CVE-2012-2910

CVE-2012-2910 affects SiliSoftware phpThumb() version 1.7.11. The vulnerability is a cross-site scripting (XSS) flaw: remote attackers can inject arbitrary web script or HTML via the following user-supplied parameters in demo/phpThumb.demo.* scripts: (1) dir in phpThumb.demo.random.php and (2) ti...

SiliSoftware PHPThumb() 1.7.11-201108081537 - demoPHPThumb.demo.random.php?dir Cross-Site Scripting

SiliSoftware PHPThumb 1.7.11-201108081537 - demoPHPThumb.demo.random.php?dir Cross-Site Scripting source: https://www.securityfocus.com/bid/53572/info phpThumb is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may...

phpThumb() v1.7.11 (dir & title) Cross-Site Scripting Vulnerability

Summary phpThumb uses the GD library to create thumbnails from images JPEG, PNG, GIF, BMP, etc on the fly. The output size is configurable can be larger or smaller than the source, and the source may be the entire image or only a portion of the original image. Description phpThumb is prone to a...

SiliSoftware PHPThumb() 1.7.11-201108081537 - '/demo/PHPThumb.demo.showpic.php?title' Cross-Site Scripting

source: https://www.securityfocus.com/bid/53572/info phpThumb is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the...

SiliSoftware phpThumb() 1.7.11 Cross Site Scripting

phpThumb v1.7.11 dir & title Cross-Site Scripting Vulnerability Vendor: SiliSoftware Product web page: http://www.silisoftware.com Affected version: 1.7.11-201108081537 Summary: phpThumb uses the GD library to create thumbnails from images JPEG, PNG, GIF, BMP, etc on the fly. The output size is...

phpThumb() v1.7.11 (dir & title) Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications phpThumb v1.7.11 dir & title Cross-Site Scripting Vulnerability Vendor: SiliSoftware Product web page: http://www.silisoftware.com Affected version: 1.7.11-201108081537 Summary: phpThumb uses the GD library to create thumbnails from images JPE...

SiliSoftware PHPThumb() 1.7.11-201108081537 - '/demo/PHPThumb.demo.random.php?dir' Cross-Site Scripting

source: https://www.securityfocus.com/bid/53572/info phpThumb is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the...

SiliSoftware PHPThumb() 1.7.11-201108081537 - demoPHPThumb.demo.showpic.php?title Cross-Site Scripting

SiliSoftware PHPThumb 1.7.11-201108081537 - demoPHPThumb.demo.showpic.php?title Cross-Site Scripting source: https://www.securityfocus.com/bid/53572/info phpThumb is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may...

iBrowser Plugin 1.4.1 Cross Site Scripting

iBrowser Plugin v1.4.1 dir Remote Cross-Site Scripting Vulnerability Vendor: net4visions.com Product web page: http://www.net4visions.com Affected version: alert'zsl' http://SOMECMS/jscripts/tinymce/plugins/ibrowser/scripts/phpThumb/demo/phpThumb.demo.random.php?dir=alert'zsl'...

iManager Plugin 1.2.8 Arbitrary File Deletion

iManager Plugin v1.2.8 d Remote Arbitrary File Deletion Vulnerability Vendor: net4visions.com Product web page: http://www.net4visions.com Affected version: = 1.2.8 Build 02012008 Summary: With iManager you can manage your files/images on your webserver, and it provides user interface to most of...

iGallery Plugin 1.0.0 Cross Site Scripting

iGallery Plugin v1.0.0 dir Remote Cross-Site Scripting Vulnerability Vendor: net4visions.com Product web page: http://www.net4visions.com Affected version: 1.0.0 Summary: iGallery uses MooTools - image resizing done dynamically using phpThumb - resized images are cached. Desc: iGallery suffers fr...

iManager Plugin 1.2.8 - lang Local File Inclusion

iManager Plugin 1.2.8 - lang Local File Inclusion iManager Plugin v1.2.8 lang Local File Inclusion Vulnerability Vendor: net4visions.com Product web page: http://www.net4visions.com Affected version: lang.'.php' ; 70: $this - charset = $langcharset; 71: $this - dir = $langdirection; 72: $this -...

iManager Plugin 1.2.8 - 'd' Arbitrary File Deletion

iManager Plugin v1.2.8 d Remote Arbitrary File Deletion Vulnerability Vendor: net4visions.com Product web page: http://www.net4visions.com Affected version: = 1.2.8 Build 02012008 Summary: With iManager you can manage your files/images on your webserver, and it provides user interface to most of...

iBrowser Plugin 1.4.1 - 'lang' Local File Inclusion

iBrowser Plugin v1.4.1 lang Local File Inclusion Vulnerability Vendor: net4visions.com Product web page: http://www.net4visions.com Affected version: lang.'.php' ; 70: $this - charset = $langcharset; 71: $this - dir = $langdirection; 72: $this - langdata = $langdata; 73: unset $langdata ; 74:...

iGallery Plugin v1.0.0 (dir) Remote Cross-Site Scripting Vulnerability

Summary iGallery uses MooTools - image resizing done dynamically using phpThumb - resized images are cached. Description iGallery suffers from a XSS vulnerability when parsing user input to the 'dir' parameter via GET method in '/scripts/pthumb/demo/phpThumb.demo.random.php'. Attackers can exploi...

iBrowser Plugin v1.4.1 (dir) Remote Cross-Site Scripting Vulnerability

Summary iBrowser is an image browser plugin for WYSIWYG editors like tinyMCE, SPAW, htmlAREA, Xinha and FCKeditor developed by net4visions. It allows image browsing, resizing on upload, directory management and more with the integration of the phpThumb image library. Description iBrowser suffers...

iBrowser Plugin 1.4.1 Local File Inclusion

iBrowser Plugin v1.4.1 lang Local File Inclusion Vulnerability Vendor: net4visions.com Product web page: http://www.net4visions.com Affected version: lang.'.php' ; 70: $this - charset = $langcharset; 71: $this - dir = $langdirection; 72: $this - langdata = $langdata; 73: unset $langdata ; 74:...

iBrowser Plugin v1.4.1 (lang) Local File Inclusion Vulnerability

Exploit for php platform in category web applications iBrowser Plugin v1.4.1 lang Local File Inclusion Vulnerability Vendor: net4visions.com Product web page: http://www.net4visions.com Affected version: lang.'.php' ; 70: $this - charset = $langcharset; 71: $this - dir = $langdirection; 72: $this...

phpThumb 'phpThumbDebug' Information Disclosure

No description provided by source. Exploit Title: phpThumb 'phpThumbDebug' Information Disclosure Google Dork: inurl:phpThumb.php Date: 06/05/2011 Author: mook Software Link: http://phpthumb.sourceforge.net/download Version: 1.7.9 Tested on: linux Vulnerability: Information disclosure which...

phpThumb - 'phpThumbDebug' Information Disclosure

Exploit Title: phpThumb 'phpThumbDebug' Information Disclosure Google Dork: inurl:phpThumb.php Date: 06/05/2011 Author: mook Software Link: http://phpthumb.sourceforge.net/download Version: 1.7.9 Tested on: linux Vulnerability: Information disclosure which includes absolute system paths, os...