Python Imaging Library DoS

DoS on icns decoding...

What does a pointer look like, anyway?

Posted by Chris Evans, Renderer of Modern Art In Adobe’s August 2014 Flash Player security update, we see: These updates resolve memory leakage vulnerabilities that could be used to bypass memory address randomization CVE-2014-0540, CVE-2014-0542, CVE-2014-0543, CVE-2014-0544, CVE-2014-0545. I...

OpenJDK: XXE issue in decoder (Beans, 8023245)

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote authenticated users to affect confidentiality and availability via unknown vectors related to Beans. NOTE: the previous information is from the Janua...

Oracle Linux 7 : libtasn1 (ELSA-2014-0687)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-0687 advisory. 3.3-5 - Added missing check for null pointer 1102338 3.3-4 - Fix multiple decoding issues 1102338 Tenable has extracted the preceding description block...

libtasn1 security update

3.3-5 - Added missing check for null pointer 1102338 3.3-4 - Fix multiple decoding issues 1102338...

[SECURITY] Fedora 20 Update: lz4-r119-1.fc20

LZ4 is an extremely fast loss-less compression algorithm, providing compres sion speed at 400 MB/s per core, scalable with multi-core CPU. It also features an extremely fast decoder, with speed in multiple GB/s per core, typically reaching RAM speed limits on multi-core systems...

AdaptCMS 2.0.4 (config.php, question parameter) SQL Injection Vulnerability

No description provided by source. Exploit Title: AdaptCMS = 2.0.4 SQL Injection vulnerability Date: 26/10/2012 Exploit Author: Kallimero Vendor Homepage: http://www.adaptcms.com/ Software Link: http://www.insanevisions.com/page/3/Downloads/ Version: 2.0.4 Tested on: Debian Introduction...

PassWD 1.2 Weak Encryption Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1300/info PassWd 1.2 is a password management utility designed to store user login information to various URLs. The login information, which includes username, password and link location is stored in the pass.dat file whi...

Ghostscript 'CCITTFax' Decoding Filter - Denial of Service Vulnerability

No description provided by source. Ghostscript is prone to a remote denial-of-service vulnerability because it fails to properly validate user-supplied input. Exploiting this issue allows remote attackers to crash the application and possibly to execute code, but this has not been confirmed...

phpRPC Library <= 0.7 XML Data Decoding Remote Code Execution (2)

No description provided by source. !/usr/bin/perl phpRPC =0.7 Remote Command Execution Exploit based on: http://www.gulftech.org/?node=research&articleid=00105-02262006 Copyright c 2006 cijfer cijfer@netti!fi All rights reserved. never ctrl+c again. cijfer$ http://target.com/dir host changed to...

MS IIS 3.0/4.0/5.0 PWS Escaped Characters Decoding Command Execution (8)

No description provided by source. source: http://www.securityfocus.com/bid/2708/info Due to a flaw in the handling of CGI filename program requests, remote users can execute arbitrary commands on an IIS host. When IIS receives a CGI filename request, it automatically performs two actions before...

OpenLDAP <= 2.3.41 BER Decoding Remote Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/30013/info OpenLDAP is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to deny service to legitimate users by crashing affected servers. OpenLDAP 2.3.41 is vulnerable to this issue;...

openSUSE Security Update : seamonkey (openSUSE-SU-2013:1644-1)

update to SeaMonkey 2.22 bnc847708 - rebased patches - requires NSS 3.15.2 or higher - MFSA 2013-93/CVE-2013-5590/CVE-2013-5591/CVE-2013-5592 Miscellaneous memory safety hazards - MFSA 2013-94/CVE-2013-5593 bmo868327 Spoofing addressbar through SELECT element - MFSA 2013-95/CVE-2013-5604...

openSUSE Security Update : libxml2 (openSUSE-SU-2012:0107-1)

A heap-based buffer overflow during decoding of entity references with overly long names has been fixed. CVE-2011-3919 has been assigned. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...

openSUSE Security Update : xulrunner (openSUSE-SU-2012:1586-1)

Changes in xulrunner : - update to 17.0 bnc790140 - MFSA 2012-91/CVE-2012-5842/CVE-2012-5843 Miscellaneous memory safety hazards - MFSA 2012-92/CVE-2012-4202 bmo758200 Buffer overflow while rendering GIF images - MFSA 2012-93/CVE-2012-4201 bmo747607 evalInSanbox location context incorrectly appli...

openSUSE Security Update : vlc (openSUSE-SU-2014:0315-1)

VLC was updated to version 2.1.3 bnc864422 : + Core : - Fix broken behaviour with SOCKSv5 proxies - Fix integer overflow on error when using vlcreaddir + Access : - Fix DVB-T2 tuning on Linux. - Fix encrypted DVD playback. - Fix v4l2 frequency conversion. + Decoders : - Fix numerous issues M2TS,...

openSUSE Security Update : libxml2 (openSUSE-SU-2012:0107-1)

A heap-based buffer overflow during decoding of entity references with overly long names has been fixed. CVE-2011-3919 has been assigned. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...

OpenJDK: XXE issue in decoder (Beans, 8023245)

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote authenticated users to affect confidentiality and availability via unknown vectors related to Beans. NOTE: the previous information is from the Janua...

libtasn1 security update

CentOS Errata and Security Advisory CESA-2014:0596 Updated libtasn1 packages that fix three security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base...

Oracle Linux 6 : libtasn1 (ELSA-2014-0596)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-0596 advisory. 2.3-6 - added check for null pointer 1102336 2.3-5 - fix various DER decoding issues 1102336 2.3-4 - fix CVE-2012-1569 - missing length check when...