20 matches found
WordPress plugin wpForo Forum 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
CVE-2026-25728
ClipBucket v5 is an open source video sharing platform. Prior to 5.5.3 - 40, a Time-of-Check to Time-of-Use TOCTOU race condition vulnerability exists in ClipBucket's avatar and background image upload functionality. The application moves uploaded files to a web-accessible location before...
CVE-2026-25728 ClipBucket v5 Affected by Remote Code Execution via Avatar/Background File Upload Race Condition
ClipBucket v5 is an open source video sharing platform. Prior to 5.5.3 - 40, a Time-of-Check to Time-of-Use TOCTOU race condition vulnerability exists in ClipBucket's avatar and background image upload functionality. The application moves uploaded files to a web-accessible location before...
ClipBucket 安全漏洞
ClipBucket is an open-source PHP script developed by MacWarrior. It is available for free download and used to host video websites. Versions of ClipBucket prior to 5.5.3 – version 40 – contained a security vulnerability. This vulnerability stemmed from a race condition in the upload function for...
CVE-2023-53924
Summary of CVE-2023-53924 (UliCMS 2023.1-sniffing-vicuna): authenticated users can upload PHP files with a .phar extension via profile avatar uploads, enabling remote code execution when the uploaded file is accessed. Affects UliCMS 2023.1-sniffing-vicuna; impact includes potential full system co...
EUVD-2025-26608
Malicious code in bioql PyPI...
Fiora 安全漏洞
Fiora - is a chat application by yinxin630 individual developer. A security vulnerability exists in Fiora version 1.0.0, which stems from the user avatar upload feature not validating the content of SVG files, which could lead to the execution of arbitrary JavaScript code...
CVE-2025-57292
Todoist v8484 contains a stored cross-site scripting XSS vulnerability in the avatar upload functionality. The application fails to properly validate the MIME type and sanitize image metadata...
PT-2024-34376 · Unknown · Python Book
Name of the Vulnerable Software and Affected Versions: python book version V1.0 Description: The issue concerns an arbitrary file upload vulnerability in the user avatar upload function. This vulnerability allows for the upload of arbitrary files, which could potentially lead to security issues...
CVE-2023-47115 Label Studio XSS Vulnerability on Avatar Upload
Label Studio is an a popular open source data labeling tool. Versions prior to 1.9.2 have a cross-site scripting XSS vulnerability that could be exploited when an authenticated user uploads a crafted image file for their avatar that gets rendered as a HTML file on the website. Executing arbitrary...
PT-2022-25662 · Tooljet · Tooljet
Name of the Vulnerable Software and Affected Versions: tooljet/tooljet versions prior to 1.27 Description: The issue allows a logged-in attacker to upload large files, such as profile pictures over 2MB, due to an unrestricted file size limit. This can lead to a denial of service DoS if multiple...
PT-2021-11668 · Atlassian · Confluence
Name of the Vulnerable Software and Affected Versions: Atlassian Confluence Server and Data Center versions prior to 7.2.0 Description: The issue allows remote attackers to impact the application's availability via a Denial of Service DoS vulnerability in the avatar upload feature. Recommendation...
Hiro: EXIF Geolocation Data Not Stripped From Uploaded Images
The Blockstack Browser does not strip EXIF data on avatar uploads...
Cross-site scripting vulnerability in FineCMS latest version 2.1.5
FineCMS is a content management system based on PHP+MySql. The latest version of FineCMS version 2.1.5 has a cross-site scripting vulnerability, the vulnerability stems from the front-end avatar uploads are not sufficiently filtered user-submitted inputs, an attacker can exploit the vulnerability...
phpBB <= 2.0.20 (Admin/Restore DB/default_lang) Remote Exploit
No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo PhpBB = v2.0.20 \Admin/Restore Database/defaultlang remote commands execution\r\n; echo by rgod [email protected]\r\n; echo site: http://retrogod.altervista.org\r\n; echo - you need an admin sid, works regardless of...
ImgPals Photo Host Version 1.0 Admin Account Disactivation
-=--------------------ADVISORY-------------------=- ImgPals Photo Host Version 1.0 STABLE Author: Corrado Liotta Aka CorryL [email protected] -=-----------------------------------------------=- -=+ Application: ImgPals Photo Host -=+ Version: 1.0 STABLE -=+ Vendor's URL:...
x7chatphp.txt
!/usr/bin/php -q -d shortopentag=on works regardless of magicquotesgpc settings\r\n"; echo " if avatar uploads are enabled default\r\n"; echo "dork: intitle:"X7 Chat Help Center" | "Powered By X7 Chat"\r\n\r\n"; if $argc4 echo "Usage: php ".$argv0." host path cmd OPTIONS\r\n"; echo "host:...
X7 Chat 2.0 - help_file Remote Command Execution
X7 Chat 2.0 - helpfile Remote Command Execution !/usr/bin/php -q -d shortopentag=on works regardless of magicquotesgpc settings\r\n"; echo " if avatar uploads are enabled default\r\n"; echo "dork: intitle:"X7 Chat Help Center" | "Powered By X7 Chat"\r\n\r\n"; if $argc4 echo "Usage: php...
X7 Chat <= 2.0 (help_file) Remote Commands Execution Exploit
No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo "X7 Chat =2.0 "helpfile" arbitrary local inclusion\r\n"; echo "by rgod [email protected]\r\n"; echo "site: http://retrogod.altervista.org\r\n"; echo "- works regardless of magicquotesgpc settings\r\n"; echo " if avatar...
phpBB2 Showing users ip adresses
phpBB2 Showing users ip adresses -------------------------------------------- Affected Program: phpBB2 version 2.0.0, 2.0.1, 2.0.3 possibly earlier versions too, but not tested Vendor: http://www.phpbb.com Vendor Status: not informed yet Discovery Date: 9 oct 2002 Severity -------- All users can...