kernel: NULL pointer dereference in ext4/xattr.c:ext4_xattr_inode_hash() causes crash with crafted ext4 image

The Linux kernel is vulnerable to a NULL pointer dereference in the ext4/xattr.c:ext4xattrinodehash function. An attacker could trick a legitimate user or a privileged attacker could exploit this to cause a NULL pointer dereference with a crafted ext4 image...

CVE-2018-14614

An issue was discovered in the Linux kernel through 4.17.10. There is an out-of-bounds access in removedirtysegment in fs/f2fs/segment.c when mounting an f2fs image...

Simple DirectMedia Layer SDL2_image Heap Buffer Overflow Vulnerability

Simple DirectMedia Layer is a multi-platform library for accessing low-level hardware and graphics and providing support for games, software, and emulators. sdl2image is a component used in it for parsing and displaying various image file formats. A heap buffer overflow vulnerability exists in th...

UBUNTU-CVE-2017-14442

An exploitable code execution vulnerability exists in the BMP image rendering functionality of SDL2image-2.0.2. A specially crafted BMP image can cause a stack overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability...

NASA CFITSIO 'ffghtb' function heap buffer overflow vulnerability

NASA CFITSIO is a FITS file subroutine library for reading and writing data files in FITS Flexible Image Transfer System format. A heap buffer overflow vulnerability exists in the 'ffghtb' function in NASA CFITSIO version 3.42. An attacker could exploit this vulnerability by sending a FIT image t...

Simple DirectMedia Layer SDL2_image Information Disclosure Vulnerability (CNVD-2018-08711)

Simple DirectMedia Layer is a cross-platform development library that provides low-level access to audio, keyboard, mouse, and graphics hardware devices, etc. via OpenGL and Direct3D. A security vulnerability exists in the PCX image rendering feature of Simple DirectMedia Layer SDL2image-2.0.2. T...

FakeImageExploiter - Use a Fake image.jpg (hide known file extensions) to exploit targets

This module takes one existing image.jpg and one payload.ps1 input by user and builds a new payload agent.jpg.exe that if executed it will trigger the download of the 2 previous files stored into apache2 image.jpg + payload.ps1 and execute them. This module also changes the agent.exe Icon to matc...

The vulnerability of the GIF loader in the imlib2 library allows a hacker to trigger a service failure or gain access to confidential data.

The vulnerability of the imlib2 GIF library loader exists due to a read buffer overflow error. Exploiting this vulnerability can allow an attacker to cause service failures or gain access to confidential data using a specially created GIF image...

BIOS Code Execution Vulnerability in Multiple Lenovo Products

The Lenovo 320-17AST and others are computer products from the Chinese company Lenovo.BIOS is one of the basic output-input systems. A security vulnerability exists in the BIOS of several Lenovo products, which stems from the program's failure to properly configure write protection. The...

The vulnerability of the imlib2 graphic library, caused by integer overflow, allows an attacker to execute arbitrary code.

The vulnerability of the imlib2 graphic library for 32-bit platforms arises from integer overflows memory writes beyond the boundaries of the memory buffer. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using a specially created large-sized image...

UBUNTU-CVE-2017-7598

tifdirread.c in LibTIFF 4.0.7 might allow remote attackers to cause a denial of service divide-by-zero error and application crash via a crafted image...

CVE-2016-3991

Heap-based buffer overflow in the loadImage function in the tiffcrop tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service out-of-bounds write or execute arbitrary code via a crafted TIFF image with zero tiles...

CVE-2016-6292

The exifprocessusercomment function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted JPEG image...

DEBIAN-CVE-2013-7447

Integer overflow in the gdkcairosetsourcepixbuf function in gdk/gdkcairo.c in GTK+ before 3.9.8, as used in eom, gnome-photos, eog, gambas3, thunar, pinpoint, and possibly other applications, allows remote attackers to cause a denial of service crash via a large image file, which triggers a large...

用友软件某众多管理系统弱口令涉及(公司FTP/客户信息/工作日志/服务日志)

简要描述： 用友软件 详细说明： 账号 密码 callcenter callcenter admin sqbbagdp 管理地址 http://vip.ufida.com.cn/nccsm/ http://nczx.yonyou.com/SubModule/role/ 目录遍历 http://nczx.yonyou.com/Inc/ 内部FTP 内网：ftp://192.168.8.86 外网：ftp://125.35.5.232 ncservice ncservice2015 漏洞证明： img...

CVE-2015-3395

The msrledecodepal4 function in msrledec.c in Libav before 10.7 and 11.x before 11.4 and FFmpeg before 2.0.7, 2.2.x before 2.2.15, 2.4.x before 2.4.8, 2.5.x before 2.5.6, and 2.6.x before 2.6.2 allows remote attackers to have unspecified impact via a crafted image, related to a pixel pointer, whi...

某非书资料管理系统通用型SQL注入漏洞

简要描述： 详细说明： Manufacturers： http://www.metadata.com.cn/ 杭州麦达电子有限公司 SQL Injection: /poweb/Ip.do?method=addIp&schoolid= 其中schoolid存在注入 Case: http://59.74.114.252:84/poweb/Ip.do?method=addIp&schoolid=301041 http://219.222.177.236:8080/poweb/Ip.do?method=addIp&schoolid=281041...

EUVD-2014-3618

The exififdmakevalue function in exif.c in the EXIF extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 operates on floating-point arrays incorrectly, which allows remote attackers to cause a denial of service heap memory corruption and application crash or possibly execut...

BlackBerry Enterprise Servers vulnerable to TIFF Image based Exploit

If you are a BlackBerry Enterprise Network user, here is something you need to be careful about. BlackBerry Enterprise Server BES users have been warned that an image-based exploit could allow hackers to access and execute code on the servers used to support corporate users of BlackBerry...

CVE-2009-2295

Multiple integer overflows in CamlImages 2.2 and earlier might allow context-dependent attackers to execute arbitrary code via a crafted PNG image with large width and height values that trigger a heap-based buffer overflow in the 1 readpngfile or 2 readpngfileasrgb24 function...