CVE-2017-18189

A NULL pointer dereference flaw found in the way SoX handled processing of AIFF files. An attacker could potentially use this flaw to crash the SoX application by tricking it into processing crafted AIFF files...

CVE-2018-1000047

NASA Kodiak version v1.0 contains a CWE-502 vulnerability in Kodiak library's data processing function that can result in remote code execution. This attack appear to be exploitable via Victim opens an untrusted file for optimization using Kodiak library...

UBUNTU-CVE-2017-17935

The Filereadline function in epan/wslua/wsluafile.c in Wireshark through 2.2.11 does not properly strip '\n' characters, which allows remote attackers to cause a denial of service buffer underflow and application crash via a crafted packet that triggers the attempted processing of an empty line...

Ulterius Server < 1.9.5.0 - Directory Traversal Exploit

Exploit for windows platform in category remote exploits Exploit Title: Ulterius Server 1.9.5.0 Directory Traversal Arbitrary File Access Date: 11/13/2017 Exploit Author: Rick Osgood Vendor Homepage: https://ulterius.io/ Software Link:...

Ulterius Server &lt; 1.9.5.0 - Directory Traversal

Exploit Title: Ulterius Server 1.9.5.0 Directory Traversal Arbitrary File Access Date: 11/13/2017 Exploit Author: Rick Osgood Vendor Homepage: https://ulterius.io/ Software Link: https://github.com/Ulterius/server/tree/0e4f2113da287aac88a8b4c5f8364a03685d393d Version: 1.9.5.0 Tested on: Windows...

Design/Logic Flaw

STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at STDUJBIG2File!DllGetClassObject+0x000000000000653b."...

CVE-2017-14298

STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls subsequent Write Address starting at STDUJBIG2File!DllGetClassObject+0x00000000000038e8."...

Code Execution Vulnerability in CAJ Cloud Reading

CAJ Cloud Reader is a CAJ reader that supports internet reading. CAJ Cloud Reader suffers from a code execution vulnerability when processing caj files, due to the program failing to properly parse the file format. An attacker can exploit this vulnerability to execute arbitrary code...

Heap-based Buffer Over-read

ImageMagick is vulnerable to heap-base buffer over-reads. The flaw in the TIFFWriteScanline function in tifwrite.c can be triggered through a file being processed in convert...

Heap-based Buffer Over-read

ImageMagick is vulnerable to heap-base buffer over-reads. The flaw in the WriteUILImage function can be triggered through a file being processed in convert...

CVE-2017-11536

When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteJP2Image function in coders/jp2.c...

CVE-2017-11096

When SWFTools 0.9.2 processes a crafted file in swfcombine, it can lead to a NULL Pointer Dereference in the swfDeleteFilter function in lib/modules/swffilter.c...

CVE-2017-11098

Removed by vendor...

XnView Classic for Windows Buffer Overflow Vulnerability (CNVD-2017-14506)

XnView Classic for Windows is an image viewing software for Windows developed by French software developer Gougelet Pierre-Emmanuel. The software can be used to view, convert, organize and edit graphic and video files. A buffer overflow vulnerability exists in version 2.40 of XnView Classic for...

CVE-2017-8370

IrfanView version 4.44 32bit with FPX Plugin 4.45 allows remote attackers to execute arbitrary code or cause a denial of service Heap Corruption and application crash in processing a FlashPix .FPX file, a different vulnerability than CVE-2017-7721...

BSA-2017-317

Security Advisory ID : BSA-2017-317 Component : Apache Tomcat Revision : 2.0: Interim In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connectors introduced a regression in the send file processing. If the send file processing completed quickly, it was...

Remote code execution

A remote code execution vulnerability in FLACExtractor.cpp in libstagefright in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution...

CVE-2017-8386: using the less command to bypass the git-shell limit-vulnerability warning-the black bar safety net

git-shell git remote session on the introduction of a ssh tunnel, is a restricted shell. Its the basic idea behind is, in the ssh session limit to be able to execute the command, so that it can only execute git needs the appropriate command. git needs to execute the command as follows:...

Design/Logic Flaw

In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connectors introduced a regression in the send file processing. If the send file processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could result in t...

CVE-2017-5651

In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connectors introduced a regression in the send file processing. If the send file processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could result in t...