Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
exif vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2016-10751
osClass 3.6.1 allows oc-admin/plugins.php Directory Traversal via the plugin parameter. This is exploitable for remote PHP code execution because an administrator can upload an image that contains PHP code in the EXIF data via index.php?page=ajax&action=ajax_upload.
Osclass Osclass 3.6.1
5
CVSSv2
CVE-2005-3353
The exif_read_data function in the Exif module in PHP prior to 4.4.1 allows remote malicious users to cause a denial of service (infinite loop) via a malformed JPEG image.
Php Php 4.0.0
Php Php 4.1.0
Php Php 4.1.1
Php Php 4.1.2
Php Php 4.3.10
Php Php 4.3.11
Php Php 4.3.8
Php Php 4.3.9
Php Php 4.0.1
Php Php 4.0.2
Php Php 4.2.0
Php Php 4.2.1
Php Php 4.3.2
Php Php 4.3.3
Php Php 4.4.0
Php Php 4.0.5
Php Php 4.0.6
Php Php 4.3.0
Php Php 4.3.1
Php Php 4.3.6
Php Php 4.3.7
Php Php 4.0.3
9.3
CVSSv2
CVE-2008-2548
Stack-based buffer overflow in the JPEG thumbprint component in the EXIF parser on Motorola cell phones with RAZR firmware allows user-assisted remote malicious users to execute arbitrary code via an MMS transmission of a malformed JPEG image, which triggers memory corruption.
Motorola Razr
3.5
CVSSv2
CVE-2020-26220
toucbase.ai before version 2.0 leaks information by not stripping exif data from images. Anyone with access to the uploaded image of other users could obtain its geolocation, device, and software version data etc (if present. The issue is fixed in version 2.0.
Touchbase.ai Project Touchbase.ai
6.9
CVSSv2
CVE-2010-4167
Untrusted search path vulnerability in configure.c in ImageMagick prior to 6.6.5-5, when MAGICKCORE_INSTALLED_SUPPORT is defined, allows local users to gain privileges via a Trojan horse configuration file in the current working directory.
Imagemagick Imagemagick 6.6.4-10
Imagemagick Imagemagick 6.6.4-9
Imagemagick Imagemagick 6.6.4-1
Imagemagick Imagemagick 6.6.4
Imagemagick Imagemagick 6.6.3-2
Imagemagick Imagemagick 6.6.3-1
Imagemagick Imagemagick 6.6.3
Imagemagick Imagemagick 6.6.2-4
Imagemagick Imagemagick 6.6.2-3
Imagemagick Imagemagick 6.6.1-7
Imagemagick Imagemagick 6.6.1-6
Imagemagick Imagemagick 6.6.0-9
Imagemagick Imagemagick 6.6.0-8
Imagemagick Imagemagick 6.6.0
Imagemagick Imagemagick 6.5.9-10
Imagemagick Imagemagick 6.5.9-2
Imagemagick Imagemagick 6.5.9-1
Imagemagick Imagemagick 6.5.8-3
Imagemagick Imagemagick 6.5.8-2
Imagemagick Imagemagick 6.5.7-5
Imagemagick Imagemagick 6.5.7-4
Imagemagick Imagemagick 6.5.6-8
6.4
CVSSv2
CVE-2017-7544
libexif up to and including 0.6.21 is vulnerable to out-of-bounds heap read vulnerability in exif_data_save_data_entry function in libexif/exif-data.c caused by improper length computation of the allocated data of an ExifMnote entry which can cause denial-of-service or possibly i...
Libexif Project Libexif
5
CVSSv2
CVE-2005-3389
The parse_str function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when called with only one parameter, allows remote malicious users to enable the register_globals directive via inputs that cause a request to be terminated due to the memory_limit setting, which causes PHP to set...
Php Php 4.0.1
Php Php 4.0.7
Php Php 4.2.1
Php Php 4.2.2
Php Php 4.3.3
Php Php 4.3.4
Php Php 5.0.0
Php Php 5.0.1
Php Php 5.0.2
Php Php 5.0.3
Php Php 4.0.3
Php Php 4.0.4
Php Php 4.1.0
Php Php 4.1.1
Php Php 4.3.1
Php Php 4.3.10
Php Php 4.3.7
Php Php 4.3.8
Php Php 4.0.2
Php Php 4.2.3
Php Php 4.2
Php Php 4.3.0
4.3
CVSSv2
CVE-2007-6351
libexif 0.6.16 and previous versions allows context-dependent malicious users to cause a denial of service (infinite recursion) via an image file with crafted EXIF tags, possibly involving the exif_loader_write function in exif_loader.c.
Libexif Project Libexif 0.6.14
Libexif Project Libexif 0.6.15
Libexif Project Libexif
5
CVSSv2
CVE-2020-0181
In exif_data_load_data_thumbnail of exif-data.c, there is a possible denial of service due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...
Google Android 10.0
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Libexif Project Libexif
4.3
CVSSv2
CVE-2012-0248
ImageMagick 6.7.5-7 and previous versions allows remote malicious users to cause a denial of service (infinite loop and hang) via a crafted image whose IFD contains IOP tags that all reference the beginning of the IDF.
Imagemagick Imagemagick
Debian Debian Linux 6.0
Debian Debian Linux 7.0
Canonical Ubuntu Linux 10.04
Canonical Ubuntu Linux 11.04
Canonical Ubuntu Linux 11.10
Canonical Ubuntu Linux 12.04
Redhat Storage 2.0
Redhat Enterprise Linux Desktop 5.0
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Eus 6.2
Redhat Enterprise Linux Server 5.0
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Server Aus 6.2
Redhat Enterprise Linux Server Eus 6.2
Redhat Enterprise Linux Workstation 5.0
Redhat Enterprise Linux Workstation 6.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »