Lucene search
K

277 matches found

OSV
OSV
added 2020/01/27 5:15 p.m.3 views

CVE-2019-17096

A OS Command Injection vulnerability in the bootstrap stage of Bitdefender BOX 2 allows the manipulation of the getimageurl function in special circumstances to inject a system command...

9.8CVSS7.3AI score0.02074EPSS
Exploits0References1
Prion
Prion
added 2020/01/27 5:15 p.m.15 views

Command injection

A OS Command Injection vulnerability in the bootstrap stage of Bitdefender BOX 2 allows the manipulation of the getimageurl function in special circumstances to inject a system command...

9.3CVSS9.6AI score0.02074EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/07/25 1:12 p.m.23 views

CVE-2019-1010174

CImg The CImg Library v.2.3.3 and earlier is affected by: command injection. The impact is: RCE. The component is: loadnetwork function. The attack vector is: Loading an image from a user-controllable url can lead to command injection, because no string sanitization is done on the url. The fixed...

9.7AI score0.04912EPSS
Exploits0References3
OSV
OSV
added 2019/03/21 4:0 p.m.7 views

CVE-2018-20631

PHP Scripts Mall Website Seller Script 2.0.5 allows full Path Disclosure via a request for an arbitrary image URL such as a .png file...

5.3CVSS5.9AI score0.01626EPSS
Exploits1References1
NVD
NVD
added 2019/03/21 4:0 p.m.23 views

CVE-2018-20631

PHP Scripts Mall Website Seller Script 2.0.5 allows full Path Disclosure via a request for an arbitrary image URL such as a .png file...

5.3CVSS5.4AI score0.01626EPSS
Exploits1References1
Prion
Prion
added 2019/03/21 4:0 p.m.20 views

Path traversal

PHP Scripts Mall Website Seller Script 2.0.5 allows full Path Disclosure via a request for an arbitrary image URL such as a .png file...

5CVSS5.5AI score0.01626EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2019/01/28 12:0 a.m.3 views

PT-2019-18402 · Zoneminder +3 · Zoneminder +3

Name of the Vulnerable Software and Affected Versions: ZoneMinder versions prior to 1.32.3 Description: A stored-self XSS issue exists, allowing an attacker to execute HTML or JavaScript code in a vulnerable field via a crafted Zone NAME to the "index.php?view=zones&action=zoneImage&mid=1" URI...

9.8CVSS6.5AI score0.67128EPSS
Exploits46References112
Tenable Nessus
Tenable Nessus
added 2019/01/03 12:0 a.m.17 views

Fedora 29 : php-tcpdf (2018-ab7b7d0caf)

Version 6.2.25 - Fix support for image URLs. ---- Version 6.2.24 - Support remote urls when checking if file exists. ---- Version 6.2.23 - Simplify fileexists function. ---- Version 6.2.20 - Fix for security vulnerability: Using the phar:// wrapper it was possible to trigger the unserialization o...

5.6AI score
Exploits0References1
NVD
NVD
added 2018/10/09 8:29 p.m.15 views

CVE-2018-18087

The Bixie Portfolio plugin 1.2.0 for Pagekit has XSS: a logged-in user who has the "Manage portfolio" privilege can inject arbitrary web script or HTML via the Image URL field in the portfolio editor. The vulnerability is triggered by visiting /portfolio/$projecttitle...

5.4CVSS5.5AI score0.00684EPSS
Exploits1References1
Prion
Prion
added 2018/10/09 8:29 p.m.9 views

Code injection

The Bixie Portfolio plugin 1.2.0 for Pagekit has XSS: a logged-in user who has the "Manage portfolio" privilege can inject arbitrary web script or HTML via the Image URL field in the portfolio editor. The vulnerability is triggered by visiting /portfolio/$projecttitle...

3.5CVSS5.6AI score0.00684EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2018/10/09 8:0 p.m.19 views

CVE-2018-18087

The Bixie Portfolio plugin 1.2.0 for Pagekit has XSS: a logged-in user who has the "Manage portfolio" privilege can inject arbitrary web script or HTML via the Image URL field in the portfolio editor. The vulnerability is triggered by visiting /portfolio/$projecttitle...

5.5AI score0.00684EPSS
Exploits1References1
CVE
CVE
added 2018/10/09 8:0 p.m.39 views

CVE-2018-18087

The CVE concerns the Pagekit Bixie Portfolio plugin 1.2.0 . Affected component: the portfolio editor’s Image URL field . Root cause: an XSS vulnerability allowing a logged-in user with the Manage portfolio privilege to inject arbitrary script/HTML, triggered by visiting the URL path /portfolio/${...

5.4CVSS5.5AI score0.00684EPSS
Exploits1References1Affected Software1
Openbugbounty
Openbugbounty
added 2018/05/19 7:20 a.m.6 views

rusanthropology.org XSS vulnerability

Open Bug Bounty ID: OBB-618471 Description| Value ---|--- Affected Website:| rusanthropology.org Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Exploits0
Openbugbounty
Openbugbounty
added 2018/05/19 7:19 a.m.16 views

europaplus.ru XSS vulnerability

Open Bug Bounty ID: OBB-618469 Description| Value ---|--- Affected Website:| europaplus.ru Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Exploits0
Hacker One
Hacker One
added 2017/05/12 12:41 a.m.42 views

Instacart: XSS at in instacart.com/store/partner_recipe

Summary Hi team, i found that this endpoint - https://www.instacart.com/store/partnerrecipe? at param imageurl is vulnerable to XSS Reproduction Steps & PoC 1Go to...

7AI score
Exploits0
NVD
NVD
added 2017/03/28 2:59 a.m.11 views

CVE-2016-9454

Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for persistent XSS attacks via the Revive Adserver user interface exists, requiring a trusted non-admin account. The banner image URL for external banners wasn't properly escaped when displayed in most of the banner related pages...

5.4CVSS5.3AI score0.01102EPSS
Exploits0References3
OSV
OSV
added 2017/03/28 2:59 a.m.13 views

CVE-2016-9454

Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for persistent XSS attacks via the Revive Adserver user interface exists, requiring a trusted non-admin account. The banner image URL for external banners wasn't properly escaped when displayed in most of the banner related pages...

5.4CVSS6AI score
Exploits0References3
Cvelist
Cvelist
added 2017/03/28 2:46 a.m.19 views

CVE-2016-9454

Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for persistent XSS attacks via the Revive Adserver user interface exists, requiring a trusted non-admin account. The banner image URL for external banners wasn't properly escaped when displayed in most of the banner related pages...

5.7AI score0.01102EPSS
Exploits0References3
Prion
Prion
added 2017/02/13 9:59 p.m.8 views

Information disclosure

An issue was discovered in Visonic PowerLink2, all versions prior to October 2016 firmware release. When a specific URL to an image is accessed, the downloaded image carries with it source code used in the web server INFORMATION EXPOSURE...

5CVSS7.2AI score0.01233EPSS
Exploits0References2
NVD
NVD
added 2017/02/13 9:59 p.m.13 views

CVE-2016-5813

An issue was discovered in Visonic PowerLink2, all versions prior to October 2016 firmware release. When a specific URL to an image is accessed, the downloaded image carries with it source code used in the web server INFORMATION EXPOSURE...

5.3CVSS5.6AI score0.01233EPSS
Exploits0References2
Rows per page
Query Builder