WordPress plugin Debug Tool 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress plugin Wechat Social login 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in...

libXpm: out of bounds read in XpmCreateXpmImageFromBuffer()

A vulnerability was found in libXpm due to a boundary condition within the XpmCreateXpmImageFromBuffer function. This flaw allows a local attacker to trigger an out-of-bounds read error and read the contents of memory on the system...

PT-2024-21049 · Unknown · Pandaxgo Pandax

Name of the Vulnerable Software and Affected Versions: PandaXGO PandaX up to 20240310 Description: A critical issue has been identified, affecting the DeleteImage function in the /apps/system/router/upload.go file. The vulnerability can be exploited by manipulating the fileName argument with a...

kernel: usb: idmouse: fix an uninit-value in idmouse_open

A use of uninitialized memory was found in the Linux kernel's idmouse USB fingerprint reader driver. In idmousecreateimage, when any ftipcommand fails, control jumps to the reset label but leaves bulkinbuffer data uninitialized. The subsequent check for a valid image then dereferences this...

PT-2023-23737 · Zhong Bang · Zhong Bang Crmeb

Name of the Vulnerable Software and Affected Versions: Zhong Bang CRMEB versions up to 4.6.0 Description: A vulnerability was found in the function put image of the file api/controller/v1/PublicController.php. The manipulation leads to deserialization. The attack can be launched remotely. The...

CVE-2023-1956

A vulnerability classified as critical was found in SourceCodester Online Computer and Laptop Store 1.0. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php?f=deleteimg of the component Image Handler. The manipulation of the argument path leads to path...

Remote code execution

LightCMS v1.3.7 was discovered to contain a remote code execution RCE vulnerability via the image:make function...

CVE-2023-1467

A vulnerability classified as critical has been found in SourceCodester Student Study Center Desk Management System 1.0. Affected is an unknown function of the file Master.php?f=deleteimg of the component POST Parameter Handler. The manipulation of the argument path with the input C%3A%2Ffoo.txt...

SUSE CVE-2017-12937

The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has a colormap heap-based buffer over-read...

SUSE CVE-2018-18544

There is a memory leak in the function WriteMSLImage of coders/msl.c in ImageMagick 7.0.8-13 Q16, and the function ProcessMSLScript of coders/msl.c in GraphicsMagick before 1.3.31...

CVE-2022-46599

TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the setlogonum parameter in the icpsetlogoimg sub41DBF4 function...

CVE-2022-32328

Fast Food Ordering System v1.0 is vulnerable to Delete any file. via /ffos/classes/Master.php?f=deleteimg...

CVE-2022-31973

Online Fire Reporting System v1.0 is vulnerable to Delete any file via /ofrs/classes/Master.php?f=deleteimg...

CVE-2022-26645

A remote code execution RCE vulnerability in Online Banking System Protect v1.0 allows attackers to execute arbitrary code via a crafted PHP file uploaded through the Upload Image function...

PT-2022-17977

Name of the Vulnerable Software and Affected Versions Online Banking System Protect version 1.0 Description A remote code execution issue allows attackers to execute arbitrary code via a crafted PHP file uploaded through the Upload Image function. Recommendations For Online Banking System Protect...

Yzmcms 代码问题漏洞

YzmCMS is a lightweight open source content management system based on PHP Mysql architecture developed solely by Yuan Zhimeng. a server-side request forgery vulnerability exists in the grabimage function in YzmCMS version 5.5. No detailed vulnerability details are provided...

CVE-2021-39609

Cross Site Scripting XSS vulnerability exiss in FlatCore-CMS 2.0.7 via the upload image function...

ghostscript: buffer overflow in p_print_image() in devices/gdevcdj.c could result in a DoS

A buffer overflow vulnerability in pprintimage in devices/gdevcdj.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51...

CVE-2021-28203

The Web Set Media Image function in ASUS BMC’s firmware Web management page does not filter the specific parameter. As obtaining the administrator permission, remote attackers can launch command injection to execute command arbitrary...