CVE-2008-4549

Imageshack Toolbar - Improper Input Validation

Title source: rule

Description

The ImageShack Toolbar ActiveX control (ImageShackToolbar.dll) in ImageShack Toolbar 4.5.7, possibly including 4.5.7.69, allows remote attackers to force the upload of arbitrary image files to the ImageShack site via a file: URI argument to the BuildSlideShow method.

Exploits (1)

exploitdb WORKING POC VERIFIED

by rgod · htmlremotewindows

https://www.exploit-db.com/exploits/4981

View Code ZIP pw:eip

References (7)

[Third Party Advisory, VDB Entry] http://osvdb.org/40628

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/4981

[Vendor Advisory] http://secunia.com/advisories/28644

[Third Party Advisory] http://securityreason.com/securityalert/4410

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/486941/100/200/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/27439

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/39921

Scores

EPSS 0.0815

EPSS Percentile 92.2%

Details

CWE

CWE-20

Status published

Products (2)

imageshack/imageshack_toolbar 4.5.7

imageshack/imageshack_toolbar 4.5.7.69

Published Oct 14, 2008

Tracked Since Feb 18, 2026