DEBIAN-CVE-2013-0867

The decodesliceheader function in libavcodec/h264.c in FFmpeg before 1.1.2 does not properly check when the pixel format changes, which allows remote attackers to have unspecified impact via crafted H.264 video data, related to an out-of-bounds array access...

CVE-2013-0867

The decodesliceheader function in libavcodec/h264.c in FFmpeg before 1.1.2 does not properly check when the pixel format changes, which allows remote attackers to have unspecified impact via crafted H.264 video data, related to an out-of-bounds array access...

CVE-2013-0861

The avcodecdecodeaudio4 function in libavcodec/utils.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.1 allows remote attackers to trigger memory corruption via vectors related to the channel layout...

Heap overflow

The kempfdecodetile function in libavcodec/g2meet.c in FFmpeg before 2.0.1 allows remote attackers to cause a denial of service out-of-bounds heap write via a G2M4 encoded file...

Mozilla: Out-of-bounds array read in CERT_DecodeCertPackage (MFSA 2013-40)

The CERTDecodeCertPackage function in Mozilla Network Security Services NSS, as used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to cause a denial ...

GE Proficy CIMPLICITY CimWebServer Password Decode Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of GE Proficy CIMPLICITY. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CimWebServer component. This component performs insufficient bounds checking...

CURL-CVE-2013-2174 URL decode buffer boundary flaw

libcurl is vulnerable to a case of bad checking of the input data which may lead to heap corruption. The function curleasyunescape decodes URL encoded strings to raw binary data. URL encoded octets are represented with %HH combinations where HH is a two-digit hexadecimal number. The decoded strin...

Cuppa CMS - alertConfigField.php LocalRemote File Inclusion

Cuppa CMS - alertConfigField.php LocalRemote File Inclusion Exploit Title : Cuppa CMS File Inclusion Date : 4 June 2013 Exploit Author : CWH Underground Site : www.2600.in.th Vendor Homepage : http://www.cuppacms.com/ Software Link : http://jaist.dl.sourceforge.net/project/cuppacms/cuppacms.zip...

PT-2013-2618 · Mozilla +3 · Thunderbird Esr +8

Name of the Vulnerable Software and Affected Versions: Mozilla Firefox versions prior to 20.0 Firefox ESR 17.x versions prior to 17.0.5 Thunderbird versions prior to 17.0.5 Thunderbird ESR 17.x versions prior to 17.0.5 SeaMonkey versions prior to 2.17 Description: The issue allows remote attacker...

PhpcmsV9 arbitrary user password modification logic vulnerability-vulnerability warning-the black bar safety net

I actually sent the first vulnerability, see Tick: PhpcmsV9 SQL injection 2 0 1 3-year new year the first Mentioned pass code: parsestrsysauth$POST'data', 'DECODE', $this-applist$this-appid'authkey', $this-data; In phpssoserver/phpcms/modules/phpsso/classes/phpsso. class. php. I leave it up to yo...

rubygem-actionpack: DoS vulnerability in authenticate_or_request_with_http_digest

The decodecredentials method in actionpack/lib/actioncontroller/metal/httpauthentication.rb in Ruby on Rails 3.x before 3.0.16, 3.1.x before 3.1.7, and 3.2.x before 3.2.7 converts Digest Authentication strings to symbols, which allows remote attackers to cause a denial of service by leveraging...

CentOS Update for squirrelmail CESA-2013:0126 centos5

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Low: Red Hat Security Advisory: squirrelmail security and bug fix update

An updated squirrelmail package that fixes one security issue and several bugs is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

DIMIN Viewer 5.4.0 - GIF Decode Crash (PoC)

DIMIN Viewer 5.4.0 - GIF Decode Crash PoC PoC: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/23496.tar.gz CommandLine: "C:\Program Files\DIMIN\Viewer5\imgview5.exe" Symbol search path is: Invalid Symbol loading may be unreliable without a symbol search path. U...

DIMIN Viewer 5.4.0 - GIF Decode Crash (PoC)

PoC: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/23496.tar.gz CommandLine: "C:\Program Files\DIMIN\Viewer5\imgview5.exe" Symbol search path is: Invalid Symbol loading may be unreliable without a symbol search path. Use .symfix to have the debugger choose a...

MyBB AJAX Chat - Persistent Cross-Site Scripting

MyBB AJAX Chat - Persistent Cross-Site Scripting Title: MyBB AJAX Chat Persistent XSS Vulnerability Date: 12/12/2012 Exploit Author: Mr. P-teo Vendor Homepage: http://www.mybb.com/ Software Link: http://mods.mybb.com/view/ajax-chat Version: 1 Tested on: Windows The Persistent XSS vulnerability li...

rubygem-actionpack: DoS vulnerability in authenticate_or_request_with_http_digest

The decodecredentials method in actionpack/lib/actioncontroller/metal/httpauthentication.rb in Ruby on Rails 3.x before 3.0.16, 3.1.x before 3.1.7, and 3.2.x before 3.2.7 converts Digest Authentication strings to symbols, which allows remote attackers to cause a denial of service by leveraging...

PHPCMS V9 WAP module injection vulnerability-vulnerability warning-the black bar safety net

Used to urldecode a variable into the library before there is no effective filter, resulting in the injected generation. Detailed description: ! Vulnerability to prove: File location:/phpcms/modules/wap/index.php Vulnerability function: commentlist Unfiltered parameter:$GET'commentid' Trigger...

Mozilla: Heap memory corruption issues found using Address Sanitizer (MFSA 2012-86)

Heap-based buffer overflow in the nsWaveReader::DecodeAudioData function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors...

Mozilla: Heap memory corruption issues found using Address Sanitizer (MFSA 2012-86)

Heap-based buffer overflow in the nsWaveReader::DecodeAudioData function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors...