Lucene search
+L

96 matches found

Prion
Prion
added 2019/05/07 7:29 p.m.21 views

Design/Logic Flaw

KDE KAuth before 5.55 allows the passing of parameters with arbitrary types to helpers running as root over DBus via DBusHelperProxy.cpp. Certain types can cause crashes, and trigger the decoding of arbitrary images with dynamically loaded plugins. In other words, KAuth unintentionally causes thi...

9.3CVSS8AI score0.0235EPSS
Exploits0References6Affected Software3
NVD
NVD
added 2019/03/21 4:0 p.m.23 views

CVE-2018-20631

PHP Scripts Mall Website Seller Script 2.0.5 allows full Path Disclosure via a request for an arbitrary image URL such as a .png file...

5.3CVSS5.4AI score0.01626EPSS
Exploits1References1
Prion
Prion
added 2019/02/25 6:29 a.m.12 views

Path traversal

tecrail Responsive FileManager 9.13.4 allows remote attackers to write to an arbitrary image file jpg/jpeg/png via path traversal with the path parameter, through the saveimg action in ajaxcalls.php...

5CVSS7.6AI score0.0399EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2019/02/14 8:38 a.m.4 views

MGASA-2019-0083 Updated kauth packages fix security vulnerability

KAuth allows to pass parameters with arbitrary types to helpers running as root over DBus. Certain types can cause crashes and trigger decoding arbitrary images with dynamically loaded plugins...

7.2AI score
Exploits0References3
NVD
NVD
added 2018/12/20 5:29 p.m.20 views

CVE-2018-1000882

WeBid version up to current version 1.2.2 contains a Directory Traversal vulnerability in getthumb.php that can result in Arbitrary Image File Read. This attack appear to be exploitable via HTTP GET Request. This vulnerability appears to have been fixed in after commit...

7.5CVSS7.5AI score0.02377EPSS
Exploits1References3
Prion
Prion
added 2018/12/20 5:29 p.m.17 views

Directory traversal

WeBid version up to current version 1.2.2 contains a Directory Traversal vulnerability in getthumb.php that can result in Arbitrary Image File Read. This attack appear to be exploitable via HTTP GET Request. This vulnerability appears to have been fixed in after commit...

5CVSS7.5AI score0.02377EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2018/12/20 5:0 p.m.47 views

CVE-2018-1000882

CVE-2018-1000882 concerns WeBid up to version 1.2.2, where a directory traversal vulnerability exists in the getthumb.php script, allowing Arbitrary Image File Read. The issue is exploitable via HTTP GET requests and is caused by insufficient validation of file paths in getthumb.php. Multiple con...

7.5CVSS7.5AI score0.02377EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2018/12/20 5:0 p.m.26 views

CVE-2018-1000882

WeBid version up to current version 1.2.2 contains a Directory Traversal vulnerability in getthumb.php that can result in Arbitrary Image File Read. This attack appear to be exploitable via HTTP GET Request. This vulnerability appears to have been fixed in after commit...

7.6AI score0.02377EPSS
Exploits1References3
NVD
NVD
added 2018/11/09 11:29 a.m.18 views

CVE-2018-19124

PrestaShop 1.6.x before 1.6.1.23 and 1.7.x before 1.7.4.4 on Windows allows remote attackers to write to arbitrary image files...

7.5CVSS7.7AI score0.02891EPSS
Exploits0References3
NVD
NVD
added 2018/05/14 1:29 p.m.19 views

CVE-2018-0587

Unrestricted file upload vulnerability in Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated users to upload arbitrary image files via unspecified vectors...

4.3CVSS4.2AI score0.01077EPSS
Exploits0References3
Prion
Prion
added 2018/05/14 1:29 p.m.15 views

Unrestricted file upload

Unrestricted file upload vulnerability in Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated users to upload arbitrary image files via unspecified vectors...

4CVSS4.6AI score0.01077EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2018/05/14 1:0 p.m.51 views

CVE-2018-0587

Summary: CVE-2018-0587 affects the WordPress plugin Ultimate Member prior to version 2.0.4. The vulnerability is described as an arbitrary file upload that allows a remote authenticated user to upload arbitrary image files via unspecified vectors. The related documents consistently tie this to th...

4.3CVSS5.2AI score0.01077EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2018/05/14 1:0 p.m.21 views

CVE-2018-0587

Unrestricted file upload vulnerability in Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated users to upload arbitrary image files via unspecified vectors...

5.3AI score0.01077EPSS
Exploits0References3
CNVD
CNVD
added 2017/10/31 12:0 a.m.4 views

BIOS Code Execution Vulnerability in Multiple Lenovo Products

The Lenovo 320-17AST and others are computer products from the Chinese company Lenovo.BIOS is one of the basic output-input systems. A security vulnerability exists in the BIOS of several Lenovo products, which stems from the program's failure to properly configure write protection. The...

7.2CVSS7.4AI score0.00337EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2015/04/01 12:0 a.m.40 views

Mandriva Linux Security Advisory : dokuwiki (MDVSA-2015:185)

Updated dokuwiki packages fix security vulnerabilities : inc/template.php in DokuWiki before 2014-05-05a only checks for access to the root namespace, which allows remote attackers to access arbitrary images via a media file details ajax call CVE-2014-8761. The ajaxmediadiff function in DokuWiki...

6.5CVSS5.7AI score0.02862EPSS
Exploits0References10
Prion
Prion
added 2014/08/25 1:55 a.m.16 views

Memory corruption

The bootlinuxfrommmc function in app/aboot/aboot.c in the Little Kernel LK bootloader, as distributed with Qualcomm Innovation Center QuIC Android contributions for MSM devices and other products, does not properly validate a certain address value, which allows attackers to write data to a...

1.9CVSS7AI score0.00328EPSS
Exploits0References2
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.26 views

All Enthusiast PhotoPost PHP Pro 5.0 adm-photo.php Arbitrary Image Manipulation

No description provided by source. source: http://www.securityfocus.com/bid/12779/info PhotoPost PHP Pro is a web-based image gallery application written in PHP. It can be implemented on any platform that supports PHP script execution. Multiple remote vulnerabilities affect All Enthusiast PhotoPo...

7.1AI score
Exploits0
NVD
NVD
added 2013/06/30 7:28 p.m.19 views

CVE-2013-3654

Directory traversal vulnerability in LOCKON EC-CUBE 2.12.0 through 2.12.4 allows remote attackers to read arbitrary image files via vectors related to data/class/SCCheckError.php and data/class/SCFormParam.php, a different vulnerability than CVE-2013-3650...

5CVSS6.5AI score0.01862EPSS
Exploits0References5
Prion
Prion
added 2013/06/30 7:28 p.m.16 views

Directory traversal

Directory traversal vulnerability in LOCKON EC-CUBE 2.12.0 through 2.12.4 allows remote attackers to read arbitrary image files via vectors related to data/class/SCCheckError.php and data/class/SCFormParam.php, a different vulnerability than CVE-2013-3650...

5CVSS6.9AI score0.01862EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2013/06/29 7:0 p.m.35 views

CVE-2013-3654

Directory traversal vulnerability in LOCKON EC-CUBE 2.12.0 through 2.12.4 allows remote attackers to read arbitrary image files via vectors related to data/class/SCCheckError.php and data/class/SCFormParam.php, a different vulnerability than CVE-2013-3650...

6.5AI score0.01862EPSS
Exploits0References5
Rows per page
Query Builder