98 matches found
CVE-2025-54175 Reflected Cross-Site Scripting in QuickCMS.EXT
QuickCMS.EXT is vulnerable to Reflected XSS in sFileName parameter in thumbnail viewer functionality. An attacker can craft a malicious URL that results in arbitrary JavaScript execution in the victim's browser when opened. The vendor was notified early about this vulnerability, but didn't respon...
Linux Distros Unpatched Vulnerability : CVE-2023-36674
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, 1.39.x before 1.39.4, and 1.40.x before 1.40.1. It is possible to bypa...
CVE-2018-9379
In multiple functions of MiniThumbFile.java, there is a possible way to view the thumbnails of deleted photos due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
PT-2025-19322
Name of the Vulnerable Software and Affected Versions Synology Router Manager SRM affected versions not specified FileStation affected versions not specified Description A security issue exists in Synology Router Manager SRM related to insufficient protection of service data. Remote attackers may...
CVE-2025-1186
A vulnerability was found in dayrui XunRuiCMS up to 4.6.4. It has been declared as critical. This vulnerability affects unknown code of the file /Control/Api/Api.php. The manipulation of the argument thumb leads to deserialization. The attack can be initiated remotely. The exploit has been...
XunRuiCMS 代码问题漏洞
XunRuiCMS XunRuiCMS is a content management system for individual developers of XunRuiCMS. A code issue vulnerability exists in XunRuiCMS version 4.6.4 and prior versions, which stems from a deserialization issue contained in the thumb parameter of /Control/Api/Api.php...
CVE-2018-9379
In multiple functions of MiniThumbFile.java, there is a possible way to view the thumbnails of deleted photos due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
SUSE CVE-2021-47618
In the Linux kernel, the following vulnerability has been resolved: ARM: 9170/1: fix panic when kasan and kprobe are enabled arm32 uses software to simulate the instruction replaced by kprobe. some instructions may be simulated by constructing assembly functions. therefore, before executing...
MajorDoMo 安全漏洞
MajorDoMo is an open source DIY smart home automation platform from the MajorDoMo community. A security vulnerability exists in versions prior to MajorDoMo v.0662e5e. An attacker exploited the vulnerability to escalate privileges via the thumb/thumb.php component...
CVE-2024-29810
The thumburl parameter of the AJAX call to the editimagebwg action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the thumburl parameter is embedded within an existing JavaScript within the response allowing arbitrary JavaScript to be inserted and executed. The...
PT-2024-23056 · WordPress · Admin-Ajax.Php
Name of the Vulnerable Software and Affected Versions: admin-ajax.php affected versions not specified Description: The issue concerns a reflected Cross Site Scripting vulnerability in the thumb url parameter of the AJAX call to the editimage bwg action of admin-ajax.php. This allows an attacker t...
The vulnerability of the implementation of the thumb.php script module on the thumb platform for creating the “Smart Home” MajorDoMo system allows a violator to execute arbitrary commands.
The vulnerability of the thumb.php script implementation in the thumb module of the “Smart Home” MajorDoMo platform is related to the lack of measures taken at the control level to clean data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
CVE-2023-50917
MajorDoMo aka Major Domestic Module before 0662e5e allows command execution via thumb.php shell metacharacters. NOTE: this is unrelated to the Majordomo mailing-list manager...
PT-2023-7967 · Majordomo · Majordomo
Name of the Vulnerable Software and Affected Versions: MajorDoMo version before 0662e5e Description: The issue is related to the thumb.php module in MajorDoMo, which allows command execution via shell metacharacters. This can be exploited by a remote attacker to execute arbitrary commands. The...
CVE-2023-36674
An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, 1.39.x before 1.39.4, and 1.40.x before 1.40.1. It is possible to bypass the Bad image list aka badFile by using the thumb parameter aka Manualthumb of the File syntax...
DEBIAN-CVE-2023-36674
An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, 1.39.x before 1.39.4, and 1.40.x before 1.40.1. It is possible to bypass the Bad image list aka badFile by using the thumb parameter aka Manualthumb of the File syntax...
UBUNTU-CVE-2023-36674
An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, 1.39.x before 1.39.4, and 1.40.x before 1.40.1. It is possible to bypass the Bad image list aka badFile by using the thumb parameter aka Manualthumb of the File syntax...
PT-2023-25673 · Mediawiki +1 · Mediawiki +1
Name of the Vulnerable Software and Affected Versions: MediaWiki versions prior to 1.35.11 MediaWiki versions 1.36.x through 1.38.x before 1.38.7 MediaWiki versions 1.39.x before 1.39.4 MediaWiki versions 1.40.x before 1.40.1 Description: An issue was discovered in MediaWiki. It is possible to...
FreeBSD : mediawiki -- multiple vulnerabilities (95dad123-180e-11ee-86ba-080027eda32c)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 95dad123-180e-11ee-86ba-080027eda32c advisory. - guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Affected versions are...
What Old is New Again and What's Old is Me?
Welcome to this weeks edition of the Threat Source newsletter. Whats old is new again and whats old is still old. The fact that we are seeing a comeback of this USB thumb drive nonsense is giving me heartburn, and a headache, and my left eye is twitching … and maybe numbness in my legs? Yes, I am...