CVE-2023-46865

/api/v1/company/upload-logo in CompanyController.php in crater through 6.0.6 allows a superadmin to execute arbitrary PHP code by placing this code into an image/png IDAT chunk of a Company Logo image...

Medical Hub Directory Site 1.0 Shell Upload

Title: Medical Hub Directory Site 1.0 Shell Upload Author: Hejap Zairy Date: 30.07.2022 Vendor: https://www.sourcecodester.com/php/15252/simple-medical-hub-directory-site-phpoop-source-code.html Software:https://www.sourcecodester.com/sites/default/files/download/oretnom23/mhds.zip Reference:...

Cross-site Scripting (XSS)

October CMS is vulnerable to cross-site scripting XSS attacks. The library does not properly sanitize the brand logo image name, allowing a malicious user to inject and execute arbitrary Javascript...

CVE-2017-1000193

October CMS build 412 is vulnerable to stored WCI a.k.a XSS in brand logo image name resulting in JavaScript code execution in the victim's browser...

Batch Picture Watemark 1.0 (.jpg File) Local Crash PoC

Exploit for unknown platform in category dos / poc ====================================================== Batch Picture Watemark 1.0 .jpg File Local Crash PoC ====================================================== Anti-Security Research Team & Security Institute + Bug : Batch Picture Watemark v1....