340 matches found
Imgur: Local file read in image editor
Filepaths were able to traverse up outside of their intended directory when using the /edit/process API endpoint. Insufficient imageid filtration in image editor allowed an attacker to read arbitrary files. An attacker could read files by setting file path in imageid GET param in /edit/process AP...
UEFI firmware image viewer and editor: UEFITool
It supports parsing of full BIOS images starting with the flash descriptor or any binary files containing UEFI volumes. Original development was started here at MDL forums as a cross-platform analog to PhoenixTool ‘s structure mode with some additional features, but the program’s engine was prove...
WordPress Aviary Image Editor Add On For Gravity Forms Plugin 3.0 /includes/upload.php File Upload
No description provided by source...
CVE-2014-1836
ImpressCMS 1.3.5 and earlier contain an absolute path traversal in htdocs/libraries/image-editor/image-edit.php via the image_path parameter in a cancel action, enabling remote attackers to delete arbitrary files. This is associated with CVE-2014-1836 and is documented in multiple advisories (GHS...
WordPress Plugin Aviary Image Editor Addon For Gravity Forms 3.0 Beta - Arbitrary File Upload
WordPress Plugin Aviary Image Editor Addon For Gravity Forms 3.0 Beta - Arbitrary File Upload Title: Remote file upload vulnerability in aviary-image-editor-add-on-for-gravity-forms v3.0beta Wordpress plugin Author: Larry W. Cashdollar, @larry0 Date: 2015-06-07 Download Site:...
WordPress Aviary Image Editor Add On For Gravity Forms Plugin - Beta Shell Upload
The remote file upload vulnerability is in aviary-image-editor-add-on-for-gravity-forms/includes/upload.php. Because of this vulnerability anyone can upload any file to the system. Solution Upgrade the plugin...
WordPress Plugin Aviary Image Editor Addon For Gravity Forms 3.0 Beta - Arbitrary File Upload
Title: Remote file upload vulnerability in aviary-image-editor-add-on-for-gravity-forms v3.0beta Wordpress plugin Author: Larry W. Cashdollar, @larry0 Date: 2015-06-07 Download Site: https://wordpress.org/plugins/aviary-image-editor-add-on-for-gravity-forms Vendor: Waters Edge Web Design and...
WordPress Aviary Image Editor Add On For Gravity Forms 3.0 Beta Shell Upload Exploit
WordPress Aviary Image Editor Add On For Gravity Forms plugin version 3.0 beta suffers from a remote shell upload vulnerability. Title: Remote file upload vulnerability in aviary-image-editor-add-on-for-gravity-forms v3.0beta Wordpress plugin Author: Larry W. Cashdollar, @larry0 Date: 2015-06-07...
WordPress Aviary Image Editor Add On For Gravity Forms 3.0 Beta Shell Upload
Title: Remote file upload vulnerability in aviary-image-editor-add-on-for-gravity-forms v3.0beta Wordpress plugin Author: Larry W. Cashdollar, @larry0 Date: 2015-06-07 Download Site: https://wordpress.org/plugins/aviary-image-editor-add-on-for-gravity-forms Vendor: Waters Edge Web Design and...
Aviary Image Editor Add-on For Gravity Forms <= 3.0beta - Unauthenticated File Upload
There is a remote file upload vulnerability in aviary-image-editor-add-on-for-gravity-forms/includes/upload.php. An unauthenticated user can upload any file to the system, including PHP files. upload.php does not check that the user is authenticated and a simple POST request will allow arbitrary...
CityPost PHP Image Editor M4 URI Parameter Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/13260/info CityPost Image Cropper/Resizer is affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'image-editor-52.php' script...
CityPost PHP Image Editor Imgsrc URI Parameter Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/13259/info CityPost Image Cropper/Resizer is affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'image-editor-52.php' script...
FreeVimager 4.1.0 Crash PoC
No description provided by source. !/usr/bin/perl FreeVimager 4.1.0 = WriteAV Arbitrary Code Execution Author: Jean Pascal Pereira [email protected] Vendor URI: http://www.contaware.com Vendor Decription: This is a Free & Fast Image Viewer and Editor for Windows. It can as well play avi video...
Sitefinity CMS (ASP.NET) Shell Upload Vulnerability
No description provided by source. ============================================================= Sitefinity CMS ASP.NET Shell Upload Vulnerability ============================================================= Exploit Title: Sitefinity CMS ASP.NET Shell Upload Vulnerability DDate: 16/11/2010 Autho...
CityPost PHP Image Editor M2 URI Parameter Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/13257/info CityPost Image Cropper/Resizer is affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'image-editor-52.php' script...
DEBIAN-CVE-2013-1913
Integer overflow in the loadimage function in file-xwd.c in the X Window Dump XWD plug-in in GIMP 2.6.9 and earlier, when used with glib before 2.24, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a large color entries value in an X Window Syste...
DEBIAN-CVE-2012-5576
Multiple stack-based buffer overflows in file-xwd.c in the X Window Dump XWD plug-in in GIMP 2.8.2 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via a large 1 red, 2 green, or 3 blue color mask in an XWD file...
plug-in): heap buffer overflow when loading external palette files
Heap-based buffer overflow in the KiSS CEL file format plug-in in GIMP 2.8.x and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted KiSS palette file, which triggers an "invalid free."...
SilverStripe CMS Pixlr Image Editor - upload.php Arbitrary File Upload
SilverStripe CMS Pixlr Image Editor - upload.php Arbitrary File Upload source: https://www.securityfocus.com/bid/54172/info Pixlr Image Editor is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplie...
Silverstripe Pixlr Image Editor 1.0.4 Shell Upload
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : 1337day.com 0 1 + Support e-mail :...