7-Zip 缓冲区错误漏洞

7-Zip is an open-source compression software developed by 7-Zip. Versions 9.11 to 26.00 of 7-Zip contain a buffer error vulnerability. This vulnerability stems from the File Identifier Descriptor parser in the UDF disc image processor, where a heap out-of-bounds read occurs, potentially leading t...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of prohibition for private IOCTL commands in the atomic ISP driver, potentially leading ...

[SECURITY] Fedora 44 Update: rawtherapee-5.12-8.fc44

Rawtherapee is a RAW image processing software. It gives full control over many parameters to enhance the raw picture before finally exporting it to some common image format...

CVE-2022-26427

In camera isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07085540; Issue ID: ALPS07085540...

CVE-2022-26426

In camera isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07085486; Issue ID: ALPS07085486...

MediaTek 芯片 缓冲区错误漏洞

MediaTek chips are a variety of chips from MediaTek, a Chinese company MediaTek. A buffer error vulnerability exists in the MediaTek chips, which stems from a lack of boundary checking in the camera isp, resulting in an out-of-bounds read. An attacker could exploit this vulnerability to obtain...

MediaTek camera isp 缓冲区错误漏洞

MediaTek camera isp is an image signal processor from MediaTek, a Chinese company. MediaTek camera isp suffers from a buffer error vulnerability that stems from a lack of boundary checking, which could result in out-of-bounds writes. This could result in a local privilege escalation that requires...

PT-2022-15133 · Mediatek +1 · Mt6833 +1

Name of the Vulnerable Software and Affected Versions: No specific software name or version is mentioned in the provided descriptions. Description: In the camera ISP, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with Syste...

MediaTek cameraisp 缓冲区错误漏洞

MediaTek cameraisp is an image processor from China's MediaTek Mediatek. It is used to improve the quality of pictures. A buffer overflow vulnerability exists in MediaTek cameraisp that can be exploited by an attacker to elevate privileges...

PT-2018-14766 · Mpdf · Mpdf

Name of the Vulnerable Software and Affected Versions: mPDF versions prior to 7.1.7 Description: The issue allows for Server-Side Request Forgery SSRF if mPDF is deployed as a web application that accepts arbitrary HTML. This can be demonstrated by an substring that triggers a call to getImage in...

Unspecified Cross-Site Scripting Vulnerability in Zenphoto

Zenphoto is a free photo gallery content management system developed by the Zenphoto team. The system manages images and supports multimedia such as audio and video. A cross-site scripting vulnerability exists in the image processor of Zenphoto versions prior to 1.4.7. A remote attacker can explo...

Wordpress N-Media Website Contact Form with File Upload 1.5 - Local File Inclusion Vulnerability

Exploit for php platform in category web applications Exploit Title: website contact form with file upload 1.5 Exploit Local File Inclusion Google Dork: inurl:"/plugins//website-contact-form-with-file-upload/" Date: 07.05.2015 Exploit Author: T3N38R15 Software Link:...

Cross site scripting

Cross-site scripting XSS vulnerability in the image processor in Zenphoto before 1.4.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2015-2948

Cross-site scripting XSS vulnerability in the image processor in Zenphoto before 1.4.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2015-2948

Zenphoto prior to version 1.4.8 contains a cross-site scripting (XSS) vulnerability in the image processor (CVE-2015-2948). This allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, potentially executing in a user’s browser. The vulnerability affects Zenphoto 1....

WordPress Plugin N-Media Website Contact Form with File Upload 1.5 - Local File Inclusion

WordPress Plugin N-Media Website Contact Form with File Upload 1.5 - Local File Inclusion Exploit Title: website contact form with file upload 1.5 Exploit Local File Inclusion Google Dork: inurl:"/plugins//website-contact-form-with-file-upload/" Date: 07.05.2015 Exploit Author: T3N38R15 Software...

WordPress Plugin N-Media Website Contact Form with File Upload 1.5 - Local File Inclusion

Exploit Title: website contact form with file upload 1.5 Exploit Local File Inclusion Google Dork: inurl:"/plugins//website-contact-form-with-file-upload/" Date: 07.05.2015 Exploit Author: T3N38R15 Software Link: https://wordpress.org/plugins/website-contact-form-with-file-upload/ Version: 1.5...

GLSA-200510-26 : XLI, Xloadimage: Buffer overflow

The remote host is affected by the vulnerability described in GLSA-200510-26 XLI, Xloadimage: Buffer overflow When XLI or Xloadimage process an image, they create a new image object to contain the new image, copying the title from the old image to the newly created image. Ariel Berkman reported...

CVE-2004-0753

The BMP image processor for 1 gdk-pixbuf before 0.22 and 2 gtk2 before 2.2.4 allows remote attackers to cause a denial of service infinite loop via a crafted BMP file...

CVE-2004-0753

The BMP image processor for 1 gdk-pixbuf before 0.22 and 2 gtk2 before 2.2.4 allows remote attackers to cause a denial of service infinite loop via a crafted BMP file...