LuPng in Heap Buffer Overflow Vulnerability

LuPng is a PNG format decoder/encoder. A heap buffer overflow vulnerability exists in the 'insertByte' function of the miniz/lupng.c file in LuPng 2017-03-10 and earlier versions, which can be exploited by an attacker to execute arbitrary code or cause a denial of service...

Best Practices for Ultra-Low Latency Streaming Using Chunked-Encoded and Chunk-Transferred CMAF

Over the last 15 years, live streaming services have grown from novelties & experiments in to profitable businesses serving an ever-growing cohort of cord-cutters and cord-nevers. Initial streaming implementations mimicked the workflows of the broadcast world, using custom servers to deliver...

Linux/x86 - execve(/bin/sh) + MMX/ROT13/XOR Shellcode (Encoder/Decoder) (104 bytes)

Linux/x86 - execve/bin/sh + MMX/ROT13/XOR Shellcode Encoder/Decoder 104 bytes. Shellcode exploit for Linuxx86 platform Title: Linux/x86 - execve/bin/sh + MMX/ROT13/XOR Shellcode Encoder/Decoder 104 bytes Author: Kartik Durg Date: 201-10-04 Shellcode Length: 104 BYTES Student-ID: SLAE-1233 Write-u...

Linux/x86 - execve(/bin/sh) + MMX/ROT13/XOR Shellcode (Encoder/Decoder) (104 bytes)

Title: Linux/x86 - execve/bin/sh + MMX/ROT13/XOR Shellcode Encoder/Decoder 104 bytes Author: Kartik Durg Shellcode Length: 104 BYTES Student-ID: SLAE-1233 Write-up Link: https://iamroot.blog/2018/10/02/0x4-rot13xorencodermmxdecodershellcode-linux-x86/ Tested on: Ubuntu 16.0.4.1 i686...

imagemagick/encoder_png_fuzzer: Use-of-uninitialized-value in png_do_pack

Project: https://github.com/imagemagick/imagemagick.git Detailed report: https://oss-fuzz.com/testcase?key=5739060115537920 Project: imagemagick Fuzzer: libFuzzerimagemagickencoderpngfuzzer Fuzz target binary: encoderpngfuzzer Job Type: libfuzzermsanimagemagick Platform Id: linux Crash Type:...

HackBar - HackBar Plugin For Burpsuite

HackBar - HackBar Plugin For Burpsuite V1.0. Requirements Burpsuite Java How to Install Download Jar 'https://github.com/d3vilbug/HackBar/releases/tag/1.0' and add in burpsuite Tested on Burpsuite 1.7.36 Windows 10 xubuntu 18.04 Upcoming Features/Modules Ctrl + H shortcut WAF bypass SQLi...

Security update for ffmpeg-4 (low)

This update for ffmpeg-4 to version 4.0.2 fixes the following issues: These security issues were fixed: - CVE-2018-15822: The flvwritepacket function did not check for an empty audio packet, leading to an assertion failure and DoS bsc1105869. - CVE-2018-13300: An improper argument passed to the...

openSUSE Security Update : ffmpeg-4 (openSUSE-2018-1004)

This update for ffmpeg-4 to version 4.0.2 fixes the following issues : These security issues were fixed : - CVE-2018-15822: The flvwritepacket function did not check for an empty audio packet, leading to an assertion failure and DoS bsc1105869. - CVE-2018-13300: An improper argument passed to the...

Linux/x86 - Random Bytewise XOR + Insertion Encoder Shellcode (54 bytes)

/ Title: Linux/x86 - Random Bytewise XOR + Insertion Encoder Shellcode 54 bytes Author: Ray Doyle @doylersec Homepage: https://www.doyler.net Tested on: Linux/x86 gcc -o xorencodedshellcode -z execstack -fno-stack-protector xorencodedshellcode.c / / Disassembly of section .text: 08048060 : 804806...

Security update for ffmpeg-4 (low)

This update for ffmpeg-4 to version 4.0.2 fixes the following issues: These security issues were fixed: - CVE-2018-15822: The flvwritepacket function did not check for an empty audio packet, leading to an assertion failure and DoS bsc1105869. - CVE-2018-13300: An improper argument passed to the...

Dynamic key XOR Encoder

An x86 XOR encoder with dynamic key size This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Dynamic key XOR Encoder', 'Description' = 'An x86 XOR encoder with dynamic key size', 'Author' = 'lupman...

Dynamic key XOR Encoder

An x64 XOR encoder with dynamic key size This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Dynamic key XOR Encoder', 'Description' = 'An x64 XOR encoder with dynamic key size', 'Author' = 'lupman...

Bash Brace Expansion Command Encoder

This encoder uses brace expansion in Bash and other shells to avoid whitespace without being overly fancy. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Bash Brace Expansion Command Encoder',...

UBUNTU-CVE-2018-15822

The flvwritepacket function in libavformat/flvenc.c in FFmpeg through 2.8 does not check for an empty audio packet, leading to an assertion failure...

CVE-2017-2575

A vulnerability was found while fuzzing libbpg 0.9.7. It is a NULL pointer dereference issue due to missing check of the return value of function malloc in the BPG encoder. This vulnerability appeared while converting a malicious JPEG file to BPG...

CVE-2017-2575

A vulnerability was found while fuzzing libbpg 0.9.7. It is a NULL pointer dereference issue due to missing check of the return value of function malloc in the BPG encoder. This vulnerability appeared while converting a malicious JPEG file to BPG...

CVE-2017-2575

CVE-2017-2575 affects the libbpg 0.9.7 BPG encoder. The issue is a NULL pointer dereference caused by a missing check of the return value from malloc during conversion of a malicious JPEG file to BPG. This is a code-path vulnerability in the encoder that can lead to a crash when parsing crafted i...

Nextcloud Server 'JSON Encoder' Security Bypass Vulnerability

Nextcloud Server is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

jpeg_encoder Heap Buffer Overflow Vulnerability

jpegencoder is an encoder for compressing images in other formats into jpeg format images. A heap buffer overflow vulnerability exists in the 'readFromBMP' function of the jpegencoder.cpp file in jpegencoder 2015-11-27 and earlier versions. An attacker could exploit this vulnerability to execute...

CVE-2018-14945

An issue has been found in jpegencoder through 2015-11-27. It is a heap-based buffer overflow in the function readFromBMP in jpegencoder.cpp...