ropesgray.com XSS vulnerability

Open Bug Bounty ID: OBB-550461 Description| Value ---|--- Affected Website:| ropesgray.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

DEBIAN-CVE-2017-17503

ReadGRAYImage in coders/gray.c in GraphicsMagick 1.3.26 has a magick/import.c ImportGrayQuantumType heap-based buffer over-read via a crafted file...

Poppler Denial of Service Vulnerability (CNVD-2017-32544)

Poppler is a C++ class library for generating PDF, the library is inherited from Xpdf PDF reader. A denial of service vulnerability exists in the 'GfxImageColorMap::getGrayLine' function of the GfxState.cc file in Poppler version 0.59.0. A remote attacker can exploit this vulnerability with a...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference. In Poppler 0.59.0, a NULL Pointer Dereference exists in the GfxImageColorMap::getGrayLine function in GfxState.cc via a crafted PDF document. Remediation There is no fixed version for poppler. References -...

UBUNTU-CVE-2017-15565

In Poppler 0.59.0, a NULL Pointer Dereference exists in the GfxImageColorMap::getGrayLine function in GfxState.cc via a crafted PDF document...

Poppler 'GfxImageColorMap::getGray' function denial of service vulnerability

Poppler is a C++ class library for generating PDF, the library is inherited from Xpdf PDF reader. A security vulnerability exists in the 'GfxImageColorMap::getGray' function of the GfxState.cc file in Poppler version 0.54.0. A remote attacker can exploit this vulnerability to cause a denial of...

PoDoFo 'PoDoFo::PdfColorGray::~PdfColorGray' function null pointer reference denial of service vulnerability

PoDoFo is an open source , written in C++ using the PDF file format library . A null pointer reference vulnerability exists in PoDoFo's 'PoDoFo::PdfColorGray::PdfColorGray' function. Allows a remote attacker to construct a malicious file and trick the user into parsing it, which can crash the...

PT-2017-17376 · Podofo +2 · Podofo +2

Name of the Vulnerable Software and Affected Versions: PoDoFo version 0.9.4 Description: The issue allows remote attackers to cause a denial of service, specifically a NULL pointer dereference, via a crafted file. This is related to the PoDoFo::PdfColorGray::PdfColorGray function in PdfColor.cpp...

PT-2016-7789 · Artifex +3 · Ghostscript +3

Name of the Vulnerable Software and Affected Versions: ghostscript versions prior to 9.21 Description: The issue is related to a heap-based buffer overflow found in the jbig2 decode gray scale image function, which is used for decoding halftone segments in JBIG2 images. A document, such as...

UBUNTU-CVE-2016-9556

The IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3-8 allows remote attackers to cause a denial of service out-of-bounds heap read via a crafted image file...

Mirai Vulnerability Disclosed, But Exploits May Constitute Hacking Back

The Mirai botnet apparently has a weakness that could shut down its ability to flood targets with HTTP requests. But exploiting that vulnerability puts defenders in a gray area with regard to hacking back. Researchers at Invincea Labs discovered three vulnerabilities in Mirai, one of which is the...

Syhunt ScanTools - Console Web Vulnerability Scan Tools

Syhunt released the new generation of its console-based scan tools, simply called ScanTools. The first release of ScanTools comes with four console applications: - ScanURL ,ScanCode , ScanLog and ScanConf , incorporating the functionality of the scanners Syhunt Hybrid/Dynamic, Syhunt Code, Syhunt...

Database Assessment Tool: DbDat

DbDat performs numerous checks on a database to evaluate security. The categories of checks performed are configuration, privileges, users, and information. Checks are performed by running queries or reading database configuration files. The goal of this tool is to highlight issues that need...

Ubuntu 14.04 LTS : PyYAML vulnerability (USN-2461-3)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2461-3 advisory. Stanisaw Pitucha and Jonathan Gray discovered that PyYAML did not properly handle wrapped strings. An attacker could create specially crafted YAML data to trigger...

DSA-3103-1 libyaml-libyaml-perl - security update

Bulletin has no description...

Yahoo Formally Launches Bug Bounty Program

As promised, Yahoo formally kicked off its bug bounty program late last week, aiming to correct what many in the security industry viewed as misstep after it handed out a paltry $12.50 credit to a researcher for discovering a cross-site scripting error. The company caught flak when in September...

Scientific Linux Security Update : qt on SL6.x i386/x86_64

Qt is a software toolkit that simplifies the task of writing and maintaining GUI Graphical User Interface applications for the X Window System. HarfBuzz is an OpenType text shaping engine. A buffer overflow flaw was found in the harfbuzz module in Qt. If a user loaded a specially crafted font fil...

CVE-2009-5030

The tcdfreeencode function in tcd.c in OpenJPEG 1.3 through 1.5 allows remote attackers to cause a denial of service memory corruption and possibly execute arbitrary code via crafted tile information in a Gray16 TIFF image, which causes insufficient memory to be allocated and leads to an "invalid...

openjpeg: Heap memory corruption leading to invalid free by processing certain Gray16 TIFF images

The tcdfreeencode function in tcd.c in OpenJPEG 1.3 through 1.5 allows remote attackers to cause a denial of service memory corruption and possibly execute arbitrary code via crafted tile information in a Gray16 TIFF image, which causes insufficient memory to be allocated and leads to an "invalid...

Unfixed XSS vulnerability at www.gray-zoom.fr

Security researcher Atmon3r, has submitted on 15/02/2012 a cross-site-scripting XSS vulnerability affecting www.gray-zoom.fr, which at the time of submission ranked 18038291 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 16/02/2012. It is...