MAZ Loader < 1.4.1 - Arbitrary Loader Deletion via CSRF

The plugin does not enforce nonce checks, which allows attackers to make administrators delete arbitrary loaders via a CSRF attack The vendor has been notified on August 24th, 2021, as well as escalated to the WP plugins team 3 times, no fix was made despite two new versions being released...

CVE-2021-42716

An issue was discovered in stb stbimage.h 2.27. The PNM loader incorrectly interpreted 16-bit PGM files as 8-bit when converting to RGBA, leading to a buffer overflow when later reinterpreting the result as a 16-bit buffer. An attacker could potentially have crashed a service using stbimage, or...

CVE-2021-42716

An issue was discovered in stb stbimage.h 2.27. The PNM loader incorrectly interpreted 16-bit PGM files as 8-bit when converting to RGBA, leading to a buffer overflow when later reinterpreting the result as a 16-bit buffer. An attacker could potentially have crashed a service using stbimage, or...

Code injection

An issue was discovered in stb stbimage.h 1.33 through 2.27. The HDR loader parsed truncated end-of-file RLE scanlines as an infinite sequence of zero-length runs. An attacker could potentially have caused denial of service in applications using stbimage by submitting crafted HDR files...

Buffer overflow

An issue was discovered in stb stbimage.h 2.27. The PNM loader incorrectly interpreted 16-bit PGM files as 8-bit when converting to RGBA, leading to a buffer overflow when later reinterpreting the result as a 16-bit buffer. An attacker could potentially have crashed a service using stbimage, or...

UBUNTU-CVE-2021-42716

An issue was discovered in stb stbimage.h 2.27. The PNM loader incorrectly interpreted 16-bit PGM files as 8-bit when converting to RGBA, leading to a buffer overflow when later reinterpreting the result as a 16-bit buffer. An attacker could potentially have crashed a service using stbimage, or...

CVE-2021-42716

An issue was discovered in stb stbimage.h 2.27. The PNM loader incorrectly interpreted 16-bit PGM files as 8-bit when converting to RGBA, leading to a buffer overflow when later reinterpreting the result as a 16-bit buffer. An attacker could potentially have crashed a service using stbimage, or...

CVE-2021-42716

CVE-2021-42716 affects stb_image.h 2.27: the PNM loader misinterprets 16‑bit PGM data as 8‑bit when converting to RGBA, causing a buffer overflow when reinterpreted as 16‑bit. Impact documented as potential service crash and exposure of up to ~1024 bytes of non‑consecutive heap data. Connected ad...

CVE-2021-42716

An issue was discovered in stb stbimage.h 2.27. The PNM loader incorrectly interpreted 16-bit PGM files as 8-bit when converting to RGBA, leading to a buffer overflow when later reinterpreting the result as a 16-bit buffer. An attacker could potentially have crashed a service using stbimage, or...

CVE-2021-42715

An issue was discovered in stb stbimage.h 1.33 through 2.27. The HDR loader parsed truncated end-of-file RLE scanlines as an infinite sequence of zero-length runs. An attacker could potentially have caused denial of service in applications using stbimage by submitting crafted HDR files...

CVE-2021-42715

The CVE-2021-42715 issue concerns the HDR loader in the libstb component (stb_image.h) versions 1.33 through 2.27, where truncated end-of-file RLE scanlines are parsed as an infinite sequence of zero-length runs. This can allow a crafted HDR file to cause denial of service in applications using s...

stb 安全漏洞

stb is a single-file public domain library for C/C. stbimage.h is one of the image loaders. stb stbimage.h is vulnerable, and an attacker could use stbimage to crash the service or read up to 1024 bytes of non-contiguous heap data without controlling where it is read...

CVE-2021-42715

An issue was discovered in stb stbimage.h 1.33 through 2.27. The HDR loader parsed truncated end-of-file RLE scanlines as an infinite sequence of zero-length runs. An attacker could potentially have caused denial of service in applications using stbimage by submitting crafted HDR files...

q-logger skimmer keeps Magecart attacks going

This blog post was authored by Jérôme Segura Although global e-commerce is continuing to grow rapidly, it seems as though Magecart attacks via digital skimmers have not followed the same trend. This is certainly true if we only look at recent newsworthy attacks; indeed when a victim is a large...

TA505 Gang Is Back With Newly Polished FlawedGrace RAT

The TA505 cybercrime group is whirring its financial rip-off machinery back up, pelting malware at a range of industries in what was initially low-volume waves that researchers saw spiral up late last month. They do bad things, but they’re so tricky that tracking them is a ton of fun, said Sherro...

Vulnerability fixed in OTRS

A vulnerability has been fixed in OTRS. A malicious person at remote user could potentially exploit the vulnerability to cause a Denial-of-Service. OTRS uses the deprecated npm module "resolve-url-loader" which is depends on the module "postcs" and is vulnerable to the ReDoS attack. OTRS has...

Inceptor - Template-Driven AV/EDR Evasion Framework

Modern Penetration testing and Red Teaming often requires to bypass common AV/EDR appliances in order to execute code on a target. With time, defenses are becoming more complex and inherently more difficult to bypass consistently. Inceptor is a tool which can help to automate great part of this...

CrossC2-1

It is an offensive tool for macOS. The repository contains a CrossC2 framework fork, version 2.0, created by gloxec. The tool includes various modules for tasks such as file management, password gathering, keylogging, browser data dumping, and more. The framework uses a loader script that include...

SAS 2021: Learning to ChaCha with APT41

Straight from the sunny UK to the stage of SAS-at-Home 2021, John Southworth PwC will be giving some insights about the threat actor APT41, also known as Red Kelpie and Winnti. Starting with APT10 Red Apollo, the presentation will dance you through the malware used by APT41 – the Motnug loader an...

WordPress MAZ Loader plugin <= 1.3.2 - SQL Injection (SQLi) vulnerabilities

SQL Injection SQLi vulnerabilities discovered by apple502j in WordPress MAZ Loader plugin versions = 1.3.2. Solution Update the WordPress MAZ Loader plugin to the latest available version at least 1.3.3...