38 matches found
Path Traversal
Horde IMP is vulnerable to path traversal. The vulnerability is due to insufficient validation of img src URLs, where attackers can bypass the stripos prefix validation by appending traversal sequences after the matching prefix, and read sensitive files whose contents are then exfiltrated as MIME...
CVE-2026-58451 Horde IMP < 7.0.1 Path Traversal via Compose.php img src
Horde IMP before 7.0.1 contains a path traversal vulnerability in lib/Compose.php that allows authenticated attackers to read arbitrary files from the server filesystem by embedding traversal sequences after a CKEditor path prefix in img src URLs. Attackers can bypass the stripos prefix validatio...
EUVD-2006-2636
Malware in sbrugna...
WordPress plugin Primer MyData for Woocommerce 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
GHSA-RMV2-8JJC-23XW TCPDF Local File Inclusion vulnerability
Local File Inclusion LFI vulnerability has been discovered in TCPDF 6.7.5. This vulnerability enables a user to read arbitrary files from the server's file system through src tag, potentially exposing sensitive information...
TCPDF Local File Inclusion vulnerability
Local File Inclusion LFI vulnerability has been discovered in TCPDF 6.7.5. This vulnerability enables a user to read arbitrary files from the server's file system through src tag, potentially exposing sensitive information...
CVE-2024-51058
Local File Inclusion LFI vulnerability has been discovered in TCPDF 6.7.5. This vulnerability enables a user to read arbitrary files from the server's file system through src tag, potentially exposing sensitive information...
CVE-2024-51058
Local File Inclusion LFI vulnerability has been discovered in TCPDF 6.7.5. This vulnerability enables a user to read arbitrary files from the server's file system through src tag, potentially exposing sensitive information...
CVE-2024-51058
Local File Inclusion LFI vulnerability has been discovered in TCPDF 6.7.5. This vulnerability enables a user to read arbitrary files from the server's file system through src tag, potentially exposing sensitive information...
CVE-2024-51058
CVE-2024-51058 is a Local File Inclusion (LFI) vulnerability in TCPDF. Impact: reading arbitrary server files via an src tag. Affects TCPDF 6.7.5 (per initial description). Exploitation details are not provided beyond the LFI vector; no in‑the‑wild exploitation data is included in the supplied d...
SUSE CVE-2010-0168
The nsDocument::MaybePreLoadImage function in content/base/src/nsDocument.cpp in the image-preloading implementation in Mozilla Firefox 3.6 before 3.6.2 does not apply scheme restrictions and policy restrictions to the image's URL, which might allow remote attackers to cause a denial of service...
Design/Logic Flaw
An issue was discovered in Ignite Realtime Spark 2.8.3 and the ROAR plugin for it on Windows. A chat message can include an IMG element with a SRC attribute referencing an external host's IP address. Upon access to this external host, the NTLM hashes of the user are sent with the HTTP request. Th...
ds36.ru XSS vulnerability
Vulnerable URL: http://www.ds36.ru/firms/?text=%3Cimg%20src=x%20onerror=prompt%28/XSSPOSED/%29%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 25.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 1783484 Google Pagerank| 1 VIP...
UBUNTU-CVE-2014-4465
WebKit in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1 allows remote attackers to bypass the Same Origin Policy via crafted Cascading Style Sheets CSS token sequences within an SVG file in the SRC attribute of an IMG element...
Kmail <= 1.9.1 (IMG SRC) Remote Denial of Service Vulnerability
No description provided by source. nnp at silenthack.co.uk http://silenthack.co.uk Kmail = 1.9.1 latest suffers from a crash when trying to parse an incorrectly formatted img tag. HTML parsing must be enabled for this. This can be done by going to Settings - Configure Kmail -Security - and tick...
IBM HomePagePrint 1.0 7 Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/763/info Certain versions of the IBM Web page printout software IBM HomePagePrint can in some instances be remotely exploited by malicious webservers. The problem lies in a buffer overflow in the code which handles IMGSRC...
Vanilla Forums Van2Shout Plugin 1.0.51 - Multiple CSRF Vulnerabilities
No description provided by source. Exploit Title: Vanilla Forums = 2.0.18.8 & Van2Shout 1.0.51 Multiple CSRF Google Dork: n/a Date: 13/4/13 Exploit Author: Henry Hoggard Vendor Homepage: http://vanillaforums.org/ , http://vanillaforums.org/addon/van2shout-plugin Software Link:...
CVE-2009-1339
Cross-site request forgery CSRF vulnerability in TWiki before 4.3.1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that update pages, as demonstrated by a URL for a save script in the SRC attribute of an IMG element, a related issue to CVE-2009-1434...
CVE-2008-5402
Double free vulnerability in the XML parser in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a crafted XML expression, related to the "IMG SRC ID."...
Double free
Double free vulnerability in the XML parser in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a crafted XML expression, related to the "IMG SRC ID."...