16 matches found
IrfanView JLS Formats PlugIn Heap Overflow
No description provided by source. Summary ======= IrfanView Formats PlugIn is prone to an overflow condition. The JLS Plugin jpegls.dll library fails to properly sanitize user-supplied input resulting in a heap-based buffer overflow. With a specially crafted JLS compressed image file, a...
XnView 1.99.1 JLS File Decompression Heap Overflow
No description provided by source. SUMMARY XnView Formats PlugIn is prone to an overflow condition. The JLS Plugin xjpegls.dll library fails to properly sanitize user-supplied input resulting in a heap-based buffer overflow. With a specially crafted JLS compressed image file, a context-dependent...
Realplayer Watchfolders Long Filepath Overflow
Realplayer Watchfolders Long Filepath Overflow Realplayer is vulnerable to a stack buffer overflow vulnerability in the 'Watch Folders' facility CVE-2012-4987. Details here: http://www.reactionpenetrationtesting.co.uk/realplayer-watchfolders.html Research:...
XnView 1.99.1 - .JLS File Decompression Heap Overflow
XnView 1.99.1 - .JLS File Decompression Heap Overflow SUMMARY XnView Formats PlugIn is prone to an overflow condition. The JLS Plugin xjpegls.dll library fails to properly sanitize user-supplied input resulting in a heap-based buffer overflow. With a specially crafted JLS compressed image file, a...
XnView 1.99.1 - '.JLS' File Decompression Heap Overflow
SUMMARY XnView Formats PlugIn is prone to an overflow condition. The JLS Plugin xjpegls.dll library fails to properly sanitize user-supplied input resulting in a heap-based buffer overflow. With a specially crafted JLS compressed image file, a context-dependent attacker could potentially execute...
MF Gig Calendar Wordpress Plugin - Cross-Site Scripting
/--------------------------------------------------------- | MF Gig Calendar Wordpress Plugin - Cross-Site Scripting | ---------------------------------------------------------/ Summary ======= MF Gig Calendar 0.9.2 is subject to a cross-site scripting vulnerability. The value of a generic...
Group Office Calendar - calendarjson.php SQL Injection
Group Office Calendar - calendarjson.php SQL Injection /-------------------------------------\ | Group-Office Calendar SQL Injection | -------------------------------------/ Summary ======= Versions of Group-Office a web app for online collaboration prior to 4.0.90 are subject to a SQL injection...
Group-Office Cleartext Credentials Stored in Cookies
/------------------------------------------------------ | Group-Office Cleartext Credentials Stored in Cookies | ------------------------------------------------------/ Summary ======= Group-Office 4.0.71 was found to display a behaviour that could potentially expose a user's username and clearte...
TCExam Edit SQL Injection
/--------------------------- | TCExam Edit SQL Injection | ---------------------------/ Summary ======= TCExam 11.3.007 is prone to a SQL injection flaw located in tceeditanswer.php and tceeditquestion.php. These files pass a 'subjectmoduleid' parameter into a SQL statement without satisfactory...
TCExam 11.3.007 Cross Site Scripting
/----------------------------------\ | TCExam Edit Cross-Site Scripting | ----------------------------------/ Summary ======= TCExam 11.3.007 is subject to a cross-site scripting vulnerability. A 'questionsubjectid' parameter is not sufficiently sanitised before being written to the...
IrfanView JLS Formats PlugIn - Heap Overflow
IrfanView JLS Formats PlugIn - Heap Overflow Summary ======= IrfanView Formats PlugIn is prone to an overflow condition. The JLS Plugin jpegls.dll library fails to properly sanitize user-supplied input resulting in a heap-based buffer overflow. With a specially crafted JLS compressed image file, ...
GIMP 2.8.0 - .FIT File Format Denial of Service
GIMP 2.8.0 - .FIT File Format Denial of Service Summary ======= There is a file handling DoS in GIMP the GNU Image Manipulation Program for the 'fit' file format affecting all versions Windows and Linux up to and including 2.8.0. A file in the fit format with a malformed 'XTENSION' header will...
script-fu buffer overflow in GIMP 2.6
Vulnerability Summary ================= There is a buffer overflow in the script-fu server component of GIMP the GNU Image Manipulation Program in all 2.6 versions Windows and Linux versions affecting both the script-fu console and the script-fu network server. A crafted msg to the script-fu serv...
GIMP 2.6 script-fu < 2.8.0 Buffer Overflow Vulnerability
No description provided by source. There is a buffer overflow in the script-fu server component of GIMP the GNU Image Manipulation Program in all 2.6 versions Windows and Linux versions affecting both the script-fu console and the script-fu network server. A crafted msg to the script-fu server...
GIMP 2.6 script-fu 2.8.0 - Buffer Overflow (PoC)
GIMP 2.6 script-fu 2.8.0 - Buffer Overflow PoC / There is a buffer overflow in the script-fu server component of GIMP the GNU Image Manipulation Program in all 2.6 versions Windows and Linux versions affecting both the script-fu console and the script-fu network server. A crafted msg to the...
GIMP 2.6 script-fu < 2.8.0 - Buffer Overflow (PoC)
/ There is a buffer overflow in the script-fu server component of GIMP the GNU Image Manipulation Program in all 2.6 versions Windows and Linux versions affecting both the script-fu console and the script-fu network server. A crafted msg to the script-fu server overflows a buffer and overwrites...