Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
exif vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2019-15740
An issue exists in GitLab Community and Enterprise Edition 7.9 up to and including 12.2.1. EXIF Geolocation data was not being removed from certain image uploads.
Gitlab Gitlab
NA
CVE-2005-3883
CRLF injection vulnerability in the mb_send_mail function in PHP prior to 5.1.0 might allow remote malicious users to inject arbitrary e-mail headers via line feeds (LF) in the "To" address argument.
Php Php 4.0.7
Php Php 4.1.0
Php Php 4.2
Php Php 4.3.0
Php Php 4.3.1
Php Php 4.3.6
Php Php 4.3.7
Php Php 5.0.2
Php Php 5.0.3
Php Php 4.1.1
Php Php 4.1.2
Php Php 4.3.10
Php Php 4.3.11
Php Php 4.3.8
Php Php 4.3.9
Php Php 5.0.4
Php Php 5.0.5
Php Php 4.2.2
Php Php 4.2.3
Php Php 4.3.4
Php Php 4.3.5
Php Php 5.0.0
NA
CVE-2005-2676
Cross-site scripting (XSS) vulnerability in displayimage.php in Coppermine Photo Gallery prior to 1.3.4 allows remote malicious users to inject arbitrary web script or HTML via EXIF data.
Coppermine Coppermine Photo Gallery 1.0 Rc3
Coppermine Coppermine Photo Gallery 1.1 .0
Coppermine Coppermine Photo Gallery 1.3
Coppermine Coppermine Photo Gallery 1.3.2
Coppermine Coppermine Photo Gallery 1.3.3
Coppermine Coppermine Photo Gallery 1.1 Beta 2
Coppermine Coppermine Photo Gallery 1.2.1
Coppermine Coppermine Photo Gallery 1.2
Coppermine Coppermine Photo Gallery 1.2.2 B
9.1
CVSSv3
CVE-2019-11036
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash.
Php Php
Fedoraproject Fedora 28
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Redhat Software Collections 1.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
Canonical Ubuntu Linux 19.04
Canonical Ubuntu Linux 14.04
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Opensuse Leap 42.3
Opensuse Leap 15.0
Opensuse Leap 15.1
NA
CVE-2005-2735
Cross-site scripting (XSS) vulnerability in phpGraphy 0.9.9a and previous versions allows remote malicious users to inject arbitrary web script or HTML via EXIF data, such as the Camera Model Tag.
Phpgraphy Phpgraphy 0.9.9a
NA
CVE-2005-2736
Cross-site scripting (XSS) vulnerability in YaPig 0.95 and previous versions allows remote malicious users to inject arbitrary web script or HTML via EXIF data, such as the Camera Model Tag.
Yapig Yapig 0.92b
Yapig Yapig 0.93u
Yapig Yapig 0.94u
Yapig Yapig 0.95
Yapig Yapig 0.95b
NA
CVE-2005-2737
Cross-site scripting (XSS) vulnerability in PhotoPost PHP Pro 5.1 allows remote malicious users to inject arbitrary web script or HTML via EXIF data, such as the Camera Model Tag.
Photopost Photopost Php Pro 5.1
7.5
CVSSv3
CVE-2023-29850
SENAYAN Library Management System (SLiMS) Bulian v9.5.2 does not strip exif data from uploaded images. This allows malicious users to obtain information such as the user's geolocation and device information.
Slims Senayan Library Management System 9.5.2
7.8
CVSSv3
CVE-2016-3822
exif.c in Matthias Wandel jhead 2.87, as used in libjhead in Android 4.x prior to 4.4.4, 5.0.x prior to 5.0.2, 5.1.x prior to 5.1.1, and 6.x prior to 2016-08-01, allows remote malicious users to execute arbitrary code or cause a denial of service (out-of-bounds access) via crafte...
Google Android 6.0.1
Google Android 6.0
Google Android 4.1.2
Google Android 4.1
Google Android 4.0.4
Google Android 4.0.3
Google Android 5.1.0
Google Android 5.0.1
Google Android 4.3
Google Android 4.2.1
Google Android 4.0.1
Google Android 4.4.3
Google Android 4.4.2
Google Android 4.4.1
Google Android 4.4
Google Android 5.1
Google Android 5.0
Google Android 4.3.1
Google Android 4.2.2
Google Android 4.2
Google Android 4.0.2
Google Android 4.0
9.8
CVSSv3
CVE-2018-12882
exif_read_from_impl in ext/exif/exif.c in PHP 7.2.x up to and including 7.2.7 allows malicious users to trigger a use-after-free (in exif_read_from_file) because it closes a stream that it is not responsible for closing. The vulnerable code is reachable through the PHP exif_read_...
Php Php
Canonical Ubuntu Linux 18.04
Netapp Storage Automation Store -
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »