WordPress < 4.5.2 Multiple Vulnerabilities (ImageTragick)

Binary data 9387.prm...

HPE Insight Control server deployment file manipulation vulnerability

HPE Insight Control server deployment is a set of server management configuration tools from Hewlett Packard Enterprise HPE. A file manipulation add, delete, and modify vulnerability exists in HPE Insight Control server deployment, which allows remote attackers to modify data via unspecified...

Debian DLA-484-1 : graphicsmagick security update (ImageTragick)

Several security vulnerabilities were discovered in graphicsmagick a tool to manipulate image files. GraphicsMagick is a fork of ImageMagick and also affected by vulnerabilities collectively known as ImageTragick, that are the consequence of lack of sanitization of untrusted input. An attacker wi...

[SECURITY] [DLA 486-1] imagemagick security update

Package : imagemagick Version : 8:6.7.7.10-5+deb7u5 CVE ID : CVE-2016-3714 CVE-2016-3715 CVE-2016-3716 CVE-2016-3717 CVE-2016-3718 Debian Bug : 823542 Nikolay Ermishkin from the Mail.Ru Security Team and Stewie discovered several vulnerabilities in ImageMagick, a program suite for image...

[SECURITY] [DLA 484-1] graphicsmagick security update

Version : 1.3.16-1.1+deb7u1 CVE ID : CVE-2015-8808 CVE-2016-2317 CVE-2016-2318 CVE-2016-3714 CVE-2016-3715 CVE-2016-3716 CVE-2016-3717 CVE-2016-3718 Debian Bug : 814732 Several security vulnerabilities were discovered in graphicsmagick a tool to manipulate image files. GraphicsMagick is a fork of...

DLA-484-1 graphicsmagick - security update

Bulletin has no description...

MGASA-2016-0188 Updated imagemagick/ruby-rmagic packages fix security vulnerability

It was discovered that ImageMagick did not properly sanitize certain input before passing it to the delegate functionality. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities,...

Drupal 7.x < 7.43, 8.x < 8.0.4 Multiple Vulnerabilities (SA-CORE-2016-001) - Linux

Drupal is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:drupal:drupal"; ifdescription...

[SECURITY] [DSA 3580-1] imagemagick security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3580-1 [email protected] https://www.debian.org/security/ Luciano Bello May 16, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3580-1] imagemagick security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3580-1 [email protected] https://www.debian.org/security/ Luciano Bello May 16, 2016 https://www.debian.org/security/faq -...

CVE-2015-3411

PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls 1 a DOMDocument load method, 2 the xmlwriteropenuri function, 3 t...

DSA-3580-1 imagemagick - security update

Bulletin has no description...

Debian Security Advisory DSA 3580-1 (imagemagick - security update)

Nikolay Ermishkin from the Mail.Ru Security Team and Stewie discovered several vulnerabilities in ImageMagick, a program suite for image manipulation. These vulnerabilities, collectively known as ImageTragick, are the consequence of lack of sanitization of untrusted input. An attacker with contro...

The vulnerability of the Firefox browser, which allows a hacker to delete any files they want

The vulnerability of the Mozilla Maintenance Service updater for the Firefox browser is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to delete arbitrary files by manipulating local files...

[slackware-security] imagemagick

New imagemagick packages are available for Slackware 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: patches/packages/imagemagick-6.8.610-i486-2slack14.1.txz: Rebuilt. This update addresses several security issues in ImageMagick, including:...

CentOS 6 / 7 : ImageMagick (CESA-2016:0726) (ImageTragick)

An update for ImageMagick is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Important: Red Hat Security Advisory: ImageMagick security update

An update for ImageMagick is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

SUSE SLED12 / SLES12 Security Update : ImageMagick (SUSE-SU-2016:1260-1) (ImageTragick)

This update for ImageMagick fixes the following issues : Security issues fixed : - Several coders were vulnerable to remote code execution attacks, these coders have now been disabled by default but can be re-enabled by editing '/etc/ImageMagick-/policy.xml' bsc978061 - CVE-2016-3714: Insufficien...

CVE-2016-3716

The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to move arbitrary files via a crafted image...

ImageMagick -- multiple vulnerabilities

Openwall reports: Insufficient filtering for filename passed to delegate's command allows remote code execution during conversion of several file formats. Any service which uses ImageMagick to process user supplied images and uses default delegates.xml / policy.xml, may be vulnerable to this issu...