EUVD-2021-28274

Malicious code in bioql PyPI...

ruby-dragonfly

This repository is an offensive tool for Ruby. It is a highly customizable gem for handling images and other attachments, and is already in use on thousands of websites. The tool is designed to generate image thumbnails in Rails and to manage attachments in web applications. It provides a range o...

WordPress Plugin Gallery - Image and Video Gallery with Thumbnails Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin Gallery - Image and Video...

GHSA-276R-24XQ-HWG8 Pimcore XSS Vulnerability

Pimcore allows XSS via Users, Assets, Data Objects, Video Thumbnails, Image Thumbnails, Field-Collections, Objectbrick, Classification Store, Document Types, Predefined Properties, Predefined Asset Metadata, Quantity Value, and Static Routes functions...

Pimcore XSS Vulnerability

Pimcore allows XSS via Users, Assets, Data Objects, Video Thumbnails, Image Thumbnails, Field-Collections, Objectbrick, Classification Store, Document Types, Predefined Properties, Predefined Asset Metadata, Quantity Value, and Static Routes functions...

Cross-site Scripting (XSS)

pimcore/pimcore is vulnerable to cross-site scripting. An attacker can inject and execute malicious javascript through the pricing rule of online shop in EcommerceFrameworkBundle, image thumbnails in settings, and video thumbnails in settings...

Cross-site Scripting (XSS) - Stored

Description pimcore datahub is vulnerable to Stored XSS in multiple places including: 1 the Pricing Rule of Online Shop in EcommerceFrameworkBundle. Whenever an admin user access Pricing Rule, a stored XSS will be triggered. 2 Image Thumbnails in Settings. Whenever an admin user access Image...

Nextcloud Android app information disclosure vulnerability (CNVD-2022-18414)

Nextcloud Android app is an Android-based mobile application for accessing Nextcloud servers from the German company Nextcloud. information disclosure in versions of Nextcloud Android app prior to 3.17.1, the vulnerability stems from a network system or product that has a configuration and other...

CVE-2021-41166

The Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. An issue in versions prior to 3.17.1 may lead to sensitive information disclosure. An unauthorized app that does not have the otherwise required MANAGEDOCUMENTS permission may view image thumbnails...

CVE-2021-41166

The Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. An issue in versions prior to 3.17.1 may lead to sensitive information disclosure. An unauthorized app that does not have the otherwise required MANAGEDOCUMENTS permission may view image thumbnails...

Information disclosure

The Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. An issue in versions prior to 3.17.1 may lead to sensitive information disclosure. An unauthorized app that does not have the otherwise required MANAGEDOCUMENTS permission may view image thumbnails...

CVE-2021-41166 Permission bypass in Nextcloud Android App

The Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. An issue in versions prior to 3.17.1 may lead to sensitive information disclosure. An unauthorized app that does not have the otherwise required MANAGEDOCUMENTS permission may view image thumbnails...

CVE-2021-41166

CVE-2021-41166 affects the Nextcloud Android app. An unauthorized app lacking the MANAGE_DOCUMENTS permission may view image thumbnails for images it should not access. The issue is fixed in version 3.17.1; there are no known workarounds. Users and administrators should upgrade to 3.17.1 or later...

Design/Logic Flaw

Pimcore allows XSS via Users, Assets, Data Objects, Video Thumbnails, Image Thumbnails, Field-Collections, Objectbrick, Classification Store, Document Types, Predefined Properties, Predefined Asset Metadata, Quantity Value, and Static Routes functions...

CVE-2018-14059

Pimcore allows XSS via Users, Assets, Data Objects, Video Thumbnails, Image Thumbnails, Field-Collections, Objectbrick, Classification Store, Document Types, Predefined Properties, Predefined Asset Metadata, Quantity Value, and Static Routes functions...

Kanboard Design Vulnerability (CNVD-2017-30939)

Kanboard is a French software developer Frederic Guillot developed a set of open source visualization task board software. The software supports customization of the panel according to the business, task dragging and so on. A security vulnerability exists in Kanboard versions prior to 1.0.47. An...

Inserted image filenames are not escaped properly as thumbnails

When you insert an image as a thumbnail into a wiki page, the generated HTML does not properly escape the filename...

Microsoft MSN Messenger 6.2.0137 - .png Remote Buffer Overflow

Microsoft MSN Messenger 6.2.0137 - .png Remote Buffer Overflow // source: https://www.securityfocus.com/bid/12506/info A remotely exploitable buffer overflow exists in MSN Messenger and Windows Messenger. This vulnerability is related to parsing of Portable Network Graphics PNG image header data...

Expression Web 4 Service Pack 2 (KB2571841)

Microsoft Expression Web 4 Service Pack 2 SP2 contains significant fixes and improvements. It includes support for jQuery, image thumbnails in the Folder List panel, a new Snippets panel, universal comment/uncomment, custom toolbars, and custom workspaces...