Foxit Studio Photo CMP File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

WordPress CMP – Coming Soon & Maintenance plugin <= 3.8.1 - Unauthenticated Subscribers List Export vulnerability

Unauthenticated Subscribers List Export vulnerability discovered by NinTechNet in WordPress CMP – Coming Soon & Maintenance plugin versions = 3.8.1. Solution Update the WordPress CMP – Coming Soon & Maintenance plugin to the latest available version at least 3.8.2...

WordPress CMP – Coming Soon & Maintenance plugin <= 3.8.1 - Unauthenticated Plugin Deactivation vulnerability

Unauthenticated Plugin Deactivation vulnerability discovered by NinTechNet in WordPress CMP – Coming Soon & Maintenance plugin versions = 3.8.1. Solution Update the WordPress CMP – Coming Soon & Maintenance plugin to the latest available version at least 3.8.2...

WordPress CMP – Coming Soon & Maintenance plugin <= 3.8.1 - Arbitrary Post Read (draft, pending, private or even password-protected) vulnerability

Arbitrary Post Read draft, pending, private, or even password-protected vulnerability discovered by NinTechNet in WordPress CMP – Coming Soon & Maintenance plugin versions = 3.8.1. Solution Update the WordPress CMP – Coming Soon & Maintenance plugin to the latest available version at least 3.8.2...

CMP - Coming Soon & Maintenance < 3.8.2 - Improper Access Controls on AJAX Calls

Some of the AJAX calls from the plugin do not properly check for capabilities and CSRF tokens, leading to issues such as arbitrary post read, subscribers list export and plugin deactivation...

Linux/x86 Egghunter / Null-Free Shellcode (33 bytes)

/ Title: Linux/x86 - EggHunter + Null-Free Shellcode 33 Bytes Author: Shubham Singh Tested on: x86 GNU/Linux Shellcode Length: 33 Bytes Student ID: SLAE - 1342 Description: Null-Free Egg Hunter Shellcode - 33 Bytes file format elf32-i386 Disassembly of section .text: 08048060 : 8048060: eb 05 jmp...

CVE-2019-5099

An exploitable integer underflow vulnerability exists in the CMP-parsing functionality of LEADTOOLS 20. A specially crafted CMP image file can cause an integer underflow, potentially resulting in code execution. An attacker can specially craft a CMP image to trigger this vulnerability...

Integer overflow

An exploitable integer underflow vulnerability exists in the CMP-parsing functionality of LEADTOOLS 20. A specially crafted CMP image file can cause an integer underflow, potentially resulting in code execution. An attacker can specially craft a CMP image to trigger this vulnerability...

CVE-2019-5099

The CVE-2019-5099 issue affects LEADTOOLS 20, specifically the CMP-parsing code. A vulnerability in the CMP data handling can underflow the parsed size when the current data size field is set to 1, leading to a heap buffer overflow during a memmove and potentially enabling code execution. TALOS d...

CVE-2019-5099

An exploitable integer underflow vulnerability exists in the CMP-parsing functionality of LEADTOOLS 20. A specially crafted CMP image file can cause an integer underflow, potentially resulting in code execution. An attacker can specially craft a CMP image to trigger this vulnerability...

Vulnerability Spotlight: Code execution vulnerabilities in LEADTOOLS

Marcin Towalski and Cory Duplantis of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered multiple vulnerabilities in the LEADTOOLS line of imaging toolkits. LEADTOOLS is a collection of toolkits designed to perform a variety of functions aimed at...

LEADTOOLS CMP-parsing code execution vulnerability

Summary An exploitable integer underflow vulnerability exists in the CMP-parsing functionality of LEADTOOLS 20. A specially crafted CMP image file can cause an integer underflow, potentially resulting in code execution. An attacker can specially craft a CMP image to trigger this vulnerability...

CVE-2019-9012

An issue was discovered in 3S-Smart CODESYS V3 products. A crafted communication request may cause uncontrolled memory allocations in the affected CODESYS products and may result in a denial-of-service condition. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.2...

Cisco IOS and IOS XE Software Cluster Management Protocol Denial of Service Vulnerability

According to its self-reported version, Cisco IOS XE Software is affected by A vulnerability in the Cluster Management Protocol CMP processing code in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to trigger a denial of service DoS condition on an...

CVE-2019-1746 Cisco IOS and IOS XE Software Cluster Management Protocol Denial of Service Vulnerability

A vulnerability in the Cluster Management Protocol CMP processing code in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to trigger a denial of service DoS condition on an affected device. The vulnerability is due to insufficient input validation wh...

CVE-2018-0475 Cisco IOS and IOS XE Software Cluster Management Protocol Denial of Service Vulnerability

A vulnerability in the implementation of the cluster feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to trigger a denial of service DoS condition on an affected device. The vulnerability is due to improper input validation when handling...

Cisco IOS and IOS XE Software Cluster Management Protocol Denial of Service Vulnerability

A vulnerability in the implementation of the cluster feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to trigger a denial of service DoS condition on an affected device. The vulnerability is due to improper input validation when handling...

harfbuzz/hb-subset-get-codepoints-fuzzer: Heap-buffer-overflow in OT::TableRecord::cmp

Project: https://github.com/harfbuzz/harfbuzz.git Detailed report: https://oss-fuzz.com/testcase?key=5630904853069824 Project: harfbuzz Fuzzer: libFuzzerharfbuzzhb-subset-get-codepoints-fuzzer Fuzz target binary: hb-subset-get-codepoints-fuzzer Job Type: libfuzzerasanharfbuzz Platform Id: linux...

Linux/x86 - echo "Hello World" + Random Bytewise XOR + Insertion Encoder Shellcode (54 bytes)

Linux/x86 - echo "Hello World" + Random Bytewise XOR + Insertion Encoder Shellcode 54 bytes. Shellcode exploit for Linuxx86 platform / Title: Linux/x86 - Random Bytewise XOR + Insertion Encoder Shellcode 54 bytes Date: 2018-09-13 Author: Ray Doyle @doylersec Homepage: https://www.doyler.net Teste...

CVE-2018-11051 RSA Certificate Manager Path Traversal Vulnerability

RSA Certificate Manager Versions 6.9 build 560 through 6.9 build 564 contain a path traversal vulnerability in the RSA CMP Enroll Server and the RSA REST Enroll Server. A remote unauthenticated attacker could potentially exploit this vulnerability by manipulating input parameters of the applicati...