75 matches found
CVE-2018-19047
mPDF through 7.1.6, if deployed as a web application that accepts arbitrary HTML, allows SSRF, as demonstrated by a 'img src="http://192.168' substring that triggers a call to getImage in Image/ImageProcessor.php. NOTE: the software maintainer disputes this, stating "If you allow users to pass HT...
CVE-2018-19047
mPDF through 7.1.6, if deployed as a web application that accepts arbitrary HTML, allows SSRF, as demonstrated by a 'img src="http://192.168' substring that triggers a call to getImage in Image/ImageProcessor.php. NOTE: the software maintainer disputes this, stating "If you allow users to pass HT...
CVE-2018-19047
mPDF through 7.1.6, if deployed as a web application that accepts arbitrary HTML, allows SSRF, as demonstrated by a 'img src="http://192.168' substring that triggers a call to getImage in Image/ImageProcessor.php. NOTE: the software maintainer disputes this, stating "If you allow users to pass HT...
CVE-2018-19047
mPDF through 7.1.6, if deployed as a web application that accepts arbitrary HTML, allows SSRF, as demonstrated by a 'img src="http://192.168' substring that triggers a call to getImage in Image/ImageProcessor.php. NOTE: the software maintainer disputes this, stating "If you allow users to pass HT...
CVE-2018-19047
CVE-2018-19047 concerns mPDF up to version 7.1.6 where SSRF is possible when mPDF is deployed as a web app that accepts arbitrary HTML. The credible details across connected docs describe an SSRF path demonstrated by an <img src="http://192.168…> trigger calling getImage in Image/ImageProce...
PT-2018-14766 · Mpdf · Mpdf
Name of the Vulnerable Software and Affected Versions: mPDF versions prior to 7.1.7 Description: The issue allows for Server-Side Request Forgery SSRF if mPDF is deployed as a web application that accepts arbitrary HTML. This can be demonstrated by an substring that triggers a call to getImage in...
mPDF <= 5.3 File Disclosure
No description provided by source. Exploit Title: mPDF = 5.3 File Disclosure Google Dork: Please no dork Date: 16th December 2011 Author: ZadYree Software Link: http://www.mpdf1.com/mpdf/download Version: 5.3 and prior Tested on: Multiple CVE : N/A !/usr/bin/perl -U =head1 TITLE mPDF = 5.3 File...
CVE-2011-5219
Directory traversal vulnerability in examples/showcode.php in mPDF 5.3 and earlier allows remote attackers to read arbitrary files via a .. dot dot in the filename parameter...
Directory traversal
Directory traversal vulnerability in examples/showcode.php in mPDF 5.3 and earlier allows remote attackers to read arbitrary files via a .. dot dot in the filename parameter...
CVE-2011-5219
Directory traversal vulnerability in examples/showcode.php in mPDF 5.3 and earlier allows remote attackers to read arbitrary files via a .. dot dot in the filename parameter...
CVE-2011-5219
CVE-2011-5219: A directory traversal flaw affects mPDF
mPDF <= 5.3 file disclosure and fix-vulnerability warning-the black bar safety net
Title: mPDF = 5.3 File Disclosure Author: ZadYree Download address: http://www.mpdf1.com/mpdf/download Affected versions: 5.3 and prior Test platform: multiple !/ usr/bin/perl-U =head1 TITLE mPDF = 5.3 File Disclosure Exploit 0day =head2 SYNOPSIS -- examples/showcode.php --...
mPDF 5.3 File Disclosure
Exploit Title: mPDF = 5.3 File Disclosure Google Dork: Please no dork Date: 16th December 2011 Author: ZadYree Software Link: http://www.mpdf1.com/mpdf/download Version: 5.3 and prior Tested on: Multiple CVE : N/A !/usr/bin/perl -U =head1 TITLE mPDF = 5.3 File Disclosure Exploit 0day =head2...
mPDF 5.3 - File Disclosure
mPDF 5.3 - File Disclosure Exploit Title: mPDF 1; use c...
mPDF <= 5.3 File Disclosure
Exploit for php platform in category web applications Exploit Title: mPDF = 5.3 File Disclosure Google Dork: Please no dork Date: 16th December 2011 Author: ZadYree Software Link: http://www.mpdf1.com/mpdf/download Version: 5.3 and prior Tested on: Multiple CVE : N/A !/usr/bin/perl -U =head1 TITL...