imagemagick/crop_fuzzer: Strcpy-param-overlap in LibRaw::identify

Project: https://github.com/imagemagick/imagemagick.git Detailed report: https://oss-fuzz.com/testcase?key=6194991601811456 Project: imagemagick Fuzzer: libFuzzerimagemagickcropfuzzer Fuzz target binary: cropfuzzer Job Type: libfuzzerasanimagemagick Platform Id: linux Crash Type:...

Cross-site Scripting (XSS)

primefaces is vulnerable to cross-site scripting XSS attacks. The vulnerability exists due to the lack of sanitization of param values under non-AJAX implementations of AbstractMenu such as in BaseMenuRenderer...

CVE-2017-17454

Mahara 16.10 before 16.10.7 and 17.04 before 17.04.5 and 17.10 before 17.10.2 have a Cross Site Scripting XSS vulnerability when a user enters invalid UTF-8 characters. These are now going to be discarded in Mahara along with NULL characters and invalid Unicode characters. Mahara will also avoid...

Twig < 2.4.4 - Server Side Template Injection

Vulnerability details: Exploit Title: Twig Output: 16 2. POC: http://localhost/search?searchkey=44 OUTPUT: 4 http://localhost/search?searchkey=ls OUTPUT: list of files/directories etc…...

gstreamer/gst-discoverer: Negative-size-param in gst_buffer_fill

Project: https://anongit.freedesktop.org/git/gstreamer/gstreamer Detailed report: https://oss-fuzz.com/testcase?key=5822394796081152 Project: gstreamer Fuzzer: libFuzzergstreamergst-discoverer Fuzz target binary: gst-discoverer Job Type: libfuzzerasangstreamer Platform Id: linux Crash Type:...

imagemagick/encoder_psd_fuzzer: Negative-size-param in CopyMagickMemory

Project: https://github.com/imagemagick/imagemagick.git Detailed report: https://oss-fuzz.com/testcase?key=6608366026620928 Project: imagemagick Fuzzer: aflimagemagickencoderpsdfuzzer Fuzz target binary: encoderpsdfuzzer Job Type: aflasanimagemagick Platform Id: linux Crash Type:...

libreoffice/hwpfuzzer: Negative-size-param in HMemIODev::readBlock

Project: git://anongit.freedesktop.org/libreoffice/core Detailed report: https://oss-fuzz.com/testcase?key=4891144551923712 Project: libreoffice Fuzzer: libFuzzerlibreofficehwpfuzzer Fuzz target binary: hwpfuzzer Job Type: libfuzzerasanlibreoffice Platform Id: linux Crash Type: Negative-size-para...

imagemagick/encoder_psd_fuzzer: Negative-size-param in CopyMagickMemory

Project: https://github.com/imagemagick/imagemagick.git Detailed report: https://oss-fuzz.com/testcase?key=5076161005617152 Project: imagemagick Fuzzer: aflimagemagickencoderpsdfuzzer Fuzz target binary: encoderpsdfuzzer Job Type: aflasanimagemagick Platform Id: linux Crash Type:...

Command Execution Vulnerability in the set_param Program of the Pelco Sarix Pro Network Camera

pelco Sarix Professional is a video camera. A command execution vulnerability exists in the pelco Sarix Pro network camera setparam program. The vulnerability is caused due to the program not performing security checks on user-submitted parameters, allowing an attack to take full control of the...

ffmpeg: Memcpy-param-overlap in xan_wc3_copy_pixel_run

Project: https://git.ffmpeg.org/ffmpeg.git Detailed report: https://oss-fuzz.com/testcase?key=6393461273001984 Project: ffmpeg Fuzzer: libFuzzerffmpegAVCODECIDXANWC3fuzzer Fuzz target binary: ffmpegAVCODECIDXANWC3fuzzer Job Type: libfuzzerasanffmpeg Platform Id: linux Crash Type:...

open62541: Negative-size-param in UA_SecureChannel_processChunk

Project: https://github.com/open62541/open62541.git Detailed report: https://oss-fuzz.com/testcase?key=5797976103452672 Project: open62541 Fuzzer: libFuzzeropen62541fuzzbinarymessage Fuzz target binary: fuzzbinarymessage Job Type: libfuzzerasanopen62541 Platform Id: linux Crash Type:...

WordPress WPHRM plugin <= 1.0 - Authenticated SQL Injection

WordPress WPHRM plugin Authenticated SQL Injection allows an attacker to inject SQL commands via the employeeid $GET param. Solution Update the plugin...

PT-2017-3367 · Zivif · Zivif Pr115-204-P-Rs

Name of the Vulnerable Software and Affected Versions: Zivif PR115-204-P-RS version V2.3.4.2103 Description: The issue is related to errors in handling registration data in the webcam's software. It allows a remote attacker to obtain user credentials using the HTTP request...

gdal: Negative-size-param in DDFSubfieldDefn::ExtractStringData

Project: https://github.com/OSGeo/gdal.git Detailed report: https://oss-fuzz.com/testcase?key=5663860470054912 Project: gdal Fuzzer: libFuzzergdalogrsdtsfuzzer Fuzz target binary: ogrsdtsfuzzer Job Type: libfuzzerasangdal Platform Id: linux Crash Type: Negative-size-param Crash Address: Crash...

llvm_libcxxabi: Negative-size-param in __cxxabiv1::NodeArray __cxxabiv1::Db::makeNodeArray<std::__1::__wrap_iter<__cxxa

Project: https://github.com/llvm/llvm-project.git Detailed report: https://oss-fuzz.com/testcase?key=4630402486501376 Project: llvmlibcxxabi Fuzzer: libFuzzerllvmlibcxxabicxademanglefuzzer Fuzz target binary: cxademanglefuzzer Job Type: libfuzzerasanllvmlibcxxabi Platform Id: linux Crash Type:...

CVE-2017-11585

dayrui FineCms 5.0.9 has remote PHP code execution via the param parameter in an action=cache request to libraries/Template.php, aka Eval Injection...

FineCms Remote Code Execution Vulnerability

FineCMS is a content management system CMS developed using MVC architecture and PDO database interface. A remote code execution vulnerability exists in FineCms version 5.0.9. A remote attacker can exploit this vulnerability to execute arbitrary PHP code with the help of the 'param' function in th...

CVE-2017-11585

CVE-2017-11585 affects dayrui FineCMS 5.0.9 with remote PHP code execution through the param parameter in an action=cache request to libraries/Template.php, described as Eval Injection. The vulnerability allows an attacker to inject and execute arbitrary PHP code on the server. Exploitation and e...

gdal: Negative-size-param in CheckCitationKeyForStatePlaneUTM

Project: https://github.com/OSGeo/gdal.git Detailed report: https://oss-fuzz.com/testcase?key=5440880817209344 Project: gdal Fuzzer: libFuzzergdalgtifffuzzer Fuzz target binary: gtifffuzzer Job Type: libfuzzerasangdal Platform Id: linux Crash Type: Negative-size-param Crash Address: Crash State:...

gdal: Negative-size-param in NTFRecord::GetField

Project: https://github.com/OSGeo/gdal.git Detailed report: https://oss-fuzz.com/testcase?key=4813983888441344 Project: gdal Fuzzer: libFuzzergdalshapefuzzer Fuzz target binary: shapefuzzer Job Type: libfuzzerasangdal Platform Id: linux Crash Type: Negative-size-param Crash Address: Crash State:...