Microsoft Windows GDI+ TIFF Parsing Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required in that a user must open a malicious image file or browse to a malicious website. The specific flaws exist in the GDI+ subsystem when parsing...

Apple QuickTime PICT Multiple Records Handling Buffer Overflow (CVE-2008-1019)

Apple's QuickTime is a multimedia player that supports a wide range of media formats. The software supports parsing and displaying picture files as well as numerous audio/video formats. There exists a heap buffer overflow vulnerability in Apple QuickTime application. The vulnerability is due to...

Apple QuickTime Image Descriptor Atom Parsing Memory Corruption (CVE-2008-0033)

Apple QuickTime is a multimedia player that supports a wide range of media formats. The software supports parsing and displaying picture files as well as numerous video formats. QuickTime is capable of processing Apple QuickTime Image File format, which is a proprietary format created by Apple...

Hacking knowledge: how to hide PHP file Backdoor tricks-vulnerability warning-the black bar safety net

Recently many friends are asking if I can put my word Trojan is hidden to the HTML or pictures, in fact the word Trojan is inserted into the PHP file will already be concealed, and if said literally to be placed into the HTML file or picture, then read this article test report. You want to know i...

KesionCMS(section news)upload vulnerability-vulnerability warning-the black bar safety net

Prius special A bit tasteless,with a few days before the publication of the iis6 filename parsing vulnerability achieve to obtain webshell. First find the use of tech-ex systems site,registered members,and then input KSeditor/selectupfiles. asp, Open after upload x. asp;x. jpg format image file,i...

Mandrake Security Advisory MDVSA-2009:162 (java-1.6.0-openjdk)

The remote host is missing an update to java-1.6.0-openjdk announced via advisory MDVSA-2009:162. OpenVAS Vulnerability Test $Id: mdksa2009162.nasl 6587 2017-07-07 06:35:35Z cfischer $ Description: Auto-generated from advisory MDVSA-2009:162 java-1.6.0-openjdk Authors: Thomas Reinke Copyright:...

[SECURITY] Fedora 11 Update: ocaml-camlimages-3.0.1-7.fc11.2

CamlImages is an image processing library for Objective CAML, which provide s: basic functions for image processing and loading/saving, various image file formats hence providing a translation facility from format to format, and an interface with the Caml graphics library allows to display images...

[SECURITY] Fedora 10 Update: OpenEXR-1.6.1-8.fc10

OpenEXR is a high dynamic-range HDR image file format developed by Indust rial Light & Magic for use in computer imaging applications. This package contai ns libraries and sample applications for handling the format...

[SECURITY] Fedora 11 Update: OpenEXR-1.6.1-8.fc11

OpenEXR is a high dynamic-range HDR image file format developed by Indust rial Light & Magic for use in computer imaging applications. This package contai ns libraries and sample applications for handling the format...

Debian Security Advisory DSA 1835-1 (tiff)

The remote host is missing an update to tiff announced via advisory DSA 1835-1. OpenVAS Vulnerability Test $Id: deb18351.nasl 6615 2017-07-07 12:09:52Z cfischer $ Description: Auto-generated from advisory DSA 1835-1 tiff Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...

PHP Melody 1.5.3 Remote File Upload Injection Vulnerability

Exploit for unknown platform in category web applications =========================================================== PHP Melody 1.5.3 Remote File Upload Injection Vulnerability =========================================================== --------------------------------------------------- PHP...

PHP Melody 1.5.3 File Upload

--------------------------------------------------- PHP Melody 1.5.3 remote injection upload file --------------------------------------------------- + Author : Chip D3 Bi0s + Email : chipdebiosalt+64gmail.com + Group : LatinHackTeam + Vulnerability : SQL injection ---------info Cms--------------...

Mandrake Security Advisory MDVSA-2009:142 (jasper)

The remote host is missing an update to jasper announced via advisory MDVSA-2009:142. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR...

Mandrake Security Advisory MDVSA-2009:143 (netpbm)

The remote host is missing an update to netpbm announced via advisory MDVSA-2009:143. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR...

Debian DSA-1819-1 : vlc - several vulnerabilities

Several vulnerabilities have been discovered in vlc, a multimedia player and streamer. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-1768 Drew Yao discovered that multiple integer overflows in the MP4 demuxer, Real demuxer and Cinepak codec can le...

Mandriva Linux Security Advisory : lcms (MDVSA-2009:121-1)

Multiple security vulnerabilities has been identified and fixed in Little cms : A memory leak flaw allows remote attackers to cause a denial of service memory consumption and application crash via a crafted image file CVE-2009-0581. Multiple integer overflows allow remote attackers to execute...

Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : php5 vulnerabilities (USN-720-1)

It was discovered that PHP did not properly enforce phpadminvalue and phpadminflag restrictions in the Apache configuration file. A local attacker could create a specially crafted PHP script that would bypass intended security restrictions. This issue only applied to Ubuntu 6.06 LTS, 7.10, and 8....

Ubuntu 6.06 LTS / 7.10 : evolution-data-server vulnerability (USN-733-1)

It was discovered that the Base64 encoding functions in evolution-data-server did not properly handle large strings. If a user were tricked into opening a specially crafted image file, or tricked into connecting to a malicious server, an attacker could possibly execute arbitrary code with user...

Ubuntu USN-760-1 (cupsys)

The remote host is missing an update to cupsys announced via advisory USN-760-1. OpenVAS Vulnerability Test $Id: ubuntu7601.nasl 7969 2017-12-01 09:23:16Z santu $ $Id: ubuntu7601.nasl 7969 2017-12-01 09:23:16Z santu $ Description: Auto-generated from advisory USN-760-1 cupsys Authors: Thomas Rein...

CVE-2009-0792

Multiple integer overflows in icc.c in the International Color Consortium ICC Format library aka icclib, as used in Ghostscript 8.64 and earlier and Argyll Color Management System CMS 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service heap-based buffer overflow and...