imagemagick/rotate_fuzzer: Stack-buffer-overflow in LibRaw::identify

Project: https://github.com/imagemagick/imagemagick.git Detailed report: https://oss-fuzz.com/testcase?key=5723382935977984 Project: imagemagick Fuzzer: aflimagemagickrotatefuzzer Fuzz target binary: rotatefuzzer Job Type: aflasanimagemagick Platform Id: linux Crash Type: Stack-buffer-overflow RE...

imagemagick/encoder_dng_fuzzer: Use-of-uninitialized-value in LibRaw::identify

Project: https://github.com/imagemagick/imagemagick.git Detailed report: https://oss-fuzz.com/testcase?key=5922589626073088 Project: imagemagick Fuzzer: libFuzzerimagemagickencoderdngfuzzer Fuzz target binary: encoderdngfuzzer Job Type: libfuzzermsanimagemagick Platform Id: linux Crash Type:...

NIST Cybersecurity Framework Series Part 1: Identify

The National Institute of Standards and Technology created the Cybersecurity Framework NIST CSF four years ago under the Obama administration. Recently, the framework received added attention when President Donald Trump signed a cybersecurity executive order in May 2017, mandating that government...

DEBIAN-CVE-2017-16352

GraphicsMagick 1.3.26 is vulnerable to a heap-based buffer overflow vulnerability found in the "Display visual image directory" feature of the DescribeImage function of the magick/describe.c file. One possible way to trigger the vulnerability is to run the identify command on a specially crafted...

CVE-2017-16352

CVE-2017-16352 affects GraphicsMagick 1.3.26 and is a heap-based buffer overflow in the Display visual image directory feature of DescribeImage() (magick/describe.c). Trigger: running identify on a specially crafted MIFF file with the verbose flag. Impact details in the vulnerability describe onl...

CVE-2017-16352

GraphicsMagick 1.3.26 is vulnerable to a heap-based buffer overflow vulnerability found in the "Display visual image directory" feature of the DescribeImage function of the magick/describe.c file. One possible way to trigger the vulnerability is to run the identify command on a specially crafted...

TROMMEL - Sift Through Directories of Files to Identify Indicators That May Contain Vulnerabilities

TROMMEL sifts through directories of files to identify indicators that may contain vulnerabilities. TROMMEL identifies the following indicators related to: Secure Shell SSH key files Secure Socket Layer SSL key files Internet Protocol IP addresses Uniform Resource Locator URL email addresses shel...

BaRMIe - Java RMI Enumeration And Attack Tool

BaRMIe is a tool for enumerating and attacking Java RMI Remote Method Invocation services. RMI services often expose dangerous functionality without adequate security controls, however RMI services tend to pass under the radar during security assessments due to the lack of effective testing tools...

CVE-2017-12235

A vulnerability in the implementation of the PROFINET Discovery and Configuration Protocol PN-DCP for Cisco IOS 12.2 through 15.6 could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service DoS condition. The vulnerability is due to the...

Cisco IOS Software Denial of Service Vulnerability (CNVD-2017-34216)

Cisco IOS is an operating system developed by Cisco for its network devices. A denial of service vulnerability exists in the PROFINET Discovery and Configuration Protocol PN-DCP implementation of Cisco IOS, which arises from the program's failure to properly parse PN-DCP Identify Request packets....

Phishing Kit Hunter

Phishing Kit Hunter PhishingKitHunter or PKHunter is a tool made for identifying phishing kits URLs used in phishing campaigns targeting your customers and using some of your own website files as CSS, JS, …. This tool – write in Python 3 – is based on the analysis of referer’s URL which GET...

Cisco Identify Services Engine (ISE) Admin Portal Unauthorized Access

According to its self-reported version number and installed patches, the remote Cisco Identity Services Engine ISE application running on the remote device is affected by an unspecified flaw in the Admin portal that allows unauthorized access. An unauthenticated, remote attacker can exploit this...

Weapon of Mass Destruction: WMD

Weapon of Mass Destruction This is a python tool with a collection of IT security software. The software is incapsulated in “modules”. The modules does consist of pure python code and/or external third programs. Main functions 1 To use a module, run the command “use modulecall”, e.g. “use apsniff...

imagemagick mogrify global buffer overflow Vulnerability

Exploit for windows platform in category remote exploits imagemagick identify suffers of a global buffer overflow issue, which I reported and has been patched, you can find a reproducer in the github bug tracker issue link issue: https://github.com/ImageMagick/ImageMagick/issues/280 patch:...

How to Move Replica Metadata

Purpose This article documents the procedure for moving replica metadata between repositories. While moving the replica metadata is not required when changing which repository a replication job uses, moving the metadata will eliminate the need for a lengthy "calculating disk digest" task after th...

Microsoft Exchange Information Disclosure Vulnerability

Microsoft Exchange Server is a set of e-mail service programs from Microsoft, which provides e-mail access, storage, forwarding, voice mail, e-mail filtering and screening. An information disclosure vulnerability exists in Microsoft Exchange Server. The vulnerability allows remote attackers to...

OpenSSL: Race condition handling PSK identify hint

A race condition flaw, leading to a double free, was found in the way OpenSSL handled pre-shared key PSK identify hints. A remote attacker could use this flaw to crash a multi-threaded SSL/TLS client using OpenSSL...

Medium: openssl

Issue Overview: A NULL pointer derefernce flaw was found in the way OpenSSL verified signatures using the RSA PSS algorithm. A remote attacked could possibly use this flaw to crash a TLS/SSL client using OpenSSL, or a TLS/SSL server using OpenSSL if it enabled client authentication. CVE-2015-3194...

Debian DSA-3413-1 : openssl - security update

Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues : - CVE-2015-3194 Loic Jonas Etienne of Qnective AG discovered that the signature verification routines will crash with a NULL...

file: out of bounds read in mconvert()

An ouf-of-bounds read flaw was found in the way the file utility processed certain Pascal strings. A remote attacker could cause an application using the file utility for example, PHP using the fileinfo module to crash if it was used to identify the type of the attacker-supplied file...