EUVD-2026-23864

A vulnerability was determined in Qibo CMS 1.0. Affected by this issue is some unknown functionality of the file /index/image/headers. Executing a manipulation of the argument starts can lead to server-side request forgery. The attack can be launched remotely. The exploit has been publicly...

CVE-2026-6649

A vulnerability was determined in Qibo CMS 1.0. Affected by this issue is some unknown functionality of the file /index/image/headers. Executing a manipulation of the argument starts can lead to server-side request forgery. The attack can be launched remotely. The exploit has been publicly...

CVE-2026-6649 Qibo CMS headers server-side request forgery

A vulnerability was determined in Qibo CMS 1.0. Affected by this issue is some unknown functionality of the file /index/image/headers. Executing a manipulation of the argument starts can lead to server-side request forgery. The attack can be launched remotely. The exploit has been publicly...

CVE-2026-6649

A vulnerability was determined in Qibo CMS 1.0. Affected by this issue is some unknown functionality of the file /index/image/headers. Executing a manipulation of the argument starts can lead to server-side request forgery. The attack can be launched remotely. The exploit has been publicly...

CVE-2026-6649 Qibo CMS headers server-side request forgery

A vulnerability was determined in Qibo CMS 1.0. Affected by this issue is some unknown functionality of the file /index/image/headers. Executing a manipulation of the argument starts can lead to server-side request forgery. The attack can be launched remotely. The exploit has been publicly...

CVE-2018-25158

Chamilo LMS 1.11.8 contains an arbitrary file upload vulnerability that allows authenticated users to upload and execute PHP files through the elfinder filemanager module. Attackers can upload files with image headers in the social myfiles section, rename them to PHP extensions, and execute...

GetSimpleCMS 跨站脚本漏洞

GetSimple CMS is an XML-based, completely self-contained, streamlined content management system. A cross-site scripting vulnerability exists in admin/upload.php in GetSimple CMS version 3.3.16. The vulnerability can be exploited to conduct cross-site scripting attacks by adding comments to the...

CVE-2020-7696

This affects all versions of package react-native-fast-image. When an image with source=uri: "...", headers: host: "somehost.com", authorization: "..." is loaded, all other subsequent images will use the same headers, this can lead to signing credentials or other session tokens being leaked to...

Information Exposure

Overview react-native-fast-image is a FastImage, performant React Native image component. Affected versions of this package are vulnerable to Information Exposure. When an image with source=uri: "...", headers: host: "somehost.com", authorization: "..." is loaded, all other subsequent images will...

Kubik-Rubik Simple Image Gallery Extended Cross-Site Scripting Vulnerability in Joomla!

Joomla! is the U.S. Open Source Matters team developed a set of open source content management system CMS, the system provides RSS feeds, site search and other features . Kubik-Rubik Simple Image Gallery Extended SIGE extension is to use one of the image management extension component. A cross-si...

RHEL 6 : gegl (RHSA-2012:1455)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2012:1455 advisory. GEGL Generic Graphics Library is a graph-based image processing framework. An integer overflow flaw, leading to a heap-based buffer overflow, was fou...

Malformed JPEG headers can be used to execute arbitrary code – Opera Security Advisories

Malformed JPEG headers can be used to execute arbitrary code – Opera Security Advisories OPCOM Team | December 16, 2008 Severity Extremely Severe Problem Description A specially crafted JPEG header can cause Opera to crash, allowing execution of arbitrary code. Opera’s Response Opera Software has...

CVE-2008-2426

Multiple stack-based buffer overflows in Imlib 2 aka imlib2 1.4.0 allow user-assisted remote attackers to cause a denial of service crash or possibly execute arbitrary code via 1 a PNM image with a crafted header, related to the load function in src/modules/loaders/loaderpnm.c; or 2 a crafted XPM...

Ubuntu 4.10 / 5.04 : tiff vulnerability (USN-156-1)

Wouter Hanegraaff discovered that the TIFF library did not sufficiently validate the 'YCbCr subsampling' value in TIFF image headers. Decoding a malicious image with a zero value resulted in an arithmetic exception, which caused the program that uses the TIFF library to crash. This leads to a...

Mandrake Linux Security Advisory : wxPythonGTK (MDKSA-2005:144)

Wouter Hanegraaff discovered that the TIFF library did not sufficiently validate the 'YCbCr subsampling' value in TIFF image headers. Decoding a malicious image with a zero value resulted in an arithmetic exception, which can cause a program that uses the TIFF library to crash. wxPythonGTK uses a...

Mandrake Linux Security Advisory : libtiff (MDKSA-2005:142)

Wouter Hanegraaff discovered that the TIFF library did not sufficiently validate the 'YCbCr subsampling' value in TIFF image headers. Decoding a malicious image with a zero value resulted in an arithmetic exception, which can cause a program that uses the TIFF library to crash. The updated packag...

[USN-156-1] TIFF vulnerability

=========================================================== Ubuntu Security Notice USN-156-1 July 29, 2005 tiff vulnerability https://bugzilla.ubuntu.com/showbug.cgi?id=12008 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu...

FreeBSD : zgv -- exploitable heap overflows (249a8c42-6973-11d9-ae49-000c41e2cdad)

infamous41md reports : zgv uses malloc frequently to allocate memory for storing image data. When calculating how much to allocate, user-supplied data from image headers is multiplied and/or added without any checks for arithmetic overflows. We can overflow numerous calculations, and cause small...

CVE-2004-1095

Multiple integer overflows in 1 readbmp.c, 2 readgif.c, 3 readgif.c, 4 readmrf.c, 5 readpcx.c, 6 readpng.c,7 readpnm.c, 8 readprf.c, 9 readtiff.c, 10 readxbm.c, 11 readxpm.c in zgv 5.8 allow remote attackers to execute arbitrary code via certain image headers that cause calculations to be...

CVE-2004-1095

Multiple integer overflows in 1 readbmp.c, 2 readgif.c, 3 readgif.c, 4 readmrf.c, 5 readpcx.c, 6 readpng.c,7 readpnm.c, 8 readprf.c, 9 readtiff.c, 10 readxbm.c, 11 readxpm.c in zgv 5.8 allow remote attackers to execute arbitrary code via certain image headers that cause calculations to be...