45 matches found
SLims Code Issue Vulnerability
Slims9 Bulian is a free and open source software from the Indonesian Slims community. It is used for library resource management e.g. books, journals, digital files and other library materials and administration. A code issue vulnerability exists in SLims version 9.6.0, which stems from a...
Server-side Request Forgery (SSRF)
github.com/imgproxy/imgproxy is vulnerable to Server-Side Request Forgery SSRF. The vulnerability exists due to unsafe sanitation of the imageURL parameter, which allows an attacker to cause server-side request forgery...
GHSA-9X7H-GGC3-XG47 imgproxy is vulnerable to Server-Side Request Forgery
imgproxy prior to version 3.15.0 is vulnerable to Server-Side Request Forgery SSRF due to a lack of sanitization of the imageURL parameter...
CVE-2023-30019
imgproxy =3.14.0 is vulnerable to Server-Side Request Forgery SSRF due to a lack of sanitization of the imageURL parameter...
imgproxy 代码问题漏洞
imgproxy is imgproxy individual developer's fast and secure standalone server for tweaking and converting remote images. A security vulnerability exists in imgproxy version 3.14.0 and earlier versions, which stems from a lack of cleanup of the imageURL parameter...
PT-2023-22513 · Imgproxy · Imgproxy
Name of the Vulnerable Software and Affected Versions: imgproxy versions 3.14.0 and earlier imgproxy prior to version 3.15.0 Description: The issue is related to Server-Side Request Forgery SSRF due to a lack of sanitization of the imageURL parameter. This allows for potential exploitation...
CVE-2023-30019
imgproxy =3.14.0 is vulnerable to Server-Side Request Forgery SSRF due to a lack of sanitization of the imageURL parameter...
CVE-2023-30019
imgproxy =3.14.0 is vulnerable to Server-Side Request Forgery SSRF due to a lack of sanitization of the imageURL parameter...
CVE-2023-30019
imgproxy =3.14.0 is vulnerable to Server-Side Request Forgery SSRF due to a lack of sanitization of the imageURL parameter...
PT-2021-14692 · Jenkins · Jenkins Dashboard View Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Dashboard View Plugin versions 2.15 and earlier Jenkins Dashboard View Plugin versions prior to 2.16 Jenkins Dashboard View Plugin version 2.12.1 and earlier Description: The issue is related to a stored cross-site scripting XSS...
CVE-2021-29490
Jellyfin is a free software media system that provides media from a dedicated server to end-user devices via multiple apps. Verions prior to 10.7.3 vulnerable to unauthenticated Server-Side Request Forgery SSRF attacks via the imageUrl parameter. This issue potentially exposes both internal and...
Server side request forgery (ssrf)
Jellyfin is a free software media system that provides media from a dedicated server to end-user devices via multiple apps. Verions prior to 10.7.3 vulnerable to unauthenticated Server-Side Request Forgery SSRF attacks via the imageUrl parameter. This issue potentially exposes both internal and...
Emby Server Cross-Site Request Forgery Vulnerability
Emby Server is a personal media server software that supports storing, managing, and streaming personal media content with support for multiple device access. Emby Server suffers from a cross-site request forgery vulnerability that allows an attacker to use SSRF via the ImageURL parameter of...
CVE-2020-26948
Emby Server before 4.5.0 allows SSRF via the Items/RemoteSearch/Image ImageURL parameter...
Server side request forgery (ssrf)
Emby Server before 4.5.0 allows SSRF via the Items/RemoteSearch/Image ImageURL parameter...
CVE-2020-26948
The CVE-2020-26948 issue affects Emby Server prior to version 4.5.0. The Nuclei template confirms a server-side request forgery (SSRF) via the Items/RemoteSearch/Image ImageURL parameter. The vulnerability enables the server to make requests to internal resources, with the CVSS 3.1 vector CVSS:3....
WordPress Vertical Image Slider 1.0 CSRF / XSS
漏洞影响:Vertical Image Slider 1.0 https://wordpress.org/plugins/wp-vertical-image-slider/漏洞说明:Vertical Image Slider 1.0 对imagetitle和imageurl 变量没有进行过滤导致存在CSRF和XSS漏洞。问题代码:...
DjVu DjVu_ActiveX_MSOffice.dll ActiveX ComponentBuffer Overflow
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'DjVu...
Fedora 10 : mapserver-5.2.3-1.fc10 (2009-9243)
Changelog is: Changing imagepath and imageurl no longer allowed via URL 1836 New fix for incomplete CVE-2009-0840 security fix made in 5.2.2 2943 Fixed seg fault if font not found with label ANGLE FOLLOW 2973 Note that Tenable Network Security has extracted the preceding description block directl...
Buffer overflow
Buffer overflow in the DjVu ActiveX Control 3.0 for Microsoft Office DjVuActiveXMSOffice.dll allows remote attackers to execute arbitrary code via a long 1 ImageURL property, and possibly the 2 Mode, 3 Page, or 4 Zoom properties...