3661 matches found
CVE-2017-6420
The CVE-2017-6420 issue affects ClamAV up to version 0.99.2, where the wwunpack function in libclamav/wwunpack.c is vulnerable to a remote use-after-free via a crafted PE file with WWPack compression, potentially causing a denial of service. Upstream fixed this in version 0.99.3 (and distribution...
CVE-2017-6420
The wwunpack function in libclamav/wwunpack.c in ClamAV 0.99.2 allows remote attackers to cause a denial of service use-after-free via a crafted PE file with WWPack compression...
CVE-2017-6420
The wwunpack function in libclamav/wwunpack.c in ClamAV 0.99.2 allows remote attackers to cause a denial of service use-after-free via a crafted PE file with WWPack compression...
UBUNTU-CVE-2017-6420
The wwunpack function in libclamav/wwunpack.c in ClamAV 0.99.2 allows remote attackers to cause a denial of service use-after-free via a crafted PE file with WWPack compression...
CyberChef - The Cyber Swiss Army Knife [A Web App For Encryption, Encoding, Compression And Data Analysis]
The Cyber Swiss Army Knife CyberChef is a simple, intuitive web app for carrying out all manner of "cyber" operations within a web browser. These operations include simple encoding like XOR or Base64, more complex encryption like AES, DES and Blowfish, creating binary and hexdumps, compression an...
openssh: Bounds check can be evaded in the shared memory manager used by pre-authentication compression support
It was found that the boundary checks in the code implementing support for pre-authentication compression could have been optimized out by certain compilers. An attacker able to compromise the privilege-separated process could possibly use this flaw for further attacks against the privileged...
ALZip 8.51 Buffer Overflow
Suggested description Buffer overflow in ALZip 8.51 and earlier allows remote attackers to execute arbitrary code via a crafted DosDevice file. ------------------------------------------ Additional Information To reproduce this issue, create a file named "AUX.3.2.1.e.pwned" using normal user CMD...
Legal Robot: SSL BREACH attack (CVE-2013-3587)
Hello security team, The site legalrobot.com is potentially vulnerable to the BREACH attack. Allowing an attacker the ability to: - Inject partial chosen plaintext into a victim's requests - Measure the size of encrypted traffic - can leverage information leaked by compression to recover targeted...
Large gzip Denial of Service
Overview Affected versions of superagent do not check the post-decompression size of ZIP compressed HTTP responses prior to decompressing. This results in the package being vulnerable to a ZIP bomb attack, where an extremely small ZIP file becomes many orders of magnitude larger when decompressed...
shoco API 'shoco_decompress' function denial of service vulnerability
shoco is a C language library for string compression, of which the API is a programming interface. A security vulnerability exists in the 'shocodecompress' function of the API in shoco 2017-07-17 and earlier versions. A remote attacker can exploit this vulnerability with malformed compressed data...
Huawei Mate 9 Push module directory traversal vulnerability
Huawei Mate 9 is a smartphone from Chinese company Huawei.Push module is one of the message push modules. A directory traversal vulnerability exists in the Push module in Huawei Mate 9 version MHA-AL00AC00B125 due to the program not checking the file name when compressing the file. An attacker...
Dr0p1t Framework 1.3 - A Framework That Creates An Advanced FUD Dropper With Some Tricks
Have you ever heard about trojan droppers ? In short dropper is type of trojans that downloads other malwares and Dr0p1t gives you the chance to create a stealthy dropper that bypass most AVs and have a lot of tricks! Features Generated executable properties: The executable size is smaller compar...
LibTIFF - tif_dirwrite.c Denial of Service
LibTIFF - tifdirwrite.c Denial of Service Source: http://bugzilla.maptools.org/showbug.cgi?id=2712 Triggered by "./tiffset POC1" $ ./tiffset POC1 TIFFReadDirectory: Warning, Unknown field with tag 302 0x12e encountered. TIFFReadDirectory: Warning, Unknown field with tag 61961 0xf209 encountered...
LibTIFF - 'tif_dirwrite.c' Denial of Service
Source: http://bugzilla.maptools.org/showbug.cgi?id=2712 Triggered by "./tiffset POC1" $ ./tiffset POC1 TIFFReadDirectory: Warning, Unknown field with tag 302 0x12e encountered. TIFFReadDirectory: Warning, Unknown field with tag 61961 0xf209 encountered. poc3: AdobeDeflate compression support is...
RESTEasy: Abuse of GZIPInterceptor in RESTEasy can lead to denial of service attack
It was found that GZIPInterceptor is enabled when not necessarily required in RESTEasy. An attacker could use this flaw to launch a Denial of Service attack...
[SECURITY] Fedora 26 Update: openvpn-2.4.3-1.fc26
OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP port. It can use the Marcus Franz Xaver Johannes Oberhumers LZO library for...
[SECURITY] Fedora 25 Update: openvpn-2.4.3-1.fc25
OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP port. It can use the Marcus Franz Xaver Johannes Oberhumers LZO library for...
jbig2dec: Multiple vulnerabilities
Background jbig2dec is a decoder implementation of the JBIG2 image compression format. Description Multiple vulnerabilities have been discovered in jbig2dec. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user or automated system to process...
Freeware Advanced Audio Coder (FAAC) 1.28 - Denial of Service
Freeware Advanced Audio Coder FAAC 1.28 - Denial of Service Freeware Advanced Audio Coder FAAC multiple vulnerabilities ================ Author : qflb.wu =============== Introduction: ============= FAAC is an encoder for a lossy sound compression scheme specified in MPEG-2 Part 7 and MPEG-4 Part ...
Freeware Advanced Audio Coder (FAAC) 1.28 Denial Of Service
Freeware Advanced Audio Coder FAAC multiple vulnerabilities ================ Author : qflb.wu =============== Introduction: ============= FAAC is an encoder for a lossy sound compression scheme specified in MPEG-2 Part 7 and MPEG-4 Part 3 standards and known as Advanced Audio Coding AAC. This...