CVE-2025-32320

In System UI, there is a possible way to view other users' images due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-55944

Slink v1.4.9 allows stored cross-site scripting XSS via crafted SVG uploads. When a user views the shared image in a new browser tab, the embedded JavaScript executes. The issue affects both authenticated and unauthenticated users...

CVE-2024-11219 Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE <= 3.0.6 - Unauthetnicated Path Traversal to Arbitrary Image View

The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 3.0.6 via the getimage function. This makes it possible for unauthenticated attackers to view arbitrary images on the server, whi...

Splunk Enterprise 安全漏洞

Splunk Enterprise is a suite of data collection and analytics software from Splunk, Inc. in the United States. A security vulnerability exists in Splunk Enterprise versions 9.2.x prior to 9.2.3 and 9.1.x prior to 9.1.6, which stems from a low-privileged user being able to view an image on a...

BrewStillery (>=1.0.0 <=6.2.0), Druid_task1 (=0.1.0) +395 more potentially affected by unknown CVE via atk-sys (>=0.10.0 <=0.9.1)

atk-sys CARGO version =0.10.0, =1.0.0, =0.13.2, =1.0.0, =0.2.0, =0.1.0, =0.0.1, =0.1.2, =0.2.0, =0.6.0, =0.21.0, =0.30.1 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2024-0416...

CVE-2023-40138

In FillUi of FillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

GHSA-F7QW-5FGJ-247X Cross-site Scripting and Open Redirect in plone.app.contenttypes

Impact Plone is vulnerable to reflected cross site scripting and open redirect when an attacker can get a compromised version of the imageviewfullscreen page in a cache, for example in Varnish. The technique is known as cache poisoning. Any later visitor can get redirected when clicking on a link...

PYSEC-2022-21

Products.ATContentTypes are the core content types for Plone 2.1 - 4.3. Versions of Plone that are dependent on Products.ATContentTypes prior to version 3.0.6 are vulnerable to reflected cross site scripting and open redirect when an attacker can get a compromised version of the imageviewfullscre...

PT-2022-16115 · Unknown +2 · Products.Atcontenttypes +2

Name of the Vulnerable Software and Affected Versions: Plone versions 2.1 through 4.3 Products.ATContentTypes versions prior to 3.0.6 Description: The issue concerns reflected cross site scripting and open redirect vulnerabilities. An attacker can exploit these by getting a compromised version of...

Horde Groupware Webmail < 5.2.22 XSS Vulnerability - Linux

Horde Groupware Webmail is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2020-8035

Affected software: Horde Groupware Webmail Edition. Vulnerability: stored XSS via SVG image uploads, enabling a remote attacker to obtain access to a victim’s webmail account. Affected versions are Horde Groupware Webmail Edition prior to 5.2.22. Risk details are stated in the connected documents...

Outlook for Android - Attachment Download Directory Traversal

''' There is a directory traversal issue in attachment downloads in Outlook for Android. There is no path sanitization on the attachment filename in the app. If the email account is a Hotmail account, this will be sanitized by the server, but for other accounts it will not be. This allows a file ...

Flickr Image View Detection

Binary data 6971.prm...

CVE-2010-4979

SQL injection vulnerability in image/view.php in CANDID allows remote attackers to execute arbitrary SQL commands via the imageid parameter...

CVE-2010-4978

Cross-site scripting XSS vulnerability in image/view.php in CANDID allows remote attackers to inject arbitrary web script or HTML via the imageid parameter...

CVE-2010-4978

Cross-site scripting XSS vulnerability in image/view.php in CANDID allows remote attackers to inject arbitrary web script or HTML via the imageid parameter...

CVE-2010-4979

SQL injection vulnerability in image/view.php in CANDID allows remote attackers to execute arbitrary SQL commands via the imageid parameter...

CVE-2010-4978

CVE-2010-4978 is a Cross-site scripting (XSS) vulnerability in CANDID, affecting the image/view.php handler. The vulnerability is triggered via the image_id parameter, allowing remote attackers to inject arbitrary web script or HTML. Public sources in the connected documents corroborate: the code...

Security holes : PHP Image View, NewsPro, Photo DB, As_web, GuestBook

Hi all : 1 PHP Image View 1.0 http://www.onlinetools.org Problems : - XSS - phpinfo; Exploits : - /phpimageview.php?pw=show - /phpimageview.php?pic=javascript:alertdocument.domain 2 NewsPro 1.01 http://www.aspbin.co.uk Problem : - Admin access Exploit : - Set cookie "logged,true" on the...