Lucene search
+L

340 matches found

Hacker One
Hacker One
added 2016/03/11 9:42 p.m.15 views

Imgur: Local file read in image editor

Filepaths were able to traverse up outside of their intended directory when using the /edit/process API endpoint. Insufficient imageid filtration in image editor allowed an attacker to read arbitrary files. An attacker could read files by setting file path in imageid GET param in /edit/process AP...

1.9AI score
Exploits0
n0where
n0where
added 2016/02/03 5:31 a.m.35 views

UEFI firmware image viewer and editor: UEFITool

It supports parsing of full BIOS images starting with the flash descriptor or any binary files containing UEFI volumes. Original development was started here at MDL forums as a cross-platform analog to PhoenixTool ‘s structure mode with some additional features, but the program’s engine was prove...

7AI score
Exploits0References2
seebug.org
seebug.org
added 2015/09/07 12:0 a.m.24 views

WordPress Aviary Image Editor Add On For Gravity Forms Plugin 3.0 /includes/upload.php File Upload

No description provided by source...

7.1AI score
Exploits0
CVE
CVE
added 2015/07/01 2:0 p.m.49 views

CVE-2014-1836

ImpressCMS 1.3.5 and earlier contain an absolute path traversal in htdocs/libraries/image-editor/image-edit.php via the image_path parameter in a cancel action, enabling remote attackers to delete arbitrary files. This is associated with CVE-2014-1836 and is documented in multiple advisories (GHS...

6.4CVSS6.8AI score0.03711EPSS
Exploits3References5Affected Software1
exploitpack
exploitpack
added 2015/06/12 12:0 a.m.31 views

WordPress Plugin Aviary Image Editor Addon For Gravity Forms 3.0 Beta - Arbitrary File Upload

WordPress Plugin Aviary Image Editor Addon For Gravity Forms 3.0 Beta - Arbitrary File Upload Title: Remote file upload vulnerability in aviary-image-editor-add-on-for-gravity-forms v3.0beta Wordpress plugin Author: Larry W. Cashdollar, @larry0 Date: 2015-06-07 Download Site:...

0.8AI score
Exploits0
Patchstack
Patchstack
added 2015/06/12 12:0 a.m.23 views

WordPress Aviary Image Editor Add On For Gravity Forms Plugin - Beta Shell Upload

The remote file upload vulnerability is in aviary-image-editor-add-on-for-gravity-forms/includes/upload.php. Because of this vulnerability anyone can upload any file to the system. Solution Upgrade the plugin...

9.8CVSS3.2AI score0.40595EPSS
Exploits3References1Affected Software1
Exploit DB
Exploit DB
added 2015/06/12 12:0 a.m.53 views

WordPress Plugin Aviary Image Editor Addon For Gravity Forms 3.0 Beta - Arbitrary File Upload

Title: Remote file upload vulnerability in aviary-image-editor-add-on-for-gravity-forms v3.0beta Wordpress plugin Author: Larry W. Cashdollar, @larry0 Date: 2015-06-07 Download Site: https://wordpress.org/plugins/aviary-image-editor-add-on-for-gravity-forms Vendor: Waters Edge Web Design and...

7.4AI score
Exploits0
0day.today
0day.today
added 2015/06/11 12:0 a.m.59 views

WordPress Aviary Image Editor Add On For Gravity Forms 3.0 Beta Shell Upload Exploit

WordPress Aviary Image Editor Add On For Gravity Forms plugin version 3.0 beta suffers from a remote shell upload vulnerability. Title: Remote file upload vulnerability in aviary-image-editor-add-on-for-gravity-forms v3.0beta Wordpress plugin Author: Larry W. Cashdollar, @larry0 Date: 2015-06-07...

7.5CVSS0.2AI score0.40595EPSS
Exploits3
Packet Storm
Packet Storm
added 2015/06/11 12:0 a.m.47 views

WordPress Aviary Image Editor Add On For Gravity Forms 3.0 Beta Shell Upload

Title: Remote file upload vulnerability in aviary-image-editor-add-on-for-gravity-forms v3.0beta Wordpress plugin Author: Larry W. Cashdollar, @larry0 Date: 2015-06-07 Download Site: https://wordpress.org/plugins/aviary-image-editor-add-on-for-gravity-forms Vendor: Waters Edge Web Design and...

0.1AI score0.40595EPSS
Exploits3
WPVulnDB
WPVulnDB
added 2015/06/09 12:0 a.m.31 views

Aviary Image Editor Add-on For Gravity Forms <= 3.0beta - Unauthenticated File Upload

There is a remote file upload vulnerability in aviary-image-editor-add-on-for-gravity-forms/includes/upload.php. An unauthenticated user can upload any file to the system, including PHP files. upload.php does not check that the user is authenticated and a simple POST request will allow arbitrary...

7.5CVSS4.2AI score0.40595EPSS
Exploits3References3Affected Software1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.9 views

CityPost PHP Image Editor M4 URI Parameter Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13260/info CityPost Image Cropper/Resizer is affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'image-editor-52.php' script...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.23 views

CityPost PHP Image Editor Imgsrc URI Parameter Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13259/info CityPost Image Cropper/Resizer is affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'image-editor-52.php' script...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.37 views

FreeVimager 4.1.0 Crash PoC

No description provided by source. !/usr/bin/perl FreeVimager 4.1.0 = WriteAV Arbitrary Code Execution Author: Jean Pascal Pereira [email protected] Vendor URI: http://www.contaware.com Vendor Decription: This is a Free & Fast Image Viewer and Editor for Windows. It can as well play avi video...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.25 views

Sitefinity CMS (ASP.NET) Shell Upload Vulnerability

No description provided by source. ============================================================= Sitefinity CMS ASP.NET Shell Upload Vulnerability ============================================================= Exploit Title: Sitefinity CMS ASP.NET Shell Upload Vulnerability DDate: 16/11/2010 Autho...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.12 views

CityPost PHP Image Editor M2 URI Parameter Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13257/info CityPost Image Cropper/Resizer is affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'image-editor-52.php' script...

7.1AI score
Exploits0
OSV
OSV
added 2013/12/12 6:55 p.m.5 views

DEBIAN-CVE-2013-1913

Integer overflow in the loadimage function in file-xwd.c in the X Window Dump XWD plug-in in GIMP 2.6.9 and earlier, when used with glib before 2.24, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a large color entries value in an X Window Syste...

6.8CVSS7.6AI score0.04066EPSS
Exploits0References1
OSV
OSV
added 2012/12/18 1:55 a.m.3 views

DEBIAN-CVE-2012-5576

Multiple stack-based buffer overflows in file-xwd.c in the X Window Dump XWD plug-in in GIMP 2.8.2 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via a large 1 red, 2 green, or 3 blue color mask in an XWD file...

7.5CVSS8.1AI score0.06813EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2012/08/20 1:25 p.m.12 views

plug-in): heap buffer overflow when loading external palette files

Heap-based buffer overflow in the KiSS CEL file format plug-in in GIMP 2.8.x and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted KiSS palette file, which triggers an "invalid free."...

6.8CVSS6.4AI score0.04954EPSS
Exploits0References4
exploitpack
exploitpack
added 2012/06/23 12:0 a.m.20 views

SilverStripe CMS Pixlr Image Editor - upload.php Arbitrary File Upload

SilverStripe CMS Pixlr Image Editor - upload.php Arbitrary File Upload source: https://www.securityfocus.com/bid/54172/info Pixlr Image Editor is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplie...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2012/06/23 12:0 a.m.17 views

Silverstripe Pixlr Image Editor 1.0.4 Shell Upload

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : 1337day.com 0 1 + Support e-mail :...

7.4AI score
Exploits0
Rows per page
Query Builder