CVE-2019-10691

The JSON encoder in Dovecot before 2.3.5.2 allows attackers to repeatedly crash the authentication service by attempting to authenticate with an invalid UTF-8 sequence as the username...

CVE-2019-10691

CVE-2019-10691 affects Dovecot, where the JSON encoder in versions prior to 2.3.5.2 can be triggered by an invalid UTF-8 sequence as the username, causing repeated crashes of the authentication service. Connected docs corroborate this with references to Dovecot versions and the vulnerability desc...

USN-3951-1: Dovecot vulnerability

It was discovered that the Dovecot JSON encoder incorrectly handled certain invalid UTF-8 characters. A remote attacker could possibly use this issue to cause Dovecot to repeatedly crash, resulting in a denial of service...

imagemagick/encoder_gif_fuzzer: Heap-buffer-overflow in ParseEntities

Project: https://github.com/imagemagick/imagemagick.git Detailed report: https://oss-fuzz.com/testcase?key=5754243379625984 Project: imagemagick Fuzzer: libFuzzerimagemagickencodergiffuzzer Fuzz target binary: encodergiffuzzer Job Type: libfuzzerasanimagemagick Platform Id: linux Crash Type:...

FreeBSD : dovecot -- json encoder crash (a64aa22f-61ec-11e9-85b9-a4badb296695)

Aki Tuomi reports : CVE-2019-10691: Trying to login with 8bit username containing invalid UTF8 input causes auth process to crash if auth policy is enabled. This could be used rather easily to cause a DoS. Similar crash also happens during mail delivery when using invalid UTF8 in From or Subject...

CVE-2019-10691

The JSON encoder in Dovecot before 2.3.5.2 allows attackers to repeatedly crash the authentication service by attempting to authenticate with an invalid UTF-8 sequence as the username...

CVE-2019-10691

The JSON encoder in Dovecot before 2.3.5.2 allows attackers to repeatedly crash the authentication service by attempting to authenticate with an invalid UTF-8 sequence as the username...

Linux/x86 - MMX-PUNPCKLBW Encoder Shellcode (61 bytes)

INTRO Exploit Title: MMX-PUNPCKLBW Encoder Description: Payload encoder using MMX PUNPCKLBW instruction Date: 13/04/2019 Exploit Author: Petr Javorik Tested on: Linux ubuntu 3.13.0-32-generic x86 Shellcode length: 61 ENCODER !/usr/bin/env python stack execve SHELLCODE = bytearray...

Linux/x64 - XANAX Encoder Shellcode (127 bytes)

Linux/x64 - XANAX Encoder Shellcode 127 bytes ; Date: 08/04/2019 ; XANAX Encoder ; Author: Alan Vivona ; Description: Uses xor-add-not-add-xor sequence with a 4 byte key and writes the encoded version to stdout ; Tested on: x86-x64 GNU/Linux global start segment .data keys.xor1 equ 0x29 keys.add1...

dovecot -- json encoder crash

Aki Tuomi reports: CVE-2019-10691: Trying to login with 8bit username containing invalid UTF8 input causes auth process to crash if auth policy is enabled. This could be used rather easily to cause a DoS. Similar crash also happens during mail delivery when using invalid UTF8 in From or Subject...

Security update for ffmpeg-4 (low)

openSUSE Security Update: Security update for ffmpeg-4 Announcement ID: openSUSE-SU-2019:1066-1 Rating: low References: 1092241 1100348 1105869 Cross-References: CVE-2018-13300 CVE-2018-15822 Affected Products: openSUSE Backports SLE-15 An update that solves two vulnerabilities and has one errata...

openSUSE Security Update : ffmpeg-4 (openSUSE-2019-691)

This update for ffmpeg-4 to version 4.0.2 fixes the following issues : These security issues were fixed : - CVE-2018-15822: The flvwritepacket function did not check for an empty audio packet, leading to an assertion failure and DoS bsc1105869. - CVE-2018-13300: An improper argument passed to the...

lame/fuzzer-encoder: Heap-buffer-overflow in do_copy_buffer

Project: https://svn.code.sf.net/p/lame/svn/trunk/lame Detailed report: https://oss-fuzz.com/testcase?key=5717291922096128 Project: lame Fuzzer: libFuzzerlamefuzzer-encoder Fuzz target binary: fuzzer-encoder Job Type: libfuzzerasanlame Platform Id: linux Crash Type: Heap-buffer-overflow WRITE Cra...

CMS Made Simple Showtime2 Module 3.6.2 - (Authenticated) Arbitrary File Upload

!/usr/bin/env python Exploit Title: CMS Made Simple authenticated arbitrary file upload in Showtime2 module Date: March 2019 Exploit Author: Daniele Scanu @ Certimeter Group Vendor Homepage: https://www.cmsmadesimple.org/ Software Link: http://viewsvn.cmsmadesimple.org/listing.php?repname=showtim...

Linux/x86 - INSERTION Encoder / Decoder execve(/bin/sh) Shellcode (88 bytes)

/ ''' ; Date: 07/03/2019 ; Insertion-Encoder.asm ; Author: Daniele Votta ; Description: This program encode shellcode with insertion technique 0xAA. ; Tested on: i686 GNU/Linux ''' !/usr/bin/python Python Insertion Encoder import random Execve /bin/sh 25 bytes shellcode...

Teracue ENC-400 Command Injection Vulnerability

The Teracue ENC-400 is a portable multi-flow encoder from Teracue Germany. A command injection vulnerability exists in the login form of the Teracue ENC-400, which can be exploited to execute code when the program passes user input to a shell command without performing any escaping or validation...

PT-2021-4535 · FFmpeg +5 · Ffmpeg +5

Name of the Vulnerable Software and Affected Versions: FFmpeg version 4.1 Description: The issue is related to a buffer overflow in the apng do inverse blend component of the Ffmpeg library, which could allow a remote attacker to cause a Denial of Service. Recommendations: For FFmpeg version 4.1,...

CVE-2018-15781

The Dell Wyse Password Encoder in ThinLinux2 versions prior to 2.1.0.01 contain a Hard-coded Cryptographic Key vulnerability. An unauthenticated remote attacker could reverse engineer the cryptographic system used in the Dell Wyse Password Encoder to discover the hard coded private key and decryp...

CVE-2018-15781

The Dell Wyse Password Encoder in ThinLinux2 versions prior to 2.1.0.01 contain a Hard-coded Cryptographic Key vulnerability. An unauthenticated remote attacker could reverse engineer the cryptographic system used in the Dell Wyse Password Encoder to discover the hard coded private key and decryp...

CVE-2018-15781 DSA-2019-022: Dell Wyse Password Encoder Hard-coded Cryptographic Key Vulnerability

The Dell Wyse Password Encoder in ThinLinux2 versions prior to 2.1.0.01 contain a Hard-coded Cryptographic Key vulnerability. An unauthenticated remote attacker could reverse engineer the cryptographic system used in the Dell Wyse Password Encoder to discover the hard coded private key and decryp...