libav denial of service vulnerability (CNVD-2017-04274)

Libav formerly FFmpeg is Libav team's set of cross-platform audio and video can be recorded, converted to a solution, which includes a libavcodec encoder. A denial of service vulnerability exists in libav. An attacker can exploit this vulnerability to cause a denial of service...

ImageMagick Double Release Vulnerability

ImageMagick is a free software for creating, editing, and compositing images.The use of most of ImageMagick's features comes from the command line tools. A double-release vulnerability in encoder/ tga.c in ImageMagick 7.0.0 and later allows remote attackers to cause a denial of service applicatio...

[SECURITY] Fedora 25 Update: python-cjson-1.1.0-9.fc25

This module implements a very fast JSON encoder/decoder for Python. JSON stands for JavaScript Object Notation and is a text based lightweight data exchange format which is easy for humans to read/write and for machines to parse/generate. JSON is completely language independent and has multiple...

openssl: Memory corruption in the ASN.1 encoder

A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an...

openssl: Memory corruption in the ASN.1 encoder

A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an...

Juniper ScreenOS 6.3.x < 6.3.0r23 Multiple Vulnerabilities in OpenSSL (JSA10759) (DROWN)

The version of Juniper ScreenOS running on the remote host is 6.3.x prior to 6.3.0r23. It is, therefore, affected by multiple vulnerabilities in its bundled version of OpenSSL : - A flaw exists in the SSLv2 implementation, specifically in the getclientmasterkey function within file s2srvr.c, due ...

Vulnerability alert: JPEG 2 0 0 0 a vulnerability to execute arbitrary code-a vulnerability warning-the black bar safety net

Vulnerability number CVE-2 0 1 6-8 3 3 2 TALOS-2 0 1 6-0 1 9 3 Affected version OpenJpeg openjp2 2.1.1 Vulnerability description Recently, Cisco's Talos security team disclosed a JPEG 2 0 0 0 of a zero-day exploit, the vulnerability can execute arbitrary code. OpenJPEG is an open-source JPEG 2 0 ...

Mozilla Firefox and Firefox ESR Heap Buffer Overflow Vulnerability

Mozilla Firefox is an open source web browser; Firefox ESR is an extended support version of Firefox. A heap buffer overflow vulnerability exists in the Mozilla Firefox and Firefox ESR 'nsBMPEncoder::AddImageFrame' function, which allows remote attackers to construct a malicious WEB page that can...

UBUNTU-CVE-2016-5278

Heap-based buffer overflow in the nsBMPEncoder::AddImageFrame function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird 45.4 allows remote attackers to execute arbitrary code via a crafted image data that is mishandled during the encoding of an image frame to an image...

l0l - The Exploit Development Kit

l0l a exploit development kit. with C++ language scripting. Yet, are being developed. Then the beta version will be published. Status Shellcodes : 5 Injectors : 0 Encoders : 0 Backdoors : 6 Install - Requirements : g++ and Python. $ make or, l0l.cpp compile the file.. Exp: $ g++ -o l0l l0l.cpp Ru...

Android on Nexus Qualcomm Component Privilege Acquisition Vulnerability (CNVD-2016-06250)

Android on Nexus 7 is an open source Linux-based operating system for the Nexus 7 smartphone developed by Google and the Open Handset Alliance OHA.Qualcomm is one of the Qualcomm components used in the Qualcomm devices. Qualcomm is a Qualcomm component used in one of Qualcomm's devices. A...

UBUNTU-CVE-2014-9880

drivers/video/msm/vidc/common/enc/venc.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 2013 devices does not validate VENIOCTLGETSEQUENCEHDR ioctl calls, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769352 and Qualcomm intern...

UBUNTU-CVE-2016-3835

The secure-session feature in the mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 mishandles heap pointers, which allows attackers to obtain sensitive information via a crafted application, aka internal bug...

speex speexenc parsing channel field denial of service vulnerability

Speex is an open source, free, patent-free audio compression format primarily for speech. The encoder program speexenc in speex-1.2rc2 and previous versions crashes when parsing wav files with zero values in the channel field resulting in a division by zero...

OWASP Mth3l3m3nt Framework - Penetration Testing Aiding Tool And Exploitation Framework

OWASP Mth3l3m3nt Framework is a penetration testing aiding tool and exploitation framework. It fosters a principle of attack the web using the web as well as pentest on the go through its responsive interface. Modules Packed in so far are: Payload Store Shell Generator PHP/ASP/JSP/JSPX/CFM Payloa...

Cisco TelePresence VCS / Expressway 8.x < 8.8 Multiple Vulnerabilities (Bar Mitzvah)

According to its self-reported version, the Cisco TelePresence Video Communication Server VCS / Expressway running on the remote host is 8.x prior to 8.8. It is, therefore, affected by multiple vulnerabilities : - A security feature bypass vulnerability exists, known as Bar Mitzvah, due to improp...

Microsoft Windows Authenticated User Code Execution

This module uses a valid administrator username and password or password hash to execute an arbitrary payload. This module is similar to the "psexec" utility provided by SysInternals. This module is now able to clean up after itself. The service created by this tool uses a randomly chosen name an...

The vulnerability of the console-based graphic editor ImageMagick, which allows a hacker to delete any files they want

The vulnerability of the EPHEMERAL encoder in the console-based ImageMagick graphics editor is related to lack of access control. Exploiting this vulnerability allows a malicious actor to delete arbitrary files using a specially crafted image...

OpenSSL 1.0.1 < 1.0.1o / 1.0.2 < 1.0.2c ASN.1 Encoder Negative Zero Value Handling RCE

Binary data 9389.prm...

openSUSE Security Update : vlc (openSUSE-2016-755)

This update for vlc to version 2.1.6 fixes the following issues : These CVE were fixed : - CVE-2016-5108: Reject invalid QuickTime IMA files boo984382. - CVE-2016-3941: Heap overflow in processing wav files boo973354. These security issues without were fixed : - Fix heap overflow in decomp stream...