CVE-2017-18439

cPanel before 64.0.21 allows demo accounts to execute code via an ImageManagerdimensions API call SEC-243...

EUVD-2006-3745

Malware in sbrugna...

EUVD-2017-9555

Malware in sbrugna...

in flarum/framework

✍️ Description Avatar URL from OAuth registration is passed to Intervention Image's ImageManager::make function without any validation on URL. Since ImageManager::make allows relative path to read file, it is possible to inject arbitrary inputs like storage/somefile.jpg or even absolute paths like...

Cross site scripting

Cross-Site Scripting XSS in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in plugins/ExtendedFileManager/manager.php and plugins/ImageManager/manager.php...

CVE-2011-1135

Cross-Site Scripting XSS in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in plugins/ExtendedFileManager/manager.php and plugins/ImageManager/manager.php...

CVE-2011-1135

Removed by vendor...

Dokeos 1.8.6.1 / 1.8.6.3 Arbitrary File Upload Exploit

Exploit for php platform in category web applications Exploit Title: Dokeos 1.8.6.3 and 1.8.6.1- Arbitrary File Upload Google Dork: "Plateforme Dokeos 1.8.6.3 " or 1.8.6.1 Exploit Author: Sohel Yousef Jellyfish security team Vendor Homepage: https://www.dokeos.com/ Software Link:...

Dokeos 1.8.6.1 / 1.8.6.3 Arbitrary File Upload

Exploit Title: Dokeos 1.8.6.3 and 1.8.6.1- Arbitrary File Upload Google Dork: "Plateforme Dokeos 1.8.6.3 " or 1.8.6.1 Date: 17/09/2019 Exploit Author: Sohel Yousef Jellyfish security team Vendor Homepage: https://www.dokeos.com/ Software Link: https://www.dokeos.com/ Version: 1.8.6.3 - 1.8.6.1...

CVE-2017-12139

XOOPS Core 2.5.8 has stored XSS in imagemanager.php because of missing MIME type validation in htdocs/class/uploader.php...

CVE-2017-12139

XOOPS Core 2.5.8 has stored XSS in imagemanager.php because of missing MIME type validation in htdocs/class/uploader.php...

CVE-2017-11723

Directory traversal vulnerability in plugins/ImageManager/backend.php in Xinha 0.96, as used in Jojo 4.4.0, allows remote attackers to delete any folder via directory traversal sequences in the deld parameter...

CVE-2017-11723

CVE-2017-11723 affects Xinha 0.96 (as used in Jojo 4.4.0) via the plugins/ImageManager/backend.php component. The underlying issue is a directory traversal vulnerability in the deld parameter, which allows a remote attacker to delete arbitrary folders. No exploitation details are provided in the ...

CVE-2017-11723

Directory traversal vulnerability in plugins/ImageManager/backend.php in Xinha 0.96, as used in Jojo 4.4.0, allows remote attackers to delete any folder via directory traversal sequences in the deld parameter...

Image Manager - Shell Upload

The ImageManager WordPress plugin was affected by a Shell Upload security vulnerability...

HTMLArea3 Mambo Module <= 1.5 - Remote Include Vulnerability

No description provided by source. HTMLArea3 addon - ImageManager Author : Ahmad Maulana a.k.a Matdhule Date : July 12th 2006 Location : Indonesia, Jakarta Web : http://advisories.echo.or.id/adv/adv38-matdhule-2006.txt Critical Lvl : Highly critical Impact : System access Where : From Remote...

webAsyst Plugins ImageManager Shell Upload Vulnerability

Exploit for windows platform in category web applications...

Image Uploader Shell Upload

Exploit Title : Image uploader Neturf File Upload Vulnerability + Google Dork : intext:"Powered by: Neturf" inurl:/index.php?Action= + Date : 14/09/2013 + Exploit Author : IranianDarkCodersTeam + Discovered By : am22Hacker Pir + Exploit By : Black.Hack3r + Home : http://www.idc-team.net +...

tinymcpuk xss vulnerability

================================================================= tinymcpuk xss vulnerability ================================================================= Exploit Title: tinymcpuk xss vulnerability Google Dork: n/a Date: 1/12/2012 GMT+7 Exploit Author: eidelweiss @randyarios Vendor Homepage:...

CVE-2012-5450

Cross-site request forgery CSRF vulnerability in lib/filemanager/imagemanager/images.php in CMS Made Simple CMSMS 1.11.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that delete arbitrary files via the deld parameter...