CVE-2020-24423

Adobe Media Encoder on Windows (versions 14.4 and earlier) is affected by an uncontrolled search path vulnerability that can allow arbitrary code execution in the context of the current user. Exploitation requires user interaction (victim must open a malicious file). Connected advisories indicate...

Adobe Media Encoder Uncontrolled Search Path Vulnerability

Adobe Media Encoder is a video and audio encoding application. An uncontrolled search path vulnerability exists in Adobe Media Encoder 14.4 and earlier versions. An attacker can exploit this vulnerability to achieve arbitrary code execution...

Adobe Releases Security Updates for Multiple Products

Adobe has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the following...

Adobe Media Encoder RCE Vulnerability (APSB20-64) - Windows

Adobe Media Encoder is prone to RCE vulnerability. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2020-24423

Adobe Media Encoder version 14.4 and earlier for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

Rite CMS 2.2.1 Remote Code Execution

Exploit Title: RiteCMS 2.2.1 - Authenticated Remote Code Execution Date: 2020-07-03 Exploit Author: H0j3n Vendor Homepage: http://ritecms.com/ Software Link: http://sourceforge.net/projects/ritecms/files/ritecms2.2.1.zip/download Version: 2.2.1 Tested on: Linux Reference:...

RiteCMS 2.2.1 - Remote Code Execution (Authenticated)

Exploit Title: RiteCMS 2.2.1 - Authenticated Remote Code Execution Date: 2020-07-03 Exploit Author: H0j3n Vendor Homepage: http://ritecms.com/ Software Link: http://sourceforge.net/projects/ritecms/files/ritecms2.2.1.zip/download Version: 2.2.1 Tested on: Linux Reference:...

APSB20-65 Security update available for Adobe Media Encoder

Adobe has released an update for Adobe Media Encoder. This update resolves a critical vulnerability that could lead to arbitrary code execution in the context of the current user...

HiSilicon Video Encoder Malicious Firmware Code Execution

!/usr/bin/env bash Exploit Title: HiSilicon video encoders - RCE via unauthenticated upload of malicious firmware Date: 2020-09-20 Exploit Author: Alexei Kojenov Vendor Homepage: multiple vendors Software Link: N/A Version: vendor-specific Tested on: Linux CVE: CVE-2020-24217 Vendors: URayTech,...

HiSilicon Video Encoder Command Injection

!/usr/bin/env bash Exploit Title: HiSilicon video encoders - RCE via unauthenticated command injection Date: 2020-09-20 Exploit Author: Alexei Kojenov Vendor Homepage: multiple vendors Software Link: N/A Version: vendor-specific Tested on: Linux CVE: CVE-2020-24217 Vendors: URayTech, J-Tech...

HiSilicon Video Encoder Buffer Overflow / Denial Of Service

!/usr/bin/env bash Exploit Title: HiSilicon video encoders - unauthenticated RTSP buffer overflow DoS Date: 2020-09-20 Exploit Author: Alexei Kojenov Vendor Homepage: multiple vendors Software Link: N/A Version: vendor-specific Tested on: Linux CVE: CVE-2020-24214 Vendors: URayTech, J-Tech Digita...

HiSilicon Encoder Default Credentials (Telnet)

HiSilicon Encoder devices are using default credentials over Telnet. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

CVE-2020-24219

An issue was discovered on URayTech IPTV/H.264/H.265 video encoders through 1.97. Attackers can send crafted unauthenticated HTTP requests to exploit path traversal and pattern-matching programming flaws, and retrieve any file from the device's file system, including the configuration file with t...

openSUSE Security Update : brotli (openSUSE-2020-1578)

This update for brotli fixes the following issues : brotli was updated to 1.0.9 : - CVE-2020-8927: Fix integer overflow when input chunk is longer than 2GiB boo1175825 - brotli -v now reports raw / compressed size - decoder: minor speed / memory usage improvements - encoder: fix rare access to...

Mozilla: Integer overflow in nsJPEGEncoder::emptyOutputBuffer

In non-standard configurations, a JPEG image created by JavaScript could have caused an internal variable to overflow, resulting in an out of bounds write, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox 78...

imagemagick:encoder_inline_fuzzer: Heap-buffer-overflow in Fax3Decode2D

Project: https://github.com/imagemagick/imagemagick.git Detailed Report: https://oss-fuzz.com/testcase?key=5127059796656128 Project: imagemagick Fuzzing Engine: libFuzzer Fuzz Target: encoderinlinefuzzer Job Type: libfuzzerasanimagemagick Platform Id: linux Crash Type: Heap-buffer-overflow READ 4...

HiSilicon Encoder Directory Traversal Vulnerability - Active Check

HiSilicon Encoders are prone to a directory traversal vulnerability in /sys/devices/media/13070000.jpgd. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Adobe Media Encoder < 14.4.0 Multiple Information Disclosure (APSB20-57)

The version of Adobe Media Encoder installed on the remote Windows host is prior to 14.4.0. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB20-57 advisory. - Adobe Media Encoder version 14.3.2 and earlier versions has an out-of-bounds read vulnerability that could ...

CVE-2020-9745

Adobe Media Encoder version 14.3.2 and earlier versions has an out-of-bounds read vulnerability that could be exploited to read past the end of an allocated buffer, possibly resulting in a crash or disclosure of sensitive information from other memory locations. User interaction is required to...

CVE-2020-9744

Adobe Media Encoder version 14.3.2 and earlier versions has an out-of-bounds read vulnerability that could be exploited to read past the end of an allocated buffer, possibly resulting in a crash or disclosure of sensitive information from other memory locations. User interaction is required to...