CVE-2020-25665

The PALM image coder at coders/palm.c makes an improper call to AcquireQuantumMemory in routine WritePALMImage because it needs to be offset by 256. This can cause a out-of-bounds read later on in the routine. The patch adds 256 to bytesperrow in the call to AcquireQuantumMemory. This could cause...

CVE-2020-25665

The PALM image coder at coders/palm.c makes an improper call to AcquireQuantumMemory in routine WritePALMImage because it needs to be offset by 256. This can cause a out-of-bounds read later on in the routine. The patch adds 256 to bytesperrow in the call to AcquireQuantumMemory. This could cause...

CVE-2020-25666

There are 4 places in HistogramCompare in MagickCore/histogram.c where an integer overflow is possible during simple math calculations. This occurs in the rgb values and count value for a color. The patch uses casts to ssizet type for these calculations, instead of int. This flaw could impact...

Out-of-bounds

The PALM image coder at coders/palm.c makes an improper call to AcquireQuantumMemory in routine WritePALMImage because it needs to be offset by 256. This can cause a out-of-bounds read later on in the routine. The patch adds 256 to bytesperrow in the call to AcquireQuantumMemory. This could cause...

UBUNTU-CVE-2020-25665

The PALM image coder at coders/palm.c makes an improper call to AcquireQuantumMemory in routine WritePALMImage because it needs to be offset by 256. This can cause a out-of-bounds read later on in the routine. The patch adds 256 to bytesperrow in the call to AcquireQuantumMemory. This could cause...

December 8, 2020—KB4593226 (OS Build 14393.4104) - EXPIRED

December 8, 2020—KB4593226 OS Build 14393.4104 - EXPIRED NEW 8/5/21 EXPIRATION NOTICEIMPORTANT As of 8/5/2021, this KB is no longer available from Windows Update, the Microsoft Update Catalog, or other release channels. We recommend that you update your devices to the latest security quality...

CVE-2020-25666

CVE-2020-25666 is a vulnerability in ImageMagick where four instances in HistogramCompare() (MagickCore/histogram.c) allow integer overflow during simple math calculations on RGB values and the color count. The patch switches calculations from int to ssize_t, addressing the overflow. Affected pro...

CVE-2020-25666

There are 4 places in HistogramCompare in MagickCore/histogram.c where an integer overflow is possible during simple math calculations. This occurs in the rgb values and count value for a color. The patch uses casts to ssizet type for these calculations, instead of int. This flaw could impact...

CVE-2020-25665

The PALM image coder at coders/palm.c makes an improper call to AcquireQuantumMemory in routine WritePALMImage because it needs to be offset by 256. This can cause a out-of-bounds read later on in the routine. The patch adds 256 to bytesperrow in the call to AcquireQuantumMemory. This could cause...

CVE-2020-25666

There are 4 places in HistogramCompare in MagickCore/histogram.c where an integer overflow is possible during simple math calculations. This occurs in the rgb values and count value for a color. The patch uses casts to ssizet type for these calculations, instead of int. This flaw could impact...

CVE-2020-25665

CVE-2020-25665 affects ImageMagick’s PALM image coder (coders/palm.c). The vulnerability arises from an improper call to AcquireQuantumMemory() in WritePALMImage() that should offset by 256; this can lead to an out-of-bounds read later in the routine. The fix patches the call by adding 256 to byt...

Reverse Engineering Tools: Evaluating the True Cost

When sourcing software for business needs, what criteria should you follow? Price typically tops the list. And sure, free software, like the Linux OS, delivers cost savings, stability, flexibility and ongoing development. No argument there. But when it comes to decompilers, which are used for...

Apache NiFi API Remote Code Execution Exploit

This Metasploit module uses the NiFi API to create an ExecuteProcess processor that will execute OS commands. The API must be unsecured or credentials provided and the ExecuteProcess processor must be available. An ExecuteProcessor processor is created then is configured with the payload and...

CVE-2020-25666

There are 4 places in HistogramCompare in MagickCore/histogram.c where an integer overflow is possible during simple math calculations. This occurs in the rgb values and count value for a color. The patch uses casts to ssizet type for these calculations, instead of int. This flaw could impact...

Oracle WebLogic Server Administration Console Handle Remote Code Execution Exploit

This Metasploit module exploits a path traversal and a Java class instantiation in the handle implementation of WebLogic's Administration Console to execute code as the WebLogic user. Versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0 are known to be affected. Tested against...

November 19, 2020—KB4594441 (OS Build 14393.4048) Out-of-band

November 19, 2020—KB4594441 OS Build 14393.4048 Out-of-band UPDATED 11/19/20 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. To view other notes and messages, see the Windows 10, version 1607 update history...

Microsoft SharePoint SSI / ViewState Remote Code Execution Exploit

This Metasploit module exploits a server-side include SSI in SharePoint to leak the web.config file and forge a malicious ViewState with the extracted validation key. This exploit is authenticated and requires a user with page creation privileges, which is a standard permission in SharePoint. The...

Servicing stack update for Windows 10, version 1809: October 13, 2020

Servicing stack update for Windows 10, version 1809: October 13, 2020 Applies to Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows Server 2019 Windows Server 2019 Server Core installation Summary This...

VyOS Configuration Importer

This module imports a VyOS device configuration. Module Options msf use auxiliary/admin/networking/vyosconfig msf auxiliaryvyosconfig show actions ...actions... msf auxiliaryvyosconfig set ACTION msf auxiliaryvyosconfig show options ...show and set options... msf auxiliaryvyosconfig run This modu...

Jenkins 2.56 CLI Deserialization / Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Jenkins CLI Deserialization', 'Description' = %q An unauthenticated Java object deserialization vulnerability exists in the CLI component for...