CVE-2013-1439

CVE-2013-1439 affects LibRaw’s faster LJPEG decoder in LibRaw 0.13.x, 0.14.x, and 0.15.x prior to 0.15.4, enabling a context-dependent attacker to cause a NULL pointer dereference and denial of service via a crafted photo file. Affected components: LibRaw’s LJPEG decoding path. Impact: denial of ...

CVE-2013-1439

The "faster LJPEG decoder" in libraw 0.13.x, 0.14.x, and 0.15.x before 0.15.4 allows context-dependent attackers to cause a denial of service NULL pointer dereference via a crafted photo file...

UBUNTU-CVE-2013-1439

The "faster LJPEG decoder" in libraw 0.13.x, 0.14.x, and 0.15.x before 0.15.4 allows context-dependent attackers to cause a denial of service NULL pointer dereference via a crafted photo file...

libotr: Arbitrary code execution

Background libotr is a portable off-the-record messaging library. Description Multiple heap-based buffer overflows are present in the Base64 decoder of libotr. Impact A remote attacker could send a specially crafted OTR message, resulting in arbitrary code execution with the privileges of the...

Fedora 19 : LibRaw-0.14.8-3.fc19.20120830git98d925 (2013-15562)

Raphael Geissert reported two denial of service flaws in LibRaw 1 : CVE-2013-1438 : Specially crafted photo files may trigger a division by zero, an infinite loop, or a NULL pointer dereference in libraw leading to denial of service in applications using the library. These vulnerabilities appear ...

Amazon Linux AMI : nss (ALAS-2012-108)

A flaw was found in the way the ASN.1 Abstract Syntax Notation One decoder in NSS handled zero length items. This flaw could cause the decoder to incorrectly skip or replace certain items with a default value, or could cause an application to crash if, for example, it received a specially crafted...

[Router Password Decryptor] Tool to Recover Login/PPPoE/WEP/WPA/WPA2 Passwords from Router/Modem Config file

Router Password Decryptor is the FREE tool to instantly recover internet login/PPPoE authentication passwords, Wireless WEP keys, WPA/WPA2 Passphrases from your Router/Modem configuration file. Currently it supports password recovery from following type of Routers/Modems: --- Cisco Juniper DLink...

Oracle Linux 4 : tetex (ELSA-2010-0399)

From Red Hat Security Advisory 2010:0399 : Updated tetex packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores,...

Oracle Linux 5 : gstreamer-plugins-good (ELSA-2009-1123)

The remote Oracle Linux 5 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2009-1123 advisory. 0.10.9-1.el5.2 - CVE-2009-1932: Integer overflow in PNG decoder. Tenable has extracted the preceding description block directly from the Oracle Linux security...

Oracle Linux 5 : krb5 (ELSA-2009-0408)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2009-0408 advisory. - update to revised patch for CVE-2009-0844/CVE-2009-0845 - add fix for potential buffer read overrun in the SPNEGO GSSAPI mechanism 490635,...

USN-1884-1: LibRaw vulnerability

It was discovered that LibRaw incorrectly handled broken full-color images. If a user or automated system were tricked into processing a specially crafted raw image, applications linked against LibRaw could be made to crash, resulting in a denial of service, or possibly execute arbitrary code...

CVE-2013-0509

Buffer overflow in the Transaction MIB agent in IBM Tivoli Netcool System Service Monitors SSM and Application Service Monitors ASM 4.0.0 before FP14 allows remote attackers to execute arbitrary code via a SQL transaction with a long table name that is not properly handled by a packet decoder...

Buffer overflow

Buffer overflow in the Transaction MIB agent in IBM Tivoli Netcool System Service Monitors SSM and Application Service Monitors ASM 4.0.0 before FP14 allows remote attackers to execute arbitrary code via a SQL transaction with a long table name that is not properly handled by a packet decoder...

Add/Sub Encoder

Encodes payload with add or sub instructions. This idea came from offensive-security muts' hp nnm 7.5.1 exploit. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Add/Sub Encoder', 'Description' ...

[Converter v0.7] Analyzing and Deobfuscating Malicious Scripts

Malicious Java applets have been making news for awhile so I thought I would update Converter to include some new features to help with deobfuscating them. This is a list of changes made to this version: + Replaced Binary-to/from-Text with Binary-to/from-Hex to make it more useful + Added Filter...

CVE-2012-4458

The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service memory consumption and server crash via a large number of zero width elements in the client-properties map in a connection.start-ok message...

CVE-2012-4458

The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service memory consumption and server crash via a large number of zero width elements in the client-properties map in a connection.start-ok message...

UBUNTU-CVE-2012-4458

The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service memory consumption and server crash via a large number of zero width elements in the client-properties map in a connection.start-ok message...

CVE-2012-4458

The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service memory consumption and server crash via a large number of zero width elements in the client-properties map in a connection.start-ok message...

Ubuntu 6.06 LTS : firefox vulnerabilities (USN-645-2)

USN-645-1 fixed vulnerabilities in Firefox and xulrunner for Ubuntu 7.04, 7.10 and 8.04 LTS. This provides the corresponding update for Ubuntu 6.06 LTS. Justin Schuh, Tom Cross and Peter Williams discovered errors in the Firefox URL parsing routines. If a user were tricked into opening a crafted...