CVE-2025-20248 Cisco IOS XR Software Image Verification Bypass Vulnerability

A vulnerability in the installation process of Cisco IOS XR Software could allow an authenticated, local attacker to bypass Cisco IOS XR Software image signature verification and load unsigned software on an affected device. To exploit this vulnerability, the attacker must have root-system...

CVE-2024-3112

The Quotes and Tips by BestWebSoft WordPress plugin before 1.45 does not properly validate image files uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to for example in multisite setup...

CVE-2011-2772

The getdatarootimagepath function in lib/file.php in Mahara before 1.4.1 does not properly validate uploaded image files, which allows remote attackers to cause a denial of service memory consumption via a 1 large or 2 invalid image...

CVE-2021-22205

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution...

CVE-2023-1381 WP Meta SEO < 4.5.5 - Author+ PHAR Deserialization

The WP Meta SEO WordPress plugin before 4.5.5 does not validate image file paths before attempting to manipulate the image files, leading to a PHAR deserialization vulnerability. Furthermore, the plugin contains a gadget chain which may be used in certain configurations to achieve remote code...

GitLab 7.12.x < 13.8.8 / 13.9.x < 13.9.6 / 13.10.x < 13.10.3 RCE

According to its self-reported version, the instance of GitLab running on the remote web server is prior to 13.8.8, 13.9.x prior to 13.9.6, or 13.10.x prior to 13.10.3. It is, therefore, affected by a remote code execution due to not properly validating image files being passed to a file parser. ...

CVE-2021-22205

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution...

mkportal <= 1.2.1 () Multiple Vulnerabilities

No description provided by source. waraxe-2009-SA070 - Multiple Vulnerabilities in MKPortal = 1.2.1 ============================================================================== Author: Janek Vind waraxe Date: 15. January 2009 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-70.html...

Discuz! &lt;=2.5 csrf防御绕过

简要描述： 在Discuz! '.gif', 2 = '.jpg', 3 = '.png'; 只检查了后缀而不像3.0以上用库检查了图片格式 漏洞证明： 步骤 1、新建一个获取页面源码 提取formhash 然后用formhash发送添加副站长请求的swf，保存为.jpg后缀 2、注册一个账号，去/home.php?mod=spacecp&ac=avatar上传上一步生成的.jpg后缀的swf文件并抓包 上传后的地址应该是 http://192.168.1.104/ucserver/data/tmp/uploaduid.jpg这样的...

MKPortal 1.2.1 XSS / SQL Injection / File Upload

waraxe-2009-SA070 - Multiple Vulnerabilities in MKPortal = 1.2.1 ============================================================================== Author: Janek Vind "waraxe" Date: 15. January 2009 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-70.html Description of vulnerable software...