CVE-2016-5239

It was discovered that ImageMagick did not properly sanitize certain input before passing it to the gnuplot delegate functionality. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick...

Updated imagemagick/ruby-rmagic packages fix security vulnerability

It was discovered that ImageMagick did not properly sanitize certain input before passing it to the delegate functionality. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities,...

Ubiquiti Inc.: Read-Only user can execute arbitraty shell commands on AirOS

This vulnerability is very similar to 128750, but it avoid the solution applied to the last beta XM firmware. In this report is used the last beta XM firmware: XM.v6.0-beta9 Vulnerability The vulnerability resides in the function fetchCookies file remote.inc:117. Just like last time is a non...

Amazon Linux AMI : ImageMagick (ALAS-2016-699) (ImageTragick)

It was discovered that ImageMagick did not properly sanitize certain input before passing it to the delegate functionality. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities,...

Important: ImageMagick

Issue Overview: It was discovered that ImageMagick did not properly sanitize certain input before passing it to the delegate functionality. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagi...

RHEL 6 / 7 : ImageMagick (RHSA-2016:0726) (ImageTragick)

An update for ImageMagick is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

CentOS 6 / 7 : ImageMagick (CESA-2016:0726) (ImageTragick)

An update for ImageMagick is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Scientific Linux Security Update : ImageMagick on SL6.x, SL7.x i386/x86_64 (20160509) (ImageTragick)

Security Fixes : - It was discovered that ImageMagick did not properly sanitize certain input before passing it to the delegate functionality. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the...

RedHat Update for ImageMagick RHSA-2016:0726-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CentOS Update for ImageMagick CESA-2016:0726 centos7

Check the version of ImageMagick SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882484";...

ImageMagick: Insufficient shell characters filtering

It was discovered that ImageMagick did not properly sanitize certain input before passing it to the delegate functionality. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities,...

Zabbix SIA Zabbix Agent Remote Command Execution Vulnerability

Zabbix SIA Zabbix is an open source monitoring system.Zabbix Agent is an agent product for monitoring local resources and applications. Zabbix SIA A security vulnerability in Zabbix Agent's handling of the 'mysql.size' user parameter allows remote attackers to exploit the vulnerability to execute...

Debian DLA-455-1 : asterisk security update

CVE-2014-6610 Asterisk Open Source 11.x before 11.12.1 and 12.x before 12.5.1 and Certified Asterisk 11.6 before 11.6-cert6, when using the resfaxspandsp module, allows remote authenticated users to cause a denial of service crash via an out of call message, which is not properly handled in the...

CVE-2016-3714

It was discovered that ImageMagick did not properly sanitize certain input before passing it to the delegate functionality. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities,...

Debian Security Advisory DSA 3547-1 (imagemagick - security update)

Several vulnerabilities were discovered in Imagemagick, a program suite for image manipulation. This update fixes a large number of potential security problems such as null-pointer access and buffer-overflows that might lead to memory leaks or denial of service. None of these security problems ha...

Ubiquiti Inc.: Read-Only user can execute arbitraty shell commands on AirOS

This issue is similar to 119317, but happen on the server side data actionRemote. The function "parseHeaders" in remote.inc:38 don't sanitize the input received from the other server other side of the speed test. If the attacker started an speed test against a controlled server attacker itself an...

[slackware-security] mailx

New mailx packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: patches/packages/mailx-12.5-i486-2slack14.1.txz: Rebuilt. Drop SSLv2 support no longer supported by OpenSSL, and fix security...

Ubiquiti Inc.: Read-Only user can execute arbitraty shell commands on AirOS

On the last version of AirOS including the 8.0 beta is possible to a read-only user to inject shell commands. Is possible to exploit the vulnerability using the following URL adjusting the airosid value to a valid session:...

PHP File Manager 'phpfm.php' Authentication Bypass Vulnerability

PHP File Manager is a suite of applications for managing web sites using PHP scripts. An authentication bypass vulnerability exists in PHP File Manager. An attacker can exploit this vulnerability to obtain a valid session and execute shell commands using restricted functionality...

PHP File Manager 0.9.8 Authentication Bypass / Code Execution

PHP File Manager 0.9.8 http://phpfm.sourceforge.net/ is vulnerable to authentication bypass due to insecure implementation of register globals emulation. An attacker is able to override the blockKeys array and thus build a valid session and access all the protected functionality including executi...