97 matches found
CVE-2016-10508
Multiple cross-site scripting XSS vulnerabilities in phpThumb before 1.7.14 allow remote attackers to inject arbitrary web script or HTML via parameters in demo/phpThumb.demo.showpic.php...
phpThumb Server-Side Request Forgery Vulnerability
phpThumb is a PHP class used to generate thumbnails of images. Versions of phpThumb prior to 1.7.12 configure the disabledebug option with a default value of false, which allows remote attackers to perform server-side request forgery SSRF attacks via the src parameter...
CVE-2013-6919
The default configuration of phpThumb before 1.7.12 has a false value for the disabledebug option, which allows remote attackers to conduct Server-Side Request Forgery SSRF attacks via the src parameter...
Server side request forgery (ssrf)
The default configuration of phpThumb before 1.7.12 has a false value for the disabledebug option, which allows remote attackers to conduct Server-Side Request Forgery SSRF attacks via the src parameter...
CVE-2013-6919
The CVE-2013-6919 issue affects phpThumb prior to 1.7.12, where the default disable_debug option is incorrectly configured as false, enabling remote attackers to trigger Server-Side Request Forgery (SSRF) via the src parameter. Documented sources confirm the vulnerability condition (default confi...
CVE-2013-6919
The default configuration of phpThumb before 1.7.12 has a false value for the disabledebug option, which allows remote attackers to conduct Server-Side Request Forgery SSRF attacks via the src parameter...
thegeneanddaveshow.com XSS vulnerability
Open Bug Bounty ID: OBB-48401 Description| Value ---|--- Affected Website:| thegeneanddaveshow.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention...
Plogger Remote File Disclosure Vulnerability
No description provided by source. Plogger Remote File Disclosure Vulnerability http://www.plogger.org/ dork : Powered by Plogger! author: Mr.tro0oqy yemeni hacker email : [email protected] exp : Line 117: if $fpsource = @fopen$GET'src','rb'...
iManager Plugin 1.2.8 (lang) - Local File Inclusion Vulnerability
No description provided by source. iManager Plugin v1.2.8 lang Local File Inclusion Vulnerability Vendor: net4visions.com Product web page: http://www.net4visions.com Affected version: = 1.2.8 Build 02012008 Summary: With iManager you can manage your files/images on your webserver, and it provide...
Joomla com_flexicontent远程代码执行漏洞
Joomla是一款内容管理系统。 该漏洞是包含在comflexicontent包中的phpthumb已知漏洞,参数被传递到“ImageMagickThumbnailToGD”时,在"SafeExec"函数被利用。 0 Joomla comflexicontent =2.1.3 目前厂商暂无提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.joomla.org/ ---- POC: Windows-...
Joomla Flexicontent Remote Code Execution Vulnerability
Joomla Flexicontent component suffers from a code execution vulnerability due to the inclusion of phpthumb. Exploit Title: Joomla comflexicontent Remote Code Execution Release Date: 08/12/2013 Author: Deepankar Arora And Rafay Baloch Contact: http://rafayhackingarticles.net Vendor:...
Joomla Flexicontent Remote Code Execution
Exploit Title: Joomla comflexicontent Remote Code Execution Release Date: 08/12/2013 Author: Deepankar Arora And Rafay Baloch Contact: http://rafayhackingarticles.net Vendor: http://www.flexicontent.org/ Versions Affected: 2.1.3Latest and earlier Google Dork: inurl:comflexicontent ---- Descriptio...
phpThumb 1.7.12 Server Side Request Forgery
phpThumb 'phpThumbDebug' Server Side Request Forgery Google Dork: inurl:phpThumb.php Author: Rafay Baloch And Deepanker Arora Company: RHA InfoSEC Impact: High Vendor: http://phpthumb.sourceforge.net/download Version: 1.7.12 Status: Reported And Fixed =========== Description =========== A server...
PHPThumb - PHPThumb.php Arbitrary File Upload
PHPThumb - PHPThumb.php Arbitrary File Upload source: https://www.securityfocus.com/bid/64041/info phpThumb is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because it fails to properly validate file extensions before uploading them. An attacker may leverag...
PHPThumb - 'PHPThumb.php' Arbitrary File Upload
source: https://www.securityfocus.com/bid/64041/info phpThumb is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because it fails to properly validate file extensions before uploading them. An attacker may leverage this issue to upload arbitrary files to the...
phpThumb v. <= 1.7.9 Remote Command Injection Exploit
This code exploits a Remote Command Injection vulnerability in phpThumb that allows attackers to upload a shell automatically.. !/usr/bin/perl Exploit Title: phpThumb v. http://mobileworld24.pl/wp-content/themes/mobileworld24/inc/phpThumb/ use LWP::UserAgent; use HTTP::Request; $target = $ARGV0;...
Wordpress post-gallery Plugin Xss vulnerabilities
The Wordpress post-gallery Plugin suffers from a Cross-Site Scripting vulnerability. Iranian Exploit DataBase Forum http://iedb.ir/acc http://iedb.ir Exploit Title : Wordpress post-gallery Plugin Xss vulnerabilities Author : Iranian Exploit DataBase Discovered By : IeDb Email : [email protected]...
CVE-2012-2910
Multiple cross-site scripting XSS vulnerabilities in SiliSoftware phpThumb 1.7.11 allow remote attackers to inject arbitrary web script or HTML via the 1 dir parameter to demo/phpThumb.demo.random.php or 2 title parameter to demo/phpThumb.demo.showpic.php...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in SiliSoftware phpThumb 1.7.11 allow remote attackers to inject arbitrary web script or HTML via the 1 dir parameter to demo/phpThumb.demo.random.php or 2 title parameter to demo/phpThumb.demo.showpic.php...
CVE-2012-2910
Multiple cross-site scripting XSS vulnerabilities in SiliSoftware phpThumb 1.7.11 allow remote attackers to inject arbitrary web script or HTML via the 1 dir parameter to demo/phpThumb.demo.random.php or 2 title parameter to demo/phpThumb.demo.showpic.php...