imagemagick/encoder_bmp_fuzzer: Use-of-uninitialized-value in cmsMLUgetASCII

Project: https://github.com/imagemagick/imagemagick.git Detailed report: https://oss-fuzz.com/testcase?key=5742789528125440 Project: imagemagick Fuzzer: libFuzzerimagemagickencoderbmpfuzzer Fuzz target binary: encoderbmpfuzzer Job Type: libfuzzermsanimagemagick Platform Id: linux Crash Type:...

Schneider Electric Pelco Endura NET55XX Encoder

This module exploits inadequate access controls within the webUI to enable the SSH service and change the root password. This module has been tested successfully on: NET5501, NET5501-I, NET5501-XT, NET5504, NET5500, NET5516, NET550 versions. This module requires Metasploit:...

WordPress Simple Mail Address Encoder plugin <= 1.6.1 - Reflected Authenticated Cross-Site Scripting (XSS) vulnerability

Reflected Authenticated Cross-Site Scripting XSS vulnerability found in WordPress Simple Mail Address Encoder plugin versions = 1.6.1. Solution Update the WordPress Simple Mail Address Encoder plugin to the latest available version at least 1.7...

Simple Mail Address Encoder <= 1.6.1 - Reflected Authenticated XSS

Reflected XSS in the base64 encoded fwurl parameter when the plugin has been used for 30 days and shows a donation notice PoC https:///wp-admin/options-general.php?page=smae=remind=Iyc7YWxlcnQoL1hTUy8pOy8v...

Simple Mail Address Encoder <= 1.6.1 - Reflected Authenticated XSS

Reflected XSS in the base64 encoded fwurl parameter when the plugin has been used for 30 days and shows a donation notice https:///wp-admin/options-general.php?page=smae&smaeaction=remind&fwurl=Iyc7YWxlcnQoL1hTUy8pOy8v...

Hostname-based Context Keyed Payload Encoder

Context-Keyed Payload Encoder based on hostname and x64 XOR encoder. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Hostname-based Context Keyed Payload Encoder', 'Description' = 'Context-Keye...

Linux/x86 - ASCII AND, SUB, PUSH, POPAD Encoder Shellcode

!/usr/bin/env python3 INTRODUCTION Encoder Title: ASCII shellcode encoder via AND, SUB, PUSH, POPAD Date: 26.6.2019 Encoder Author: Petr Javorik, www.mmquant.net Tested on: Linux ubuntu 3.13.0-32-generic, x86 Special thx to: Corelanc0d3r for intro to this technique Description: This encoder is...

EulerOS 2.0 SP8 : dovecot (EulerOS-SA-2019-1644)

According to the versions of the dovecot packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be...

Linux/x86 - Reposition + INC encoder with execve(/bin/sh) Shellcode (66 bytes)

Title: Linux/x86 - Reposition + INC encoder with execve/bin/sh Shellcode 66 bytes Author: Jonathan So Purpose: decode and spawn a /bin/sh shell Tested On: Linux kali 4.19.0-kali4-686 1 SMP Debian 4.19.28-2kali1 2019-03-18 i686 GNU/Linux Arch: x86 Size: 66 bytes Write-up Link:...

imagemagick/encoder_heic_fuzzer: Bad-cast to std::__1::__shared_weak_count from invalid vptr in std::__1::shared_ptr<heif::HeifPixelImage>::~shared_ptr

Project: https://github.com/imagemagick/imagemagick.git Detailed report: https://oss-fuzz.com/testcase?key=5669433122488320 Project: imagemagick Fuzzer: libFuzzerimagemagickencoderheicfuzzer Fuzz target binary: encoderheicfuzzer Job Type: libfuzzerubsanimagemagick Platform Id: linux Crash Type:...

CVE-2019-6814

A CWE-287: Improper Authentication vulnerability exists in the NET55XX Encoder with firmware prior to version 2.1.9.7 which could cause impact to confidentiality, integrity, and availability when a remote attacker crafts a malicious request to the encoder webUI...

CVE-2019-6814

A CWE-287: Improper Authentication vulnerability exists in the NET55XX Encoder with firmware prior to version 2.1.9.7 which could cause impact to confidentiality, integrity, and availability when a remote attacker crafts a malicious request to the encoder webUI...

Authentication flaw

A CWE-287: Improper Authentication vulnerability exists in the NET55XX Encoder with firmware prior to version 2.1.9.7 which could cause impact to confidentiality, integrity, and availability when a remote attacker crafts a malicious request to the encoder webUI...

CVE-2019-6814

A CWE-287: Improper Authentication vulnerability exists in the NET55XX Encoder with firmware prior to version 2.1.9.7 which could cause impact to confidentiality, integrity, and availability when a remote attacker crafts a malicious request to the encoder webUI...

CVE-2019-6814

CVE-2019-6814 affects Schneider Electric Pelco Endura NET55XX Encoder families with firmware versions prior to 2.1.9.7, due to CWE-287 Improper Authentication. A remote attacker could craft a malicious request to the encoder webUI, leading to an authentication bypass impacting confidentiality, in...

CVE-2019-7844

Adobe Media Encoder version 13.0.2 has an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure...

CVE-2019-7844

Adobe Media Encoder version 13.0.2 has an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure...

Design/Logic Flaw

Adobe Media Encoder version 13.0.2 has a use-after-free vulnerability. Successful exploitation could lead to remote code execution...

CVE-2019-7842

Adobe Media Encoder version 13.0.2 has a use-after-free vulnerability. Successful exploitation could lead to remote code execution...

CVE-2019-7842

Adobe Media Encoder version 13.0.2 has a use-after-free vulnerability. Successful exploitation could lead to remote code execution...