Malicious code in 0ctf-chalweb (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6d7a129ab6079febb92ceac3587af97653477bce8a65b8e85bfa5bcae0293b0d The package's entire content xss.js is a 2-line cookie-stealing payload that creates an Image element pointing to...

Exploit for Improper Input Validation in Tecrail Responsive_Filemanager

POC-CVE-2020-10567 RCE poc - RESPONSIVE filemanager v.9.14.0...

CVE-2026-25579

Navidrome is an open source web-based music collection server and streamer. Prior to version 0.60.0, authenticated users can crash the Navidrome server by supplying an excessively large size parameter to /rest/getCoverArt or to a shared-image URL /share/img/. When processing such requests, the...

EUVD-2012-2667

Malware in sbrugna...

CVE-2020-22002

An Unauthenticated Server-Side Request Forgery SSRF vulnerability exists in Inim Electronics Smartliving SmartLAN/G/SI =6.x within the GetImage functionality. The application parses user supplied data in the GET parameter 'host' to construct an image request to the service through onvif.cgi. Sinc...

CVE-2020-12772

An issue was discovered in Ignite Realtime Spark 2.8.3 and the ROAR plugin for it on Windows. A chat message can include an IMG element with a SRC attribute referencing an external host's IP address. Upon access to this external host, the NTLM hashes of the user are sent with the HTTP request. Th...

CVE-2017-9391

An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides UPnP services that are available on port 3480 and can also be accessed via port 80 using the url "/port3480". It seems that the UPnP services provide "requestimage" as one of the service actions for ...

CVE-2017-9392

An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides UPnP services that are available on port 3480 and can also be accessed via port 80 using the url "/port3480". It seems that the UPnP services provide "requestimage" as one of the service actions for ...

Mozilla: Use-after-free and buffer overflow issues found using Address Sanitizer (MFSA 2013-02)

Use-after-free vulnerability in the imgRequest::OnStopFrame function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to...

Cross site request forgery (csrf)

Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid MRG 2.0, allows remote authenticated users to cause a denial of service memory consumption via a large size in an image request...

CVE-2012-2685

Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid MRG 2.0, allows remote authenticated users to cause a denial of service memory consumption via a large size in an image request...