imagemagick/encoder_gif_fuzzer: Heap-buffer-overflow in ParseEntities

Project: https://github.com/imagemagick/imagemagick.git Detailed report: https://oss-fuzz.com/testcase?key=5754243379625984 Project: imagemagick Fuzzer: libFuzzerimagemagickencodergiffuzzer Fuzz target binary: encodergiffuzzer Job Type: libfuzzerasanimagemagick Platform Id: linux Crash Type:...

FreeBSD : dovecot -- json encoder crash (a64aa22f-61ec-11e9-85b9-a4badb296695)

Aki Tuomi reports : CVE-2019-10691: Trying to login with 8bit username containing invalid UTF8 input causes auth process to crash if auth policy is enabled. This could be used rather easily to cause a DoS. Similar crash also happens during mail delivery when using invalid UTF8 in From or Subject...

CVE-2019-10691

The JSON encoder in Dovecot before 2.3.5.2 allows attackers to repeatedly crash the authentication service by attempting to authenticate with an invalid UTF-8 sequence as the username...

CVE-2019-10691

The JSON encoder in Dovecot before 2.3.5.2 allows attackers to repeatedly crash the authentication service by attempting to authenticate with an invalid UTF-8 sequence as the username...

Linux/x86 - MMX-PUNPCKLBW Encoder Shellcode (61 bytes)

INTRO Exploit Title: MMX-PUNPCKLBW Encoder Description: Payload encoder using MMX PUNPCKLBW instruction Date: 13/04/2019 Exploit Author: Petr Javorik Tested on: Linux ubuntu 3.13.0-32-generic x86 Shellcode length: 61 ENCODER !/usr/bin/env python stack execve SHELLCODE = bytearray...

Linux/x64 - XANAX Encoder Shellcode (127 bytes)

Linux/x64 - XANAX Encoder Shellcode 127 bytes ; Date: 08/04/2019 ; XANAX Encoder ; Author: Alan Vivona ; Description: Uses xor-add-not-add-xor sequence with a 4 byte key and writes the encoded version to stdout ; Tested on: x86-x64 GNU/Linux global start segment .data keys.xor1 equ 0x29 keys.add1...

dovecot -- json encoder crash

Aki Tuomi reports: CVE-2019-10691: Trying to login with 8bit username containing invalid UTF8 input causes auth process to crash if auth policy is enabled. This could be used rather easily to cause a DoS. Similar crash also happens during mail delivery when using invalid UTF8 in From or Subject...

Security update for ffmpeg-4 (low)

openSUSE Security Update: Security update for ffmpeg-4 Announcement ID: openSUSE-SU-2019:1066-1 Rating: low References: 1092241 1100348 1105869 Cross-References: CVE-2018-13300 CVE-2018-15822 Affected Products: openSUSE Backports SLE-15 An update that solves two vulnerabilities and has one errata...

openSUSE Security Update : ffmpeg-4 (openSUSE-2019-691)

This update for ffmpeg-4 to version 4.0.2 fixes the following issues : These security issues were fixed : - CVE-2018-15822: The flvwritepacket function did not check for an empty audio packet, leading to an assertion failure and DoS bsc1105869. - CVE-2018-13300: An improper argument passed to the...

lame/fuzzer-encoder: Heap-buffer-overflow in do_copy_buffer

Project: https://svn.code.sf.net/p/lame/svn/trunk/lame Detailed report: https://oss-fuzz.com/testcase?key=5717291922096128 Project: lame Fuzzer: libFuzzerlamefuzzer-encoder Fuzz target binary: fuzzer-encoder Job Type: libfuzzerasanlame Platform Id: linux Crash Type: Heap-buffer-overflow WRITE Cra...

CMS Made Simple Showtime2 Module 3.6.2 - (Authenticated) Arbitrary File Upload

!/usr/bin/env python Exploit Title: CMS Made Simple authenticated arbitrary file upload in Showtime2 module Date: March 2019 Exploit Author: Daniele Scanu @ Certimeter Group Vendor Homepage: https://www.cmsmadesimple.org/ Software Link: http://viewsvn.cmsmadesimple.org/listing.php?repname=showtim...

Linux/x86 - INSERTION Encoder / Decoder execve(/bin/sh) Shellcode (88 bytes)

/ ''' ; Date: 07/03/2019 ; Insertion-Encoder.asm ; Author: Daniele Votta ; Description: This program encode shellcode with insertion technique 0xAA. ; Tested on: i686 GNU/Linux ''' !/usr/bin/python Python Insertion Encoder import random Execve /bin/sh 25 bytes shellcode...

Teracue ENC-400 Command Injection Vulnerability

The Teracue ENC-400 is a portable multi-flow encoder from Teracue Germany. A command injection vulnerability exists in the login form of the Teracue ENC-400, which can be exploited to execute code when the program passes user input to a shell command without performing any escaping or validation...

PT-2021-4535 · FFmpeg +5 · Ffmpeg +5

Name of the Vulnerable Software and Affected Versions: FFmpeg version 4.1 Description: The issue is related to a buffer overflow in the apng do inverse blend component of the Ffmpeg library, which could allow a remote attacker to cause a Denial of Service. Recommendations: For FFmpeg version 4.1,...

CVE-2018-15781

The Dell Wyse Password Encoder in ThinLinux2 versions prior to 2.1.0.01 contain a Hard-coded Cryptographic Key vulnerability. An unauthenticated remote attacker could reverse engineer the cryptographic system used in the Dell Wyse Password Encoder to discover the hard coded private key and decryp...

CVE-2018-15781

The Dell Wyse Password Encoder in ThinLinux2 versions prior to 2.1.0.01 contain a Hard-coded Cryptographic Key vulnerability. An unauthenticated remote attacker could reverse engineer the cryptographic system used in the Dell Wyse Password Encoder to discover the hard coded private key and decryp...

CVE-2018-15781 DSA-2019-022: Dell Wyse Password Encoder Hard-coded Cryptographic Key Vulnerability

The Dell Wyse Password Encoder in ThinLinux2 versions prior to 2.1.0.01 contain a Hard-coded Cryptographic Key vulnerability. An unauthenticated remote attacker could reverse engineer the cryptographic system used in the Dell Wyse Password Encoder to discover the hard coded private key and decryp...

CVE-2018-15781

CVE-2018-15781 concerns Dell Wyse Password Encoder on ThinLinux2 versions prior to 2.1.0.01, which contains a hard-coded cryptographic key. An unauthenticated remote attacker could reverse engineer the cryptographic system to discover the private key and decrypt locally stored ciphertext. The vul...

Qualifying Encoders with Akamai

Introduction The encoder qualification program was created to improve the process for vendors that wish to align themselves with Akamai network specific requirements. It is also intended to , mitigate the risk of encoder issues before using in production. A formal process is being introduced to...

Linux/x86 - Random Insertion Encoder and Decoder Shellcode (Generator)

!/usr/bin/python Python Random Insertion Encoder Author: Aditya Chaudhary Date: 5th Feb 2019 import random import sys import argparse shellcode = "\x31\xc0\x50\x89\xe2\x68\x62\x61\x73\x68\x68\x62\x69\x6e\x2f\x68\x2f\x2f\x2f\x2f\x89\xe3\x50\x53\x89\xe1\xb0\x0b\xcd\x80" Parse Arguments parser =...