EUVD-2007-0872

Malware in sbrugna...

EUVD-2025-21390

Malicious code in bioql PyPI...

DragonFly has weak integrity checks for downloaded files

The DragonFly2 uses a variety of hash functions, including the MD5 hash. This algorithm does not provide collision resistance; it is secure only against preimage attacks. While these security guarantees may be enough for the DragonFly2 system, it is not completely clear if there are any scenarios...

CVE-2025-53101

CVE-2025-53101 afects ImageMagick, specifically the mogrify/filename processing path. In vulnerable releases (prior to 7.1.2-0 and 6.9.13-26), providing multiple consecutive “%d” format specifiers in a filename template triggers incorrect offset handling in InterpretImageFilename(), causing an ou...

Powerglot - Encodes Offensive Powershell Scripts Using Polyglots

Powerglot encodes several kind of scripts using polyglots, for example, offensive powershell scripts. It is not needed a loader to run the payload. In red-team exercises or offensive tasks, masking of payloads is usually done by using steganography, especially to avoid network level protections,...

Fawkes: Digital Image Cloaking

Fawkes is a system for manipulating digital images so that they aren't recognized by facial recognition systems. At a high level, Fawkes takes your personal images, and makes tiny, pixel-level changes to them that are invisible to the human eye, in a process we call image cloaking. You can then u...

Sherloq - An Open-Source Digital Image Forensic Toolset

An open source image forensic toolset Introduction "Forensic ImageAnalysis is the application of image science and domain expertise to interpret the content of an image and/or the image itself in legal matters. Major subdisciplines of Forensic Image Analysis with law enforcement applications...

Let's Get Visual: Best Practices for Digital Image Management

"Offering rich, interactive images has emerged as a critical component to any website or web app visitor engagement strategy -- and with good reason," wrote Parag Pathak, our Senior Product Marketing Manager, in his recent published article - Let's get visual: best practices for digital image...

Ghiro 0.2 - Automated Digital Image Forensics Tool

Sometime forensic investigators need to process digital images as evidence. There are some tools around, otherwise it is difficult to deal with forensic analysis with lot of images involved. Images contain tons of information, Ghiro extracts these information from provided images and display them...

Zoph 0.9.1 Cross Site Scripting / SQL Injection

============================================= MGC ALERT 2014-005 - Original release date: March 5, 2014 - Last revised: November 18, 2014 - Discovered by: Manuel Garcia Cardenas - Severity: 10/10 CVSS Base Score ============================================= I. VULNERABILITY...

Fedora Update for libwebp FEDORA-2013-1494

Check for the Version of libwebp OpenVAS Vulnerability Test Fedora Update for libwebp FEDORA-2013-1494 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

mspicturepusher-activex.txt

'PicturePusherControl.PostURL = "http://127.0.0.1/?aaaa=1" PicturePusherControl.PostURL = "http://192.168.1.1/?aaaa=1" PicturePusherCont...

Microsoft PicturePusher 'PipPPush.dll' ActiveX控件任意文件下载漏洞

BUGTRAQ ID: 31632 CNCAN ID：CNCAN-2008100909 Microsoft Digital Image是一款图像管理处理工具。 其包含的PicturePusher 'PipPPush.dll' ActiveX控件存在设计问题，远程攻击者可以利用漏洞从任意位置下载文件到受影响的电脑。 控件允许构建定制的POST请求实现上传功能，使用浏览器作为代理可以回弹，并通过AddString方法注入文件名子字段。类似的POST请求如下： POST /?aaaa=1 HTTP/1.1 Content-Type: multipart/form-data;...

Microsoft GDI+ WMF Image File Buffer Overflow Vulnerability

Description Microsoft GDI+ is prone to a buffer-overflow vulnerability because the vector graphics linked library improperly allocates memory when parsing WMF image files. Successfully exploiting this issue would allow an attacker to corrupt memory and execute arbitrary code in the context of the...

Microsoft GDI+ GIF File Parsing Remote Code Execution Vulnerability

Description Microsoft GDI+ is prone to a remote code-execution vulnerability because the vector graphics link library improperly parses GIF image files. An attacker could exploit this issue to execute arbitrary code with the privileges of the currently logged-in user. Failed exploit attempts may...

Microsoft GDI+ VML Heap-Based Buffer Overflow Vulnerability

Description Microsoft GDI+ is prone to a heap-based buffer-overflow vulnerability because the vector graphics link library improperly processes gradient sizes. Successfully exploiting this issue would allow an attacker to corrupt heap memory and execute arbitrary code in the context of the...

CVE-2007-0876

CVE-2007-0876 describes a cross-site scripting (XSS) vulnerability in Quick Digital Image Gallery (Qdig) 1.2.9.3 and devel-20060624. The issue allows remote attackers to inject arbitrary web script or HTML via the Qwd parameter to the top-level URI. Affected software is Qdig; the root cause is XS...