CVE-2019-14295

An Integer overflow in the getElfSections function in pvmlinx.cpp in UPX 3.95 allows remote attackers to cause a denial of service crash via a skewed offset larger than the size of the PE section in a UPX packed executable, which triggers an allocation of excessive memory...

CVE-2019-14295

An Integer overflow in the getElfSections function in pvmlinx.cpp in UPX 3.95 allows remote attackers to cause a denial of service crash via a skewed offset larger than the size of the PE section in a UPX packed executable, which triggers an allocation of excessive memory...

The vulnerability of the krb_parse_authz_data function in the SnAuthRPC module of the Secret Net Studio security system allows a hacker to trigger a service failure.

The vulnerability of the krbparseauthzdata function in the SnAuthRPC module of the Secret Net Studio security system is related to errors in buffer offset calculations, which lead to the displacement of uninitialized memory areas. Exploiting this vulnerability could allow a remote attacker to cau...

ACDSee Free User Mode Write Access Conflict Vulnerability (CNVD-2019-24227)

ACDSee is an image manager, viewer and editor program for Windows, macOS and iOS developed by ACD Systems International.ACDSee Free is the free version of ACDSee. ACDSee Free 1.1.21 suffers from a user mode write access conflict vulnerability starting at IDEACDStd!JPEGTransW+0x00000000000024ed. A...

ALPINE-CVE-2019-13108

An integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service SIGSEGV via a crafted PNG image file, because PngImage::readMetadata mishandles a zero value for iccOffset...

CVE-2019-13109

An integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service SIGSEGV via a crafted PNG image file, because PngImage::readMetadata mishandles a chunkLength - iccOffset subtraction...

Vulnerability of the start_TA_task function (with a shift of 0x137F7C) in the TEE OS Trusted Core component of the operating system’s SMC handler. This vulnerability allows a malicious actor to trigger a service failure in the Huawei Mate 9 Pro mobile phone’s microprogramming system.

The vulnerability of the startTAtask function with a offset of 0x137F7C in the SMC handler of the operating system TEE OS Trusted Core in the microprogramming environment of the Huawei Mate 9 Pro mobile phone is related to the assignment of an untrusted pointer. Exploiting this vulnerability can...

CVE-2018-7843

A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when reading memory blocks with an invalid data size or with an invalid data offset in the controller over Modbus...

Denial Of Service (DoS)

php is vulnerable to denial of service DoS. The vulnerability exists when parsing a file with indirect offset value...

CVE-2019-11592

WeBid 1.2.2 has reflected XSS via the id parameter to admin/deletenews.php, admin/editbannersuser.php, admin/editfaqscategory.php, or admin/excludeuser.php, or the offset parameter to admin/edituser.php...

Parameth - This Tool Can Be Used To Brute Discover GET And POST Parameters

This tool can be used to brute discover GET and POST parameters Often when you are busting a directory for common files, you can identify scripts for example test.php that look like they need to be passed an unknown parameter. This hopefully can help find them. The -off flag allows you to specify...

CVE-2019-10897

In Wireshark 3.0.0, the IEEE 802.11 dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-ieee80211.c by detecting cases in which the bit offset does not advance...

Router exploitation of Stack Overflow-the bounce of the shell's payload configuration-vulnerability warning-the black bar safety net

Previous article talked about the ROP chain is constructed, and finally the direct use of call the execve function, the shellcode can be directly getshell, but in the actual router case of overflow will not be so simple. Here look at together with the DVRF in the title, this question is...

PHP Uninitialized Read Vulnerability (CNVD-2019-24792)

PHP is a general-purpose open source scripting language. The syntax absorbs the characteristics of the C language , Java and Perl , easy to learn , widely used , mainly in the field of Web development . An uninitialized read vulnerability exists in exifprocessIFDinMAKERNOTE in the EXIF component ...

CVE-2019-9638

An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exifprocessIFDinMAKERNOTE because of mishandling the makernote-offset relationship to valuelen...

CVE-2019-9638

An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exifprocessIFDinMAKERNOTE because of mishandling the makernote-offset relationship to valuelen...

UBUNTU-CVE-2019-9638

An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exifprocessIFDinMAKERNOTE because of mishandling the makernote-offset relationship to valuelen...

Time not getting sync on XenServer with NTP

High NTP offset and jitter while delay is low. This can be seen with "ntpq -p". Offset is the time difference between the local server and remote Jitter is the difference between the last and current offset measurements, thus if it is high, it means that the offset is increasing more over time...

CVE-2018-19020

When CX-Supervisor Versions 3.42 and prior processes project files and tampers with the value of an offset, an attacker can force the application to read a value outside of an array...

Code injection

When CX-Supervisor Versions 3.42 and prior processes project files and tampers with the value of an offset, an attacker can force the application to read a value outside of an array...