Rite CMS 2.2.1 Remote Code Execution

Exploit Title: RiteCMS 2.2.1 - Authenticated Remote Code Execution Date: 2020-07-03 Exploit Author: H0j3n Vendor Homepage: http://ritecms.com/ Software Link: http://sourceforge.net/projects/ritecms/files/ritecms2.2.1.zip/download Version: 2.2.1 Tested on: Linux Reference:...

APSB20-65 Security update available for Adobe Media Encoder

Adobe has released an update for Adobe Media Encoder. This update resolves a critical vulnerability that could lead to arbitrary code execution in the context of the current user...

HiSilicon Video Encoder Command Injection

!/usr/bin/env bash Exploit Title: HiSilicon video encoders - RCE via unauthenticated command injection Date: 2020-09-20 Exploit Author: Alexei Kojenov Vendor Homepage: multiple vendors Software Link: N/A Version: vendor-specific Tested on: Linux CVE: CVE-2020-24217 Vendors: URayTech, J-Tech...

HiSilicon Video Encoder Malicious Firmware Code Execution

!/usr/bin/env bash Exploit Title: HiSilicon video encoders - RCE via unauthenticated upload of malicious firmware Date: 2020-09-20 Exploit Author: Alexei Kojenov Vendor Homepage: multiple vendors Software Link: N/A Version: vendor-specific Tested on: Linux CVE: CVE-2020-24217 Vendors: URayTech,...

HiSilicon Video Encoder Buffer Overflow / Denial Of Service

!/usr/bin/env bash Exploit Title: HiSilicon video encoders - unauthenticated RTSP buffer overflow DoS Date: 2020-09-20 Exploit Author: Alexei Kojenov Vendor Homepage: multiple vendors Software Link: N/A Version: vendor-specific Tested on: Linux CVE: CVE-2020-24214 Vendors: URayTech, J-Tech Digita...

HiSilicon Encoder Default Credentials (Telnet)

HiSilicon Encoder devices are using default credentials over Telnet. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

CVE-2020-24219

An issue was discovered on URayTech IPTV/H.264/H.265 video encoders through 1.97. Attackers can send crafted unauthenticated HTTP requests to exploit path traversal and pattern-matching programming flaws, and retrieve any file from the device's file system, including the configuration file with t...

openSUSE Security Update : brotli (openSUSE-2020-1578)

This update for brotli fixes the following issues : brotli was updated to 1.0.9 : - CVE-2020-8927: Fix integer overflow when input chunk is longer than 2GiB boo1175825 - brotli -v now reports raw / compressed size - decoder: minor speed / memory usage improvements - encoder: fix rare access to...

Mozilla: Integer overflow in nsJPEGEncoder::emptyOutputBuffer

In non-standard configurations, a JPEG image created by JavaScript could have caused an internal variable to overflow, resulting in an out of bounds write, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox 78...

imagemagick:encoder_inline_fuzzer: Heap-buffer-overflow in Fax3Decode2D

Project: https://github.com/imagemagick/imagemagick.git Detailed Report: https://oss-fuzz.com/testcase?key=5127059796656128 Project: imagemagick Fuzzing Engine: libFuzzer Fuzz Target: encoderinlinefuzzer Job Type: libfuzzerasanimagemagick Platform Id: linux Crash Type: Heap-buffer-overflow READ 4...

HiSilicon Encoder Directory Traversal Vulnerability - Active Check

HiSilicon Encoders are prone to a directory traversal vulnerability in /sys/devices/media/13070000.jpgd. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Adobe Media Encoder < 14.4.0 Multiple Information Disclosure (APSB20-57)

The version of Adobe Media Encoder installed on the remote Windows host is prior to 14.4.0. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB20-57 advisory. - Adobe Media Encoder version 14.3.2 and earlier versions has an out-of-bounds read vulnerability that could ...

CVE-2020-9739

Adobe Media Encoder version 14.3.2 and earlier versions has an out-of-bounds read vulnerability that could be exploited to read past the end of an allocated buffer, possibly resulting in a crash or disclosure of sensitive information from other memory locations. User interaction is required to...

CVE-2020-9744

Adobe Media Encoder version 14.3.2 and earlier versions has an out-of-bounds read vulnerability that could be exploited to read past the end of an allocated buffer, possibly resulting in a crash or disclosure of sensitive information from other memory locations. User interaction is required to...

CVE-2020-9745

Adobe Media Encoder version 14.3.2 and earlier versions has an out-of-bounds read vulnerability that could be exploited to read past the end of an allocated buffer, possibly resulting in a crash or disclosure of sensitive information from other memory locations. User interaction is required to...

CVE-2020-9745

Adobe Media Encoder version 14.3.2 and earlier versions has an out-of-bounds read vulnerability that could be exploited to read past the end of an allocated buffer, possibly resulting in a crash or disclosure of sensitive information from other memory locations. User interaction is required to...

CVE-2020-9744

Adobe Media Encoder version 14.3.2 and earlier versions has an out-of-bounds read vulnerability that could be exploited to read past the end of an allocated buffer, possibly resulting in a crash or disclosure of sensitive information from other memory locations. User interaction is required to...

CVE-2020-9739

Adobe Media Encoder version 14.3.2 and earlier versions has an out-of-bounds read vulnerability that could be exploited to read past the end of an allocated buffer, possibly resulting in a crash or disclosure of sensitive information from other memory locations. User interaction is required to...

Design/Logic Flaw

Adobe Media Encoder version 14.3.2 and earlier versions has an out-of-bounds read vulnerability that could be exploited to read past the end of an allocated buffer, possibly resulting in a crash or disclosure of sensitive information from other memory locations. User interaction is required to...

Design/Logic Flaw

Adobe Media Encoder version 14.3.2 and earlier versions has an out-of-bounds read vulnerability that could be exploited to read past the end of an allocated buffer, possibly resulting in a crash or disclosure of sensitive information from other memory locations. User interaction is required to...