📄 AVideo getImage.php Unauthenticated Command Injection

This Metasploit module exploits an unauthenticated OS command injection vulnerability in the AVideo encoder getImage.php endpoint. This affects versions prior to 7.0. The base64Url GET parameter is base64-decoded and injected directly into an ffmpeg shell command within double quotes, without any...

CVE-2026-29058 AVideo: Unauthenticated OS Command Injection via base64Url in objects/getImage.php

AVideo is a video-sharing Platform software. Prior to version 7.0, an unauthenticated attacker can execute arbitrary OS commands on the server by injecting shell command substitution into the base64Url GET parameter. This can lead to full server compromise, data exfiltration e.g., configuration...

EUVD-2006-2698

Malware in sbrugna...

YouPHPTube Encoder base64Url multiple command injections

Summary Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a plugin for providing encoder functionality in YouPHPTube. Specially crafted web requests can cause commands to be executed on the server. An attacker can send a web request with parameters containing specific...

Lc Flickr Carousel 1.0 File Disclosure

Exploit Title: Lc Flickr Carousel V1.0 = Local File Disclosure Vulnerability Date: 11/07/2012 Author: GoLdM Vendor or Software Link: http://code.google.com/p/lcflickr/downloads/list Version: 1.0 Category:: Local File Disclosure Vulnerability2 Tested on: Xp SP 2 Ex : Lc Flickr Carousel...

Lc Flickr Carousel 1.0 - Local File Disclosure

Lc Flickr Carousel 1.0 - Local File Disclosure Exploit Title: Lc Flickr Carousel V1.0 = Local File Disclosure Vulnerability Date: 11/07/2012 Author: GoLdM Vendor or Software Link: http://code.google.com/p/lcflickr/downloads/list Version: 1.0 Category:: Local File Disclosure Vulnerability2 Tested...