OpenJPEG Buffer Error Vulnerability

OpenJPEG is an open source C-based JPEG2000 codec. OpenJPEG suffers from a buffer error vulnerability that originates from the fact that an attacker can exploit the vulnerability can trigger a buffer overflow via opj tcd dc level shift encode to trigger a denial of service and potentially run cod...

new module: perl:5.30

An update is available for perl-Pod-Perldoc, perl-DBI, perl-Pod-Escapes, perl-Devel-PPPort, perl-Pod-Usage, perl-Sub-Exporter, perl-perlfaq, perl-Object-HashBase, perl-CPAN-Meta-YAML, perl-Digest, perl-podlators, perl-bignum, perl-Text-ParseWords, perl-Text-Template, perl-DBD-MySQL, perl-Text-Glo...

JWT-Hack - Tool To En/Decoding JWT, Generate Payload For JWT Attack And Very Fast Cracking(Dict/Brutefoce)

jwt-hack is tool for hacking / security testing to JWT. Supported for En/decoding JWT, Generate payload for JWT attack and very fast crackingdict/brutefoce Installation go-getdev version $ go get -u github.com/hahwul/jwt-hack homebrew $ brew tap hahwul/jwt-hack $ brew install jwt-hack snapcraft $...

Decoder++ - An Extensible Application For Penetration Testers And Software Developers To Decode/Encode Data Into Various Formats

An extensible application for penetration testers and software developers to decode/encode data into various formats. Setup Decoder++ can be either installed by using pip or by pulling the source from this repository: Install using pip pip3 install decoder-plus-plus Overview This section provides...

CLSA-2020-1605798462 Fix of 227 CVE

Fix bug 69720: Null pointer dereference in phargetfpoffset - Fix bug 70728: Type Confusion Vulnerability in PHPtoXMLRPCworker - Fix bug 70661: Use After Free Vulnerability in WDDX Packet Deserialization - Fix bug 70741: Session WDDX Packet Deserialization Type Confusion Vulnerability - Fix bug...

EulerOS Virtualization for ARM 64 3.0.6.0 : perl-Encode (EulerOS-SA-2020-2046)

According to the version of the perl-Encode packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - It was found that perl can load modules from the current directory if not found in the module directories, via the...

Huawei EulerOS: Security Advisory for perl-Encode (EulerOS-SA-2020-2046)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-25540

ThinkAdmin v6 is affected by a directory traversal vulnerability. An unauthorized attacker can read arbitrarily file on a remote server via GET request encode parameter...

Directory traversal

ThinkAdmin v6 is affected by a directory traversal vulnerability. An unauthorized attacker can read arbitrarily file on a remote server via GET request encode parameter...

CVE-2020-25540

ThinkAdmin v6 is affected by a directory traversal vulnerability. An unauthorized attacker can read arbitrarily file on a remote server via GET request encode parameter...

PT-2020-16108 · Thinkadmin · Thinkadmin

Name of the Vulnerable Software and Affected Versions: ThinkAdmin version 6 Description: The issue allows an unauthorized attacker to read arbitrary files on a remote server via a GET request by manipulating the encode parameter. Recommendations: For ThinkAdmin version 6, update to a version that...

GHSA-V2JQ-9475-R5G8 Cross-Site Scripting in bootstrap-tagsinput

All versions of bootstrap-tagsinput are vulnerable to cross-site scripting when user input is passed into the itemTitle parameter unmodified, as the package fails to properly sanitize or encode user input for that parameter. Recommendation This package is not actively maintained, and has not seen...

Flask-Session-Cookie-Manager - Flask Session Cookie Decoder/Encoder

Flask Session Cookie Decoder/Encoder Depencencies Python 2 or Python 3 itsdangerous Flask Installation BlackArch Linux pacman -S flask-session-cookie-manager3,2 Git ArchLinux Both python3 etn python2: $ git clone https://github.com/noraj/flask-session-cookie-manager.git && cd...

OSV-2020-1570 Heap-buffer-overflow in x265::PicYuv::copyFromPicture

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24590 Crash type: Heap-buffer-overflow READ Crash state: x265::PicYuv::copyFromPicture x265::Encoder::encode x265encoderencode...

libheif:encoder-fuzzer: Heap-buffer-overflow in x265::PicYuv::copyFromPicture

Project: https://github.com/strukturag/libheif.git Detailed Report: https://oss-fuzz.com/testcase?key=5148929759641600 Project: libheif Fuzzing Engine: libFuzzer Fuzz Target: encoder-fuzzer Job Type: libfuzzerasanlibheif Platform Id: linux Crash Type: Heap-buffer-overflow READ Crash Address:...

Encode OSS Uvicorn Injection Vulnerability

Encode OSS Uvicorn is a British Encode OSS company based on uvloop and httptools build ASGI Web Server Gateway Interface server. An injection vulnerability exists in Encode OSS Uvicorn versions prior to 0.11.7, which stems from the program's failure to escape CRLF sequences in HTTP headers, and c...

GNU LibreDWG Heap Buffer Overflow Vulnerability

GNU LibreDWG is a GNU Project C library for working with DWG files. A security vulnerability exists in the dwgencodeentity of the commonentitydata.spec file in GNU LibreDWG version 0.9.3 and earlier. The vulnerability stems from a networked system or product performing operations in memory withou...

Windows Gather Xshell and Xftp Passwords

This module can decrypt the password of xshell and xftp, if the user chooses to remember the password. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows Gather Xshell and Xftp Passwords',...

ffjpeg buffer overflow vulnerability (CNVD-2020-31580)

ffjpeg is a JPEG encoder/decoder. A security vulnerability exists in the jfifencode of the jfif.c file in ffjpeg version 2020-02-24 and earlier. An attacker can exploit this vulnerability to cause a denial of service...

CVE-2020-13438

ffjpeg through 2020-02-24 has an invalid read in jfifencode in jfif.c...