2680 matches found
Huawei EulerOS: Security Advisory for netpbm (EulerOS-SA-2019-2426)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Shell Backdoor List - PHP / ASP Shell Backdoor List
What is a shell backdoor ? A backdoor shell is a malicious piece of code e.g. PHP, Python, Ruby that can be uploaded to a site to gain access to files stored on that site. Once it is uploaded, the hacker can use it to edit, delete, or download any files on the site, or upload their own. How to...
USN-4232-1 graphicsmagick vulnerabilities
It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact...
PYSEC-2020-81
libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to realloc...
PYSEC-2020-81
libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to realloc...
MGASA-2019-0415 Updated exiv2 packages fix security vulnerabilities
The updated packages fix security vulnerabilities: An integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service SIGSEGV via a crafted PNG image file, because PngImage::readMetadata mishandles a zero value for iccOffset. CVE-2019-13108 An integer overflow in Exiv2...
EulerOS 2.0 SP5 : exiv2 (EulerOS-SA-2019-2710)
According to the versions of the exiv2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Exiv2::Internal::PngChunk::parseTXTChunk in Exiv2 v0.26 allows remote attackers to cause a denial of service heap-based buffer over-read via a...
EulerOS 2.0 SP3 : netpbm (EulerOS-SA-2019-2635)
According to the versions of the netpbm packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A memory allocation vulnerability was found in netpbm before 10.61. A maliciously crafted SVG file could cause the application to...
CVE-2019-5083
An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll TIFdecodethunderscan function of Accusoft ImageGear 19.3.0 library. A specially crafted TIFF file can cause an out of bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to t...
USN-4207-1 graphicsmagick vulnerabilities
It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact...
USN-4206-1 graphicsmagick vulnerabilities
It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service. CVE-2017-10794, CVE-2017-10799, CVE-2017-11102, CVE-2017-11140, CVE-2017-11403, CVE-2017-11636, CVE-2017-11637, CVE-2017-13147, CVE-2017-14042,...
Free Photo Viewer Code Issue Vulnerability
Free Photo Viewer is a lightweight photo viewer. A code issue vulnerability exists in Free Photo Viewer. The vulnerability can be exploited to execute arbitrary code via specially crafted BMP and/or TIFF files...
Updated djvulibre packages fix security vulnerabilities
The updated packages fix security vulnerabilities: In DjVuLibre 3.5.27, DjVmDir.cpp in the DJVU reader component allows attackers to cause a denial-of-service application crash in GStringRep::strdup in libdjvu/GString.cpp caused by a heap-based buffer over-read by crafting a DJVU file...
The vulnerability of the QuantumTransferMode function (coders/tiff.c), a cross-platform library for working with graphics, allows a hacker to trigger a service failure.
The vulnerability of the QuantumTransferMode function coders/tiff.c in the cross-platform library for working with graphics in GraphicsMagick is related to a buffer overflow vulnerability. Exploiting this vulnerability could allow an attacker to cause a service failure using a specially created...
The vulnerability in the software for creating 3D computer graphics with Blender arises from a full-integer overflow, allowing an attacker to execute arbitrary code.
The vulnerability of Blender’s software for creating 3D computer graphics arises from a numerical overflow condition. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created TIFF file...
Bludit - Directory Traversal Image File Upload Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Bludit Directory Traversal Image File Upload Vulnerability", 'Description' = %q This module exploits a vulnerability in Bludit. A remote user cou...
jhead buffer over-read vulnerability
jhead is a command line driven utility for extracting digital camera settings from the Exif format files used by many digital cameras. A buffer over-read vulnerability exists in ReadJpegSections and processSOFn in jpgfile.c in jhead 3.03, which can be exploited by an attacker to cause a denial of...
CVE-2019-5084
An exploitable heap out-of-bounds write vulnerability exists in the TIF-parsing functionality of LEADTOOLS 20. A specially crafted TIF image can cause an offset beyond the bounds of a heap allocation to be written, potentially resulting in code execution. An attacker can specially craft a TIF ima...
CVE-2019-5125
An exploitable heap overflow vulnerability exists in the JPEG2000 parsing functionality of LEADTOOLS 20. A specially crafted J2K image file can cause an out of bounds write of a heap buffer, potentially resulting in code execution. An attack can specially craft a J2K image to trigger this...
Integer overflow
An exploitable integer underflow vulnerability exists in the CMP-parsing functionality of LEADTOOLS 20. A specially crafted CMP image file can cause an integer underflow, potentially resulting in code execution. An attacker can specially craft a CMP image to trigger this vulnerability...