Mozilla: Out of bounds read while decoding JPG images (MFSA-2014-37)

Heap-based buffer overflow in the readu32 function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted JPEG image...

USN-2185-1 firefox vulnerabilities

Bobby Holley, Carsten Book, Christoph Diehl, Gary Kwong, Jan de Mooij, Jesse Ruderman, Nathan Froyd, John Schoenick, Karl Tomlinson, Vladimir Vukicevic and Christian Holler discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an...

Out of bounds read while decoding JPG images — Mozilla

Security researcher Abhishek Arya Inferno of the Google Chrome Security Team used the Address Sanitizer tool to discover a fixed offset out of bounds read issue while decoding specifically formatted JPG format images. This causes a non-exploitable crash...

OpenJDK: XXE issue in decoder (Beans, 8023245)

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote authenticated users to affect confidentiality and availability via unknown vectors related to Beans. NOTE: the previous information is from the Janua...

PhpBB viewtopic.php URL Decoding Code Execution - Ver2 (CVE-2004-1315)

A code execution vulnerability has been reported in phpBB. The vulnerability is due to lack of input validation on the highlight parameter supplied to viewtopic. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause...

Updated tigervnc packages fix CVE-2014-0011

Updated tigervnc packages fix security vulnerability: A heap-based buffer overflow was found in the way vncviewer rendered certain screen images from a vnc server. If a user could be tricked into connecting to a malicious vnc server, it may cause the vncviewer to crash, or could possibly execute...

UBUNTU-CVE-2014-1725

The base64DecodeInternal function in wtf/text/Base64.cpp in Blink, as used in Google Chrome before 34.0.1847.116, does not properly handle string data composed exclusively of whitespace characters, which allows remote attackers to cause a denial of service out-of-bounds read via a window.atob...

CVE-2014-1725

Removed by vendor...

Fedora 19 : tigervnc-1.3.0-10.fc19 (2014-4180)

This update fixes CVE-2014-0011, a ZRLE decoding heap-based buffer overflow in vncviewer. This update contains some small fixes for issues that could cause the server or the viewer to crash, and includes a change that makes vncserver create clearer xstartup files. Note that Tenable Network Securi...

SeaMonkey Multiple Vulnerabilities-01 (Mar 2014) - Mac OS X

SeaMonkey is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:seamonkey"; ifdescription...

[Peepdf] PDF Analysis and Creation/Modification Tool

peepdf is a Python tool to explore PDF files in order to find out if the file can be harmful or not. The aim of this tool is to provide all the necessary components that a security researcher could need in a PDF analysis without using 3 or 4 tools to make all the tasks. With peepdf it's possible ...

Ubuntu 12.04 LTS / 12.10 / 13.10 : thunderbird vulnerabilities (USN-2151-1)

Benoit Jacob, Olli Pettay, Jan Varga, Jan de Mooij, Jesse Ruderman, Dan Gohman and Christoph Diehl discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause...

Mozilla: Out of bounds read during WAV file decoding (MFSA 2014-17)

The mozilla::WaveReader::DecodeAudioData function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process heap memory, cause a denial of service out-of-bounds read and...

Out of bounds read during WAV file decoding — Mozilla

Security researcher Atte Kettunen from OUSPG reported an out of bounds read during the decoding of WAV format audio files for playback. This could allow web content access to heap data as well as causing a crash...

Discuz attachment download permission bypass method-vulnerability warning-the black bar safety net

Ultra vires download contain a“Read permissions”plug-in, download plug-in free snap coin To reproduce the steps of: 1, Using the administrator account, Upload a high reading permissions of the attachment 2, The use of low-privileged user account, download the attachment, this time, Discuz will...

phpBB viewtopic.php URL Decoding Code Execution - ver 2 (CVE-2004-1315)

A code injection and execution vulnerability has been reported in phpBB. The vulnerability is due to lack of input validation on the highlight parameter supplied to viewtopic.php. A remote attacker can exploit this issue by injecting malicious SQL code to the target server. Successful exploitatio...

(gif2tiff): GIF LZW decoder missing datasize value check

Multiple buffer overflows in libtiff before 4.0.3 allow remote attackers to cause a denial of service out-of-bounds write via a crafted 1 extension block in a GIF image or 2 GIF raster image to tools/gif2tiff.c or 3 a long filename for a TIFF image to tools/rgb2ycbcr.c. NOTE: vectors 1 and 3 are...

libpng拒绝服务漏洞

Bugtraq ID:65776 CVE ID:CVE-2014-0333 libpng是一款多种应用程序所使用的解析PNG图形格式的函数库。 libpng16中的渐进式解码器在处理零长度IDAT块时存在安全漏洞，允许攻击者利用漏洞构建恶意文件，诱使用户解析，可使应用程序挂起。 0 libpng 1.6.0 -1.6.9 厂商补丁： libpng ----- 用户可参考如下厂商提供的安全补丁以修复该漏洞： https://sourceforge.net/projects/libpng/files/libpng16/patch-libpng16-vu684412.diff...

EasyTalk Sql Injection 1-5

简要描述： 过滤不严。 详细说明： 注入1： 在topicaction.class.php中 public function topic $keyword=$this-get'keyword','urldecode';//无过滤 且解码 if $keyword $topic = D'Topic'-where"topicname='$keyword'"-find; if $topic $isfollow=D'Mytopic'-isfollow$topic'id',$this-my'userid';...

DEBIAN-CVE-2014-0045

The needSamples method in AudioOutputSpeech.cpp in the client in Mumble 1.2.4 and the 1.2.3 pre-release snapshots, Mumble for iOS 1.1 through 1.2.2, and MumbleKit before commit fd190328a9b24d37382b269a5674b0c0c7a7e36d does not check the return value of the opusdecodefloat function, which allows...