CVE-2014-4616

Array index error in the scanstring function in the json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a negative index value in the idx argument to the rawdecode function...

easytalk一处盲注

简要描述： easytalk一处盲注 详细说明： 问题出在mailactivity函数，其过滤daddslashes在base64decode之前，但是后面没有输出，不过没关系，我们可以盲注 public function mailactivity parent::tologin; $authmsg=daddslashes$GET'auth'; $authmsg=base64decode$authmsg; //这里反了…… $tem=explode":",$authmsg; $sendid=$tem0; $user=M'Users'; $row =...

Cmseasy某处存在存储型XSS及代码分析（1）

简要描述： 最新版cmseasy存在存储型xss 版本：CmsEasy5.5UTF-820140415 详细说明： 在bbs下的所有POST提交，都会经过bbspublic.php文件里的removexss函数过滤。如下： 可以看到所有POST数据会到dxss函数里 跟进dxss，可以看到数据又来到了removexss里 继续跟进removexss，从图中的1中可以看到removexss首先过滤了一些特殊符号，接着看图中2处，用循环做了一个html实体解码，接着在图中3处用了htmlentitydecode再次进行了一次解码，然后用if判断判断如果还有html编码就exit。...

CVE-2014-1497

The mozilla::WaveReader::DecodeAudioData function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process heap memory, cause a denial of service out-of-bounds read and...

Mozilla: Out of bounds read during WAV file decoding (MFSA 2014-17)

The mozilla::WaveReader::DecodeAudioData function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process heap memory, cause a denial of service out-of-bounds read and...

PYSEC-2014-63

1 cbdecode.py and 2 linkintegrity.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote authenticated users to cause a denial of service resource consumption via a large zip archive, which is expanded decompressed...

DedeCMS latest through the kill injection(buy_action.php)vulnerability analysis-vulnerability warning-the black bar safety net

0x00 Preface Two days ago, dark clouds white hat submitted two DedeCMS through killing injection vulnerabilities, much noise uproar, 2, No. 5, weaving dreams official release of the patch, so you download the latest code back to do a comparison, here is a simple analysis under the one injection...

UBUNTU-CVE-2014-0045

The needSamples method in AudioOutputSpeech.cpp in the client in Mumble 1.2.4 and the 1.2.3 pre-release snapshots, Mumble for iOS 1.1 through 1.2.2, and MumbleKit before commit fd190328a9b24d37382b269a5674b0c0c7a7e36d does not check the return value of the opusdecodefloat function, which allows...

UBUNTU-CVE-2012-6616

The movtextdecodeframe function in libavcodec/movtextdec.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service out-of-bounds read and crash via crafted 3GPP TS 26.245 data...

Fedora Update for dcraw FEDORA-2013-22929

Check for the Version of dcraw OpenVAS Vulnerability Test Fedora Update for dcraw FEDORA-2013-22929 Authors: System Generated Check Copyright: Copyright C 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms...

[SECURITY] Fedora 18 Update: dcraw-9.19-4.fc18

This package contains dcraw, a command line tool to decode raw image data downloaded from digital cameras...

DEBIAN-CVE-2013-7015

The flashsvdecodeframe function in libavcodec/flashsv.c in FFmpeg before 2.1 does not properly validate a certain height value, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via crafted Flash Screen Video data...

DEBIAN-CVE-2013-7009

The rpzadecodestream function in libavcodec/rpza.c in FFmpeg before 2.1 does not properly maintain a pointer to pixel data, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via crafted Apple RPZA data...

CVE-2011-3946

The ffh264decodesei function in libavcodec/h264sei.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Supplemental enhancement information SEI data, which triggers an infinite loop...

DEBIAN-CVE-2013-0844

Off-by-one error in the adpcmdecodeframe function in libavcodec/adpcm.c in FFmpeg before 1.0.4 allows remote attackers to have an unspecified impact via crafted DK4 data, which triggers an out-of-bounds array access...

DEBIAN-CVE-2013-0850

The decodesliceheader function in libavcodec/h264.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted H.264 data, which triggers an out-of-bounds array access...

DEBIAN-CVE-2013-0858

The atrac3decodeinit function in libavcodec/atrac3.c in FFmpeg before 1.0.4 allows remote attackers to have an unspecified impact via ATRAC3 data with the joint stereo coding mode set and fewer than two channels...

DEBIAN-CVE-2013-0849

The roqdecodeinit function in libavcodec/roqvideodec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a crafted 1 width or 2 height dimension that is not a multiple of sixteen in id RoQ video data...

DEBIAN-CVE-2013-0846

Array index error in the qdm2decodesuperblock function in libavcodec/qdm2.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted QDM2 data, which triggers an out-of-bounds array access...

CVE-2013-0848

The decodeinit function in libavcodec/huffyuv.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a crafted width in huffyuv data with the predictor set to median and the colorspace set to YUV422P, which triggers an out-of-bounds array access...