EUVD-2006-2636

Malware in sbrugna...

WordPress plugin Primer MyData for Woocommerce 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

GHSA-RMV2-8JJC-23XW TCPDF Local File Inclusion vulnerability

Local File Inclusion LFI vulnerability has been discovered in TCPDF 6.7.5. This vulnerability enables a user to read arbitrary files from the server's file system through src tag, potentially exposing sensitive information...

TCPDF Local File Inclusion vulnerability

Local File Inclusion LFI vulnerability has been discovered in TCPDF 6.7.5. This vulnerability enables a user to read arbitrary files from the server's file system through src tag, potentially exposing sensitive information...

CVE-2024-51058

Local File Inclusion LFI vulnerability has been discovered in TCPDF 6.7.5. This vulnerability enables a user to read arbitrary files from the server's file system through src tag, potentially exposing sensitive information...

CVE-2024-51058

CVE-2024-51058 is a Local File Inclusion (LFI) vulnerability in TCPDF. Impact: reading arbitrary server files via an src tag. Affects TCPDF 6.7.5 (per initial description). Exploitation details are not provided beyond the LFI vector; no in‑the‑wild exploitation data is included in the supplied d...

CVE-2024-51058

Local File Inclusion LFI vulnerability has been discovered in TCPDF 6.7.5. This vulnerability enables a user to read arbitrary files from the server's file system through src tag, potentially exposing sensitive information...

CVE-2024-51058

Local File Inclusion LFI vulnerability has been discovered in TCPDF 6.7.5. This vulnerability enables a user to read arbitrary files from the server's file system through src tag, potentially exposing sensitive information...

SUSE CVE-2010-0168

The nsDocument::MaybePreLoadImage function in content/base/src/nsDocument.cpp in the image-preloading implementation in Mozilla Firefox 3.6 before 3.6.2 does not apply scheme restrictions and policy restrictions to the image's URL, which might allow remote attackers to cause a denial of service...

Design/Logic Flaw

An issue was discovered in Ignite Realtime Spark 2.8.3 and the ROAR plugin for it on Windows. A chat message can include an IMG element with a SRC attribute referencing an external host's IP address. Upon access to this external host, the NTLM hashes of the user are sent with the HTTP request. Th...

ds36.ru XSS vulnerability

Vulnerable URL: http://www.ds36.ru/firms/?text=%3Cimg%20src=x%20onerror=prompt%28/XSSPOSED/%29%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 25.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 1783484 Google Pagerank| 1 VIP...

UBUNTU-CVE-2014-4465

WebKit in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1 allows remote attackers to bypass the Same Origin Policy via crafted Cascading Style Sheets CSS token sequences within an SVG file in the SRC attribute of an IMG element...

Vanilla Forums Van2Shout Plugin 1.0.51 - Multiple CSRF Vulnerabilities

No description provided by source. Exploit Title: Vanilla Forums = 2.0.18.8 & Van2Shout 1.0.51 Multiple CSRF Google Dork: n/a Date: 13/4/13 Exploit Author: Henry Hoggard Vendor Homepage: http://vanillaforums.org/ , http://vanillaforums.org/addon/van2shout-plugin Software Link:...

IBM HomePagePrint 1.0 7 Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/763/info Certain versions of the IBM Web page printout software IBM HomePagePrint can in some instances be remotely exploited by malicious webservers. The problem lies in a buffer overflow in the code which handles IMGSRC...

Kmail <= 1.9.1 (IMG SRC) Remote Denial of Service Vulnerability

No description provided by source. nnp at silenthack.co.uk http://silenthack.co.uk Kmail = 1.9.1 latest suffers from a crash when trying to parse an incorrectly formatted img tag. HTML parsing must be enabled for this. This can be done by going to Settings - Configure Kmail -Security - and tick...

CVE-2009-1339

Cross-site request forgery CSRF vulnerability in TWiki before 4.3.1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that update pages, as demonstrated by a URL for a save script in the SRC attribute of an IMG element, a related issue to CVE-2009-1434...

CVE-2008-5402

Double free vulnerability in the XML parser in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a crafted XML expression, related to the "IMG SRC ID."...

Double free

Double free vulnerability in the XML parser in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a crafted XML expression, related to the "IMG SRC ID."...

CVE-2008-5402

Trillian has a CVE-2008-5402 vulnerability: a double-free in the XML parser before version 3.1.12.0 can enable remote code execution via crafted XML (notably the IMG SRC ID payload). Public sources (ZDI-08-078, OpenVAS entries, and NVD record) corroborate a remote memory corruption/ARiC condition...

Novell GroupWise Client IMG SRC buffer overflow

Added: 01/15/2008 CVE: CVE-2007-6435 BID: 26875 OSVDB: 40870 Background Novell GroupWise is an e-mail and collaboration product suite. Problem A buffer overflow vulnerability in the GroupWise client allows command execution when a user replies to or forwards a message containing an IMG tag with a...