119 matches found
DEBIAN-CVE-2020-12641
rcubeimage.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for imconvertpath or imidentifypath...
OS Command Injection
im-resize is vulnerble to OS command injection. Lack of validation allows an attacker to inject and execute arbitrary OS commands on the system using a malicious image path value...
OFCMS backend ueditor uploadImage file upload vulnerability
OFCMS is a content management system based on Java technology. A backend ueditor uploadImage file upload vulnerability exists in versions of OFCMS prior to 1.1.3. The vulnerability stems from the blocking of .jsp and .jspx files without taking into account the file.jsp::$DATA of the...
iOS Image Gatherer
This module collects images from iPhones. Module was tested on iOS 10.3.3 on an iPhone 5. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'iOS Image Gatherer', 'Description' = %q This module...
Design/Logic Flaw
Palo Alto Networks GlobalProtect Agent before 4.0.3 allows attackers with administration rights on the local station to gain SYSTEM privileges via vectors involving "image path execution hijacking."...
CVE-2017-15870
Palo Alto Networks GlobalProtect Agent before 4.0.3 allows attackers with administration rights on the local station to gain SYSTEM privileges via vectors involving "image path execution hijacking."...
CVE-2017-15870
Palo Alto Networks GlobalProtect Agent before 4.0.3 allows attackers with administration rights on the local station to gain SYSTEM privileges via vectors involving "image path execution hijacking."...
CVE-2017-15870
CVE-2017-15870 affects Palo Alto Networks GlobalProtect Client/App on macOS up to version 4.0.2 (before 4.0.3). The vulnerability is a local privilege escalation via an image path execution hijacking vector. Exploitation requires local administrative privileges on the compromised host and can gra...
CVE-2017-15870
Palo Alto Networks GlobalProtect Agent before 4.0.3 allows attackers with administration rights on the local station to gain SYSTEM privileges via vectors involving "image path execution hijacking."...
GlobalProtect App Vulnerability
An "image path execution hijacking" vulnerability affects the Palo Alto Networks Global Protect Client. Exploitation of this issue requires the root privileges on the local station. An attacker could exploit this vulnerability to obtain a certain level of persistence on the compromised host. ref...
CVE-2017-5982
Directory traversal vulnerability in the Chorus2 2.4.2 add-on for Kodi allows remote attackers to read arbitrary files via a %2E%2E%252e encoded dot dot slash in the image path, as demonstrated by image/image%3A%2F%2F%2e%2e%252fetc%252fpasswd...
CVE-2017-5982
Directory traversal vulnerability in the Chorus2 2.4.2 add-on for Kodi allows remote attackers to read arbitrary files via a %2E%2E%252e encoded dot dot slash in the image path, as demonstrated by image/image%3A%2F%2F%2e%2e%252fetc%252fpasswd...
CVE-2017-5982
Directory traversal vulnerability in the Chorus2 2.4.2 add-on for Kodi allows remote attackers to read arbitrary files via a %2E%2E%252e encoded dot dot slash in the image path, as demonstrated by image/image%3A%2F%2F%2e%2e%252fetc%252fpasswd...
The vulnerability of the Ruby Colorscore interpreter extension, which allows a hacker to execute arbitrary code.
The vulnerability of the class initialization method Histogram lib/colorscore/histogram.rb in the Ruby Colorscore extension is related to the lack of measures to clean input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using metasymbols in variables like...
Ruby colorscore gem arbitrary code execution vulnerability
Ruby is a cross-platform, object-oriented, dynamically-typed programming language developed by Japanese software developer Yukihiro Matsumoto. colorscore gem is one of the libraries used to distinguish colors. A security vulnerability exists in the 'initialize' method of the Histogram class in th...
MGASA-2015-0421 Updated mediawiki packages fix security vulnerabilities
Updated mediawiki packages fix security vulnerabilities: In MediaWiki before 1.23.11, the API failed to correctly stop adding new chunks to the upload when the reported size was exceeded, allowing a malicious user to upload add an infinite number of chunks for a single file upload CVE-2015-8001. ...
WordPress FuneralPress 1.1.6 Cross Site Scripting
WP FuneralPress - stored xss in guestbook "FuneralPress is an online website obituary management and guest book program for funeral homes and cemeteries" http://wpfuneralpress.com/ tested on: funeralpress version 1.1.6 / wordpress version 3.5.1 impact: malicious script execution as wordpress...
CVE-2007-2053
Multiple stack-based buffer overflows in AFFLIB before 2.2.6 allow remote attackers to cause a denial of service crash or possibly execute arbitrary code via 1 a long LastModified value in an S3 XML response in lib/s3.cpp; 2 a long a path or b bucket in an S3 URL in lib/vnodes3.cpp; or 3 a long c...
McAfee VirusScan 4.5 Unquoted ImagePath Vulnerability
Description The default installation of McAfee VirusScan excludes quotes around the image path eg. ImagePath=C:\Program Files\Common Files\Network Associates\McShield\McShield.exe. Therefore, if a malicious user were to insert a hostile VB executable file named common.exe in C:\Program Files, it...