libgdDoS.txt

Introduction --------------- from GD is an open source code library for the dynamic creation of images by programmers. GD is written in C, and "wrappers" are available for Perl, PHP and other languages. GD creates PNG, JPEG and GIF images, among other formats. GD is commonly used to generate...

CVE-2006-2906

The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas Boutell graphics draw GD library aka libgd 2.0.33 allows remote attackers to cause a denial of service CPU consumption via malformed GIF data that causes an infinite loop...

Code injection

The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas Boutell graphics draw GD library aka libgd 2.0.33 allows remote attackers to cause a denial of service CPU consumption via malformed GIF data that causes an infinite loop...

CVE-2006-2906

The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas Boutell graphics draw GD library aka libgd 2.0.33 allows remote attackers to cause a denial of service CPU consumption via malformed GIF data that causes an infinite loop...

CVE-2006-2906

CVE-2006-2906 affects the GD graphics library (libgd2) via the LZW decoding path in gdImageCreateFromGifPtr, causing an infinite loop and CPU denial of service when processing malformed GIFs. Affected packages include libgd2 used by PHP-gd and standalone libgd2 implementations; multiple advisorie...

CVE-2006-2906

The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas Boutell graphics draw GD library aka libgd 2.0.33 allows remote attackers to cause a denial of service CPU consumption via malformed GIF data that causes an infinite loop...

libgd graphical library DoS

gdImageCreateFromGifPtr GIF decoding infinite loop...

libgd 2.0.33 infinite loop in GIF decoding ?

Introduction --------------- from http://www.boutell.com/gd/ GD is an open source code library for the dynamic creation of images by programmers. GD is written in C, and "wrappers" are available for Perl, PHP and other languages. GD creates PNG, JPEG and GIF images, among other formats. GD is...

Novell client fro Windows buffer overflow

Buffer overflow in DPRPC library on XDR stream decoding...

security flaw

PHP before 5.1.3-RC1 might allow remote attackers to obtain portions of memory via crafted binary data sent to a script that processes user input in the htmlentitydecode function and sends the encoded results back to the client, aka a "binary safety" issue. NOTE: this issue has been referred to a...

MediaWiki: Cross-site scripting vulnerability

Background MediaWiki is a collaborative editing software, used by big projects like Wikipedia. Description MediaWiki fails to decode certain encoded URLs correctly. Impact By supplying specially crafted links, a remote attacker could exploit this vulnerability to inject malicious HTML or JavaScri...

GnuPG unsigned data injection

While decoding non-detached with signature within text messages unsigned data behind signature is invalidely decoded as a part of the messages...

[SECURITY] [DSA 986-1] New gnutls11 packages fix arbitrary code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 986-1 [email protected] http://www.debian.org/security/ Martin Schulze March 6th, 2006 http://www.debian.org/security/faq -...

libtasn1 tiny ASN.1 library / GnuTLS TLS implementation multiple security issues

Out-of-bounds access and buffer overflows in DER decoding...

GLSA-200603-03 : MPlayer: Multiple integer overflows

The remote host is affected by the vulnerability described in GLSA-200603-03 MPlayer: Multiple integer overflows MPlayer makes use of the FFmpeg library, which is vulnerable to a heap overflow in the avcodecdefaultgetbuffer function discovered by Simon Kilvington see GLSA 200601-06. Furthermore,...

DSA-986-1 gnutls11 - buffer overflows

Bulletin has no description...

DSA-985-1 libtasn1-2 - buffer overflows

Bulletin has no description...

phpRPC Library 0.7 - XML Data Decoding Remote Code Execution (2)

!/usr/bin/perl phpRPC All rights reserved. never ctrl+c again. cijfer$ http://target.com/dir host changed to 'http://target.com/dir' cijfer$ $Id: cijfer-prpcxpl.pl,v 0.1 2006/03/01 05:46:00 cijfer Exp $ use LWP::UserAgent; use URI::Escape; use Getopt::Long; use Term::ANSIColor; $res =...

phpRPC Library <= 0.7 XML Data Decoding Remote Code Execution (2)

No description provided by source. !/usr/bin/perl phpRPC =0.7 Remote Command Execution Exploit based on: http://www.gulftech.org/?node=research&articleid=00105-02262006 Copyright c 2006 cijfer cijfer@netti!fi All rights reserved. never ctrl+c again. cijfer$ http://target.com/dir host changed to...

phpRPC Library <= 0.7 XML Data Decoding Remote Code Execution (2)

Exploit for unknown platform in category web applications ================================================================= phpRPC Library $host, "proxy=s" = $proxy, "verbose+" = $verbose; &usage unless $host; while print color"green", "cijfer$ ", color"reset"; chomp$command = ; exit unless...