Lucene search
+L

96 matches found

cvelist
cvelist
added 2024/11/27 5:31 a.m.37 views

CVE-2024-11219 Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE <= 3.0.6 - Unauthetnicated Path Traversal to Arbitrary Image View

The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 3.0.6 via the getimage function. This makes it possible for unauthenticated attackers to view arbitrary images on the server, whi...

5.3CVSS0.00507EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2024/07/15 12:0 a.m.9 views

PT-2024-28731 · Npm · @Jmondi/Url-To-Png

Name of the Vulnerable Software and Affected Versions: @jmondi/url-to-png versions prior to 2.1.2 Description: The issue arises from the lack of sanitization of the ImageId input in the code, leading to a path traversal vulnerability. This allows an attacker to store an image in an arbitrary...

6.9CVSS7AI score0.00523EPSS
Exploits0References9
cvelist
cvelist
added 2022/02/28 9:6 a.m.57 views

CVE-2022-0377 LearnPress < 4.1.5 - Arbitrary Image Renaming

Users of the LearnPress WordPress plugin before 4.1.5 can upload an image as a profile avatar after the registration. After this process the user crops and saves the image. Then a "POST" request that contains user supplied name of the image is sent to the server for renaming and cropping of the...

5AI score0.03205EPSS
Exploits5References3
cnnvd
cnnvd
added 2022/02/02 12:0 a.m.6 views

Wordpress Plugin Learnpress 加密问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. An encryption issue vulnerability...

4.3CVSS5.3AI score0.03205EPSS
Exploits5References6
exploitdb
exploitdb
added 2022/02/02 12:0 a.m.322 views

WordPress Plugin Learnpress 4.1.4.1 - Arbitrary Image Renaming

Exploit Title: WordPress Plugin Learnpress 4.1.4.1 - Arbitrary Image Renaming Date: 08-01-2022 Exploit Author: Ceylan Bozogullarindan Author Webpage: https://bozogullarindan.com Vendor Homepage: https://thimpress.com/ Software Link: https://thimpress.com/learnpress-plugin/ Version: 4.1.4.1 Tested...

4.3CVSS5AI score0.03205EPSS
Exploits5
wpvulndb
wpvulndb
added 2022/01/26 12:0 a.m.26 views

LearnPress < 4.1.5 - Arbitrary Image Renaming

Users of the plugin can upload an image as a profile avatar after the registration. After this process the user crops and saves the image. Then a "POST" request that contains user supplied name of the image is sent to the server for renaming and cropping of the image. As a result of this request,...

4.3CVSS4.5AI score0.03205EPSS
Exploits5References2Affected Software1
wpexploit
wpexploit
added 2022/01/26 12:0 a.m.159 views

LearnPress < 4.1.5 - Arbitrary Image Renaming

Users of the plugin can upload an image as a profile avatar after the registration. After this process the user crops and saves the image. Then a "POST" request that contains user supplied name of the image is sent to the server for renaming and cropping of the image. As a result of this request,...

4.3CVSS4.7AI score0.03205EPSS
Exploits5References2
patchstack
patchstack
added 2022/01/26 12:0 a.m.27 views

WordPress LearnPress plugin <= 4.1.4.1 - Arbitrary Image Renaming vulnerability

Arbitrary Image Renaming vulnerability discovered by Ceylan Bozogullarindan in WordPress LearnPress plugin versions = 4.1.4.1. Solution Update the WordPress LearnPress plugin to the latest available version at least 4.1.5...

4.3CVSS3.2AI score0.03205EPSS
Exploits5References3Affected Software1
wpvulndb
wpvulndb
added 2021/10/19 12:0 a.m.20 views

Images to WebP < 1.9 - Multiple Cross Site Request Forgery (CSRF)

The plugin does not have CSRF checks in place when performing some administrative actions, which could result in modification of plugin settings, Denial-of-Service, as well as arbitrary image conversion PoC The PoC varies based on the endpoint targeted. Here is one example that will modify the...

8.1CVSS1.5AI score0.00519EPSS
Exploits2Affected Software1
wpexploit
wpexploit
added 2021/09/29 12:0 a.m.730 views

Stylish Price List < 6.9.0 - Unauthenticated Arbitrary Image Upload

The plugin does not perform capability checks in its spluploadserimg AJAX action available to both unauthenticated and authenticated users, which could allow unauthenticated users to upload images. v6.9.0 removed the unauthenticated hook, however, no capability and CSRF checks were implemented,...

5.3CVSS0.4AI score0.0102EPSS
Exploits2
patchstack
patchstack
added 2021/09/29 12:0 a.m.11 views

WordPress Stylish Price List plugin <= 6.9.0 - Arbitrary Image Upload vulnerability

Arbitrary Image Upload vulnerability discovered by apple502j in WordPress Stylish Price List plugin versions = 6.9.0. Solution Update the WordPress Stylish Price List plugin to the latest available version at least 6.9.1...

2.8AI score0.00825EPSS
Exploits2References3Affected Software1
wpexploit
wpexploit
added 2021/09/29 12:0 a.m.759 views

Stylish Price List < 6.9.1 - Subscriber+ Arbitrary Image Upload

The plugin does not perform capability checks in its spluploadserimg AJAX action available to authenticated users, which could allow any authenticated users, such as subscriber, to upload arbitrary images...

6.5CVSS0.8AI score0.00825EPSS
Exploits2
patchstack
patchstack
added 2021/09/29 12:0 a.m.13 views

WordPress Stylish Price List plugin <= 6.8.14 - Unauthenticated Arbitrary Image Upload vulnerability

Unauthenticated Arbitrary Image Upload vulnerability discovered by apple502j in WordPress Stylish Price List plugin versions = 6.8.14. Solution Update the WordPress Stylish Price List plugin to the latest available version at least 6.9.0...

3.3AI score0.0102EPSS
Exploits2References3Affected Software1
osv
osv
added 2021/06/01 2:15 p.m.5 views

CVE-2021-3495

An incorrect access control flaw was found in the kiali-operator in versions before 1.33.0 and before 1.24.7. This flaw allows an attacker with a basic level of access to the cluster to deploy a kiali operand to use this vulnerability and deploy a given image to anywhere in the cluster, potential...

8.8CVSS7.2AI score0.00969EPSS
Exploits0References2
osv
osv
added 2020/03/19 2:15 p.m.2 views

DEBIAN-CVE-2020-10648

Das U-Boot through 2020.01 allows attackers to bypass verified boot restrictions and subsequently boot arbitrary images by providing a crafted FIT image to a system configured to boot the default configuration...

7.8CVSS8.4AI score0.01313EPSS
Exploits1References1
osv
osv
added 2019/06/03 7:29 p.m.40 views

CVE-2019-3895

An access-control flaw was found in the Octavia service when the cloud platform was deployed using Red Hat OpenStack Platform Director. An attacker could cause new amphorae to run based on any arbitrary image. This meant that a remote attacker could upload a new amphorae image and, if requested t...

8CVSS7.8AI score0.01421EPSS
Exploits0References3
ubuntucve
ubuntucve
added 2019/06/03 7:29 p.m.21 views

CVE-2019-3895

An access-control flaw was found in the Octavia service when the cloud platform was deployed using Red Hat OpenStack Platform Director. An attacker could cause new amphorae to run based on any arbitrary image. This meant that a remote attacker could upload a new amphorae image and, if requested t...

8CVSS6.5AI score0.01421EPSS
Exploits0References3
osv
osv
added 2019/06/03 7:29 p.m.4 views

UBUNTU-CVE-2019-3895

An access-control flaw was found in the Octavia service when the cloud platform was deployed using Red Hat OpenStack Platform Director. An attacker could cause new amphorae to run based on any arbitrary image. This meant that a remote attacker could upload a new amphorae image and, if requested t...

8CVSS5.9AI score0.01421EPSS
Exploits0References4
osv
osv
added 2019/06/03 7:29 p.m.60 views

PYSEC-2019-194

An access-control flaw was found in the Octavia service when the cloud platform was deployed using Red Hat OpenStack Platform Director. An attacker could cause new amphorae to run based on any arbitrary image. This meant that a remote attacker could upload a new amphorae image and, if requested t...

8CVSS3.2AI score0.01421EPSS
Exploits0References4
redhatcve
redhatcve
added 2019/05/27 11:50 p.m.18 views

CVE-2019-3895

An access-control flaw was found in the Octavia service when the cloud platform was deployed using Red Hat OpenStack Platform Director. An attacker could cause new amphorae to run based on any arbitrary image. This meant that a remote attacker could upload a new amphorae image and, if requested t...

8CVSS2.8AI score0.01421EPSS
Exploits0References5
Rows per page
Query Builder