277 matches found
CVE-2019-17096
A OS Command Injection vulnerability in the bootstrap stage of Bitdefender BOX 2 allows the manipulation of the getimageurl function in special circumstances to inject a system command...
Command injection
A OS Command Injection vulnerability in the bootstrap stage of Bitdefender BOX 2 allows the manipulation of the getimageurl function in special circumstances to inject a system command...
CVE-2019-1010174
CImg The CImg Library v.2.3.3 and earlier is affected by: command injection. The impact is: RCE. The component is: loadnetwork function. The attack vector is: Loading an image from a user-controllable url can lead to command injection, because no string sanitization is done on the url. The fixed...
CVE-2018-20631
PHP Scripts Mall Website Seller Script 2.0.5 allows full Path Disclosure via a request for an arbitrary image URL such as a .png file...
CVE-2018-20631
PHP Scripts Mall Website Seller Script 2.0.5 allows full Path Disclosure via a request for an arbitrary image URL such as a .png file...
Path traversal
PHP Scripts Mall Website Seller Script 2.0.5 allows full Path Disclosure via a request for an arbitrary image URL such as a .png file...
PT-2019-18402 · Zoneminder +3 · Zoneminder +3
Name of the Vulnerable Software and Affected Versions: ZoneMinder versions prior to 1.32.3 Description: A stored-self XSS issue exists, allowing an attacker to execute HTML or JavaScript code in a vulnerable field via a crafted Zone NAME to the "index.php?view=zones&action=zoneImage&mid=1" URI...
Fedora 29 : php-tcpdf (2018-ab7b7d0caf)
Version 6.2.25 - Fix support for image URLs. ---- Version 6.2.24 - Support remote urls when checking if file exists. ---- Version 6.2.23 - Simplify fileexists function. ---- Version 6.2.20 - Fix for security vulnerability: Using the phar:// wrapper it was possible to trigger the unserialization o...
CVE-2018-18087
The Bixie Portfolio plugin 1.2.0 for Pagekit has XSS: a logged-in user who has the "Manage portfolio" privilege can inject arbitrary web script or HTML via the Image URL field in the portfolio editor. The vulnerability is triggered by visiting /portfolio/$projecttitle...
Code injection
The Bixie Portfolio plugin 1.2.0 for Pagekit has XSS: a logged-in user who has the "Manage portfolio" privilege can inject arbitrary web script or HTML via the Image URL field in the portfolio editor. The vulnerability is triggered by visiting /portfolio/$projecttitle...
CVE-2018-18087
The Bixie Portfolio plugin 1.2.0 for Pagekit has XSS: a logged-in user who has the "Manage portfolio" privilege can inject arbitrary web script or HTML via the Image URL field in the portfolio editor. The vulnerability is triggered by visiting /portfolio/$projecttitle...
CVE-2018-18087
The CVE concerns the Pagekit Bixie Portfolio plugin 1.2.0 . Affected component: the portfolio editor’s Image URL field . Root cause: an XSS vulnerability allowing a logged-in user with the Manage portfolio privilege to inject arbitrary script/HTML, triggered by visiting the URL path /portfolio/${...
rusanthropology.org XSS vulnerability
Open Bug Bounty ID: OBB-618471 Description| Value ---|--- Affected Website:| rusanthropology.org Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
europaplus.ru XSS vulnerability
Open Bug Bounty ID: OBB-618469 Description| Value ---|--- Affected Website:| europaplus.ru Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Instacart: XSS at in instacart.com/store/partner_recipe
Summary Hi team, i found that this endpoint - https://www.instacart.com/store/partnerrecipe? at param imageurl is vulnerable to XSS Reproduction Steps & PoC 1Go to...
CVE-2016-9454
Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for persistent XSS attacks via the Revive Adserver user interface exists, requiring a trusted non-admin account. The banner image URL for external banners wasn't properly escaped when displayed in most of the banner related pages...
CVE-2016-9454
Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for persistent XSS attacks via the Revive Adserver user interface exists, requiring a trusted non-admin account. The banner image URL for external banners wasn't properly escaped when displayed in most of the banner related pages...
CVE-2016-9454
Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for persistent XSS attacks via the Revive Adserver user interface exists, requiring a trusted non-admin account. The banner image URL for external banners wasn't properly escaped when displayed in most of the banner related pages...
Information disclosure
An issue was discovered in Visonic PowerLink2, all versions prior to October 2016 firmware release. When a specific URL to an image is accessed, the downloaded image carries with it source code used in the web server INFORMATION EXPOSURE...
CVE-2016-5813
An issue was discovered in Visonic PowerLink2, all versions prior to October 2016 firmware release. When a specific URL to an image is accessed, the downloaded image carries with it source code used in the web server INFORMATION EXPOSURE...