FLASHMINGO - Automatic Analysis Of SWF Files Based On Some Heuristics

Automatic Analysis Of SWF Files Based On Some Heuristics. Extensible Via Plugins. Install Install the Python 2.7 packages listed in requirements.txt. You can use the following command: pip install -r requirements.txt If you want to use the decompilation functionality you need to install Jython...

[SECURITY] Fedora 30 Update: zchunk-1.1.1-3.fc30

zchunk is a compressed file format that splits the file into independent chunks. This allows you to only download the differences when downloading a new version of the file, and also makes zchunk files efficient over rsync. zchunk files are protected with strong checksums to verify that the file...

libTIFF: Denial of service

Background The TIFF library contains encoding and decoding routines for the Tag Image File Format. It is called by numerous programs, including GNOME and KDE applications, to interpret TIFF images. Description Please review the CVE identifier referenced below for details. Impact Please review the...

Microsoft Windows Contact File Format Arbitary Code Execution Exploit

This Metasploit module allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw is due to processing of contact...

GNU LibreDWG Null Pointer Backreference Vulnerability

GNU LibreDWG is a GNU Project C library for working with DWG files. A null pointer back-reference vulnerability exists in the '.spec' function of the dwg.spec file in GNU LibreDWG version 0.7 and 0.7.1645. An attacker could exploit this vulnerability to cause a denial of service...

GNU LibreDWG null pointer back-reference vulnerability (CNVD-2019-12558)

GNU LibreDWG is a GNU Project C library for working with DWG files. A null pointer back-reference vulnerability exists in the 'dwgdxfLTYPE' function of the dwg.spec file in GNU LibreDWG version 0.7 and 0.7.1645. An attacker could exploit this vulnerability to cause a denial of service...

RSAC 2019: Microsoft Zero-Day Allows Exploits to Sneak Past Sandboxes

SAN FRANCISCO – A previously unknown bug in Microsoft Office has been spotted being actively exploited in the wild; it can be used to bypass security solutions and sandboxes, according to findings released at the RSA Conference 2019. The bug exists in the OLE file format and the way it’s handled ...

Debian DLA-1679-1 : php5 security update

Several security bugs have been identified and fixed in php5, a server-side, HTML-embedded scripting language. The affected components include GD graphics, multi-byte string handling, phar file format handling, and xmlrpc. CVEs have not yet been assigned. Once the CVE assignments are announced, t...

[SECURITY] Fedora 29 Update: podofo-0.9.6-5.fc29

PoDoFo is a library to work with the PDF file format. The name comes from the first letter of PDF Portable Document Format. A few tools to work with PDF files are already included in the PoDoFo package. The PoDoFo library is a free, portable C++ library which includes classes to parse PDF files a...

CVE-2019-0259

SAP BusinessObjects, versions 4.2 and 4.3, Visual Difference allows an attacker to upload any file including script files without proper file format validation...

Out-of-bounds

An exploitable out-of-bounds write exists in the CALS Raster file format-parsing functionality of Canvas Draw version 5.0.0.28. A specially crafted CAL image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a CAL image to trigge...

CVE-2018-3976

CVE-2018-3976 affects ACD Systems Canvas Draw 5.0.0.28, in the CALS Raster file format parsing. The TALOS advisory describes an exploitable out-of-bounds write triggered by crafted CAL images, allowing an attacker to overwrite data and potentially gain code execution. The issue arises from incorr...

CVE-2018-3976

An exploitable out-of-bounds write exists in the CALS Raster file format-parsing functionality of Canvas Draw version 5.0.0.28. A specially crafted CAL image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a CAL image to trigge...

Anyburn 4.3 - Convert image to file format Denial of Service Exploit

!/usr/bin/python Exploit Title: AnyBurn x86 - Denial of Service DoS Exploit Author: Dino Covotsos - Telspace Systems Vendor Homepage: http://www.anyburn.com/ Version: 4.3 32-bit Software Link : http://www.anyburn.com/anyburnsetup.exe Contact: [email protected] Twitter: @telspacesystems Gree...

Anyburn 4.3 - 'Convert image to file format' Denial of Service

!/usr/bin/python Exploit Title: AnyBurn x86 - Denial of Service DoS Date: 30-01-2019 Exploit Author: Dino Covotsos - Telspace Systems Vendor Homepage: http://www.anyburn.com/ Version: 4.3 32-bit Software Link : http://www.anyburn.com/anyburnsetup.exe Contact: [email protected] Twitter:...

Updated terminology package fixes security vulnerability CVE-2018-20167

Terminology before 1.3.1 allows Remote Code Execution because popmedia is mishandled, as demonstrated by an unsafe "cat README.md" command when \epn is used. A popmedia control sequence can allow the malicious execution of executable file formats registered in the X desktop share MIME types...

ALPINE-CVE-2019-6128

The TIFFFdOpen function in tifunix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb...

W3Brute - Automatic Web Application Brute Force Attack Tool

w3brute is an open source penetration testing tool that automates attacks directly to the website's login page. w3brute is also supported for carrying out brute force attacks on all websites. Features 1. Scanner: w3brute has a scanner feature that serves to support the bruteforce attack process...

GNU Binutils Binary File Descriptor library Heap Buffer Overflow Vulnerability

GNU Binutils a.k.a. GNU Binary Utilities or binutils is a set of programming language utilities developed by the GNU Project to work with object files in a variety of formats, with connectors, assemblers, and other tools for object files and archives.The Binary File Descriptor BFD library a.k.a...

HTML5 Video Player 1.2.5 Buffer Overflow

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'HTML5 Video Player 1.2.5 - Buffer Overflow SEH', 'Description' = %q This module exploits a stack based buffer overflow in HTML5 Vide...