EUVD-2025-24051

Malicious code in bioql PyPI...

WordPress GenerateBlocks plugin <= 1.9.1 - Authenticated (Contributor+) Sensitive Information Exposure via 'get_image_description' vulnerability

Authenticated Contributor+ Sensitive Information Exposure via 'getimagedescription' vulnerability discovered by Nishiv in WordPress Plugin GenerateBlocks versions = 1.9.1...

Writing great alt text: Emotion matters

If you prefer videos to articles, there's an episode of HTTP 203 on this topic. Ok, on with the article… Good alt text means that screen reader users get the same 'meaning' from the page as a fully sighted user. But sometimes that's easier said than done. I recently got stuck trying to figure out...

Cross-site Scripting (XSS)

python-django-horizon is vulnerable to cross-site scripting XSS. A DOM-based, cross-site scripting vulnerability was found in the OpenStack dashboard, where user input was not filtered correctly. An authenticated dashboard user could exploit the flaw by injecting an AngularJS template into a...

python-django-horizon: XSS in client side template

A DOM-based, cross-site scripting vulnerability has been identified in the OpenStack dashboard, where user input was not filtered correctly. An authenticated dashboard user could exploit the flaw by injecting an AngularJS template into a dashboard form for example, using an image's description,...

Wordpress Levo-Slideshow v2.3 - Persistent Vulnerability

Document Title: =============== Wordpress Levo-Slideshow v2.3 - Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1855 Release Date: ============= 2016-06-05 Vulnerability Laboratory ID VL-ID: ====================================...

Facebook uses Artificial Intelligence to Describe Photos to Blind Users

Today the Internet has become dominated by images, and it’s the major feature that got Facebook to a Billion daily users. We can not imagine Facebook without photos, but for Millions of blind and visually impaired people, Facebook without photos has been the reality since its launch. But not now!...

Updated giflib packages fix security vulnerability

A heap-based buffer overflow vulnerability was found in giffix utility of giflib when processing records of the type 'IMAGEDESCRECORDTYPE' due to the allocated size of 'LineBuffer' equaling the value of the logical screen width, 'GifFileIn-SWidth', while subsequently having 'GifFileIn-Image.Width...

giflib giffix heap buffer overflow vulnerability

giflib is a library and utility program for handling GIFs. A heap buffer overflow vulnerability exists in the giffix program when giflib processes records of type 'IMAGEDESCRECORDTYPE'. An attacker could exploit this vulnerability to cause the affected program segment to fail...

[SECURITY] Fedora 20 Update: kphotoalbum-4.5-2.fc20

A photo album tool. Focuses on three key points: It must be easy to describe a number of images at a time. It must be easy to search for images. It must be easy to browse and View the images...

Memory corruption

Apple QuickTime before 7.7 on Windows allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted image description associated with an mp4v tag in a movie file...

CVE-2011-0258

Apple QuickTime before 7.7 on Windows allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted image description associated with an mp4v tag in a movie file...

Apple QuickTime Image Description Atom Sign

print " -----------BID 35166----------" print " w3bd3vil at gmail dot com" print "Apple QuickTime Image Description Atom Sign Extension Vulnerability PoC" print " -----------BID 35166----------" bytes = 0x00, 0x00, 0x00, 0x08, 0x77, 0x69, 0x64, 0x65, 0x00, 0x02, 0xD6, 0x48, 0x6D, 0x64, 0x61, 0x74...

Apple QuickTime Image Description Atom Sign Extension PoC

Exploit for unknown platform in category dos / poc ========================================================= Apple QuickTime Image Description Atom Sign Extension PoC ========================================================= Exploit: inj3ct0r.com/sploits/6880.py 0day.today 2018-04-05...

Apple QuickTime - Image Description Atom Sign Extension (PoC)

Apple QuickTime - Image Description Atom Sign Extension PoC print " -----------BID 35166----------" print " w3bd3vil at gmail dot com" print "Apple QuickTime Image Description Atom Sign Extension Vulnerability PoC" print " -----------BID 35166----------" bytes = 0x00, 0x00, 0x00, 0x08, 0x77, 0x69...

Apple QuickTime - Image Description Atom Sign Extension (PoC)

print " -----------BID 35166----------" print " w3bd3vil at gmail dot com" print "Apple QuickTime Image Description Atom Sign Extension Vulnerability PoC" print " -----------BID 35166----------" bytes = 0x00, 0x00, 0x00, 0x08, 0x77, 0x69, 0x64, 0x65, 0x00, 0x02, 0xD6, 0x48, 0x6D, 0x64, 0x61, 0x74...

CVE-2009-0955

Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service application crash via crafted image description atoms in an Apple video file, related to a "sign extension issue."...

Code injection

Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service application crash via crafted image description atoms in an Apple video file, related to a "sign extension issue."...

CVE-2009-0955

CVE-2009-0955 affects Apple QuickTime prior to 7.6.2 due to a sign-extension vulnerability in the Image Description Atom handling for Apple Video files. A remote attacker could entice a user to open a crafted QuickTime movie, triggering a memory corruption flaw that may lead to arbitrary code exe...

CVE-2009-0955

Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service application crash via crafted image description atoms in an Apple video file, related to a "sign extension issue."...