EUVD-2007-4185

Malware in sbrugna...

EUVD-2009-0660

Malware in sbrugna...

UBUNTU-CVE-2024-8373

Improper sanitization of the value of the srcset attribute in HTML elements in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/ContentSpoofing . This issue affects all versions of...

Slack: Content Spoofing

Here is an unvalidated insertion of an image, resulting to content spoofing https://awayon.slack.com/account/photo?url=http://www.thenewstribe.com/wp-content/uploads/2014/01/Syrian-Electronic-Army-hacked-CNN.jpg It displays any photo, what the attacker must know is just the "awayon" or the team...

HackerOne: Pixel flood attack

Hey guys, I just found a way to make your service timeout. I didn't know if I should put this under the Internet section of just the HackerOne section, because the exploit also crashes my Windows Image Viewer. A lot of other services should be vulnerable as well. For the sake of responsible...

Design/Logic Flaw

Guidance Software EnCase Enterprise Edition EEE 6 does not properly verify the identity of the acquisition target during communication with the EnCase Servlet EEE servlet, which might allow remote attackers to spoof the disk image...

CVE-2007-4202

Guidance Software EnCase Enterprise Edition EEE 6 does not properly verify the identity of the acquisition target during communication with the EnCase Servlet EEE servlet, which might allow remote attackers to spoof the disk image...

Image drag and drop executable spoofing — Mozilla

Images dragged and dropped from a webpage to the desktop preserved their original name and extension. If this were an executable extension then the file would be executed rather than opened in a media application...