with the developer...
JVN#04161229: EC-CUBE vulnerable to directory traversal
EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a directory traversal vulnerability. Note that this vulnerability is different from JVN43886811. Impact A remote attacker may obtain arbitrary image files on the server. Solution Apply the updat...
JVN#43886811: EC-CUBE vulnerable to directory traversal
EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a directory traversal vulnerability. Note that this vulnerability is different from JVN04161229. Impact A remote attacker may obtain arbitrary image files on the server. Solution Apply the updat...
Directory traversal
Directory traversal vulnerability in the wtgallery extension 2.5.0 and earlier for TYPO3 allows remote attackers to read arbitrary image files and determine directory structure via unspecified vectors...
CVE-2008-6630
Directory traversal vulnerability in the wtgallery extension 2.5.0 and earlier for TYPO3 allows remote attackers to read arbitrary image files and determine directory structure via unspecified vectors...
CVE-2008-4549
The ImageShack Toolbar ActiveX control ImageShackToolbar.dll in ImageShack Toolbar 4.5.7, possibly including 4.5.7.69, allows remote attackers to force the upload of arbitrary image files to the ImageShack site via a file: URI argument to the BuildSlideShow method...
CVE-2007-4259
CVE-2007-4259 affects EZPhotoSales 1.9.3 and earlier. The vulnerability allows remote attackers to download arbitrary image files by either requesting a URL under OnlineViewing/galleries/ directly or by navigating the gallery UI with JavaScript disabled. The root cause is implied to be improper a...