Asterisk Audio Transcoding DoS Vulnerability (AST-2019-005)

Asterisk is prone to a denial of service vulnerability in audio transcoding. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

asterisk -- Remote Crash Vulnerability in audio transcoding

The Asterisk project reports: When audio frames are given to the audio transcoding support in Asterisk the number of samples are examined and as part of this a message is output to indicate that no samples are present. A change was done to suppress this message for a particular scenario in which...

Video - Critical - Remote Code Execution - SA-CONTRIB-2019-037

This module provides a field where editors can add videos to their content and this module offers functionality to transcode these videos to different sizes and formats. The module doesn't sufficiently sanitize some user input on administrative forms...

Subsonic cross-site scripting vulnerability (CNVD-2018-20096)

Subsonic is a media file hosting platform developed and maintained by software developer Sindre Mehus. A cross-site scripting vulnerability exists in the settings of the translation code in Subsonic version 6.1.1. A remote attacker can exploit the vulnerability by sending multiple parameters to t...

CVE-2018-14689

An issue was discovered in Subsonic 6.1.1. The transcoding settings are affected by five stored cross-site scripting vulnerabilities in the namex, sourceformatsx, targetFormatx, step1x, and step2x parameters where x is an integer to transcodingSettings.view that could be used to steal session...

Cross site scripting

An issue was discovered in Subsonic 6.1.1. The transcoding settings are affected by five stored cross-site scripting vulnerabilities in the namex, sourceformatsx, targetFormatx, step1x, and step2x parameters where x is an integer to transcodingSettings.view that could be used to steal session...

CVE-2018-14689

An issue was discovered in Subsonic 6.1.1. The transcoding settings are affected by five stored cross-site scripting vulnerabilities in the namex, sourceformatsx, targetFormatx, step1x, and step2x parameters where x is an integer to transcodingSettings.view that could be used to steal session...

CVE-2018-14689

An issue was discovered in Subsonic 6.1.1. The transcoding settings are affected by five stored cross-site scripting vulnerabilities in the namex, sourceformatsx, targetFormatx, step1x, and step2x parameters where x is an integer to transcodingSettings.view that could be used to steal session...

CVE-2018-14689

Subsonic 6.1.1 is affected by five stored cross‑site scripting vulnerabilities in transcodingSettings.view parameters (name[x], sourceformats[x], targetFormat[x], step1[x], step2[x]). Impact: potential to steal session information of a victim. Root cause: stored XSS in the transcoding settings. A...

QNAP QTS 'Media Library' Command injection Vulnerability

QNAP QTS is prone to a command execution vulnerability. This VT was deprecated since it is a duplicate of QNAP NAS SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Remote code execution

QNAP has patched a remote code execution vulnerability affecting the QTS Media Library in all versions prior to QTS 4.2.6 build 20170905 and QTS 4.3.3.0299 build 20170901. This particular vulnerability allows a remote attacker to execute commands on a QNAP NAS using a transcoding service on port...

CVE-2017-13067

QNAP has patched a remote code execution vulnerability affecting the QTS Media Library in all versions prior to QTS 4.2.6 build 20170905 and QTS 4.3.3.0299 build 20170901. This particular vulnerability allows a remote attacker to execute commands on a QNAP NAS using a transcoding service on port...

CVE-2017-13067

QNAP has patched a remote code execution vulnerability affecting the QTS Media Library in all versions prior to QTS 4.2.6 build 20170905 and QTS 4.3.3.0299 build 20170901. This particular vulnerability allows a remote attacker to execute commands on a QNAP NAS using a transcoding service on port...

FFmpeg remote file stealing vulnerabilities – moving end of the safety analysis report-vulnerability warning-the black bar safety net

0x1 vulnerability of origin FFmpeg remote file stealing vulnerabilities original source is Foreign vulnerability of the platform,the last year has been in the CTF match is used. Official in January of this year released the fixed version and published the vulnerability number CVE-2 0 1 6-1 8 9...

SSRF vulnerability of the mining experience-the vulnerability warning-the black bar safety net

SSRF overview SSRFServer-Side Request Forgery:server side request forgery is a by the attacker structure is formed by the service terminal initiating the request of a security vulnerability. Under normal circumstances, the SSRF attack the target from outside the network cannot access the internal...

Updated xbmc package fixes a security vulnerability

Due to flaws in the embedded copy of libDCR, a fork of dcraw.c, in the embedded copy of CxImage, opening a specially crafted photo file could trigger a division by zero, an infinite loop, or a null pointer dereference, resulting in a denial of service CVE-2013-1438. This update fixes those flaws...

Microsoft Exchange Server WebReady Document Viewing Remote Code Execution Vulnerabilities (2740358)

This host is missing a critical security update according to Microsoft Bulletin MS12-058. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

cups security and bug fix update

1:1.3.7-30 - Backported patch to fix transcoding for ASCII bug 759081, STR 3832. 1:1.3.7-29 - The imageto filters could crash with bad GIF files CVE-2011-2896, STR 3867, STR 3914, bug 752118. 1:1.3.7-28 - Web interface didn't show completed jobs for printer STR 3436, bug 625900 - Serial backend...

cups security and bug fix update

1.4.2-44 - Init script should source /etc/sysconfig/cups bug 744791 1.4.2-43 - The scheduler might leave old job data files in the spool directory STR 3795, STR 3880, bug 735505. 1.4.2-42 - A further fix for imageto filters crashing with bad GIF files STR 3914, bug 714118. 1.4.2-41 - The imageto...

XSS 0DAY-vulnerability warning-the black bar safety net

See dream light out! I also do not hide! 1 0 On 7, When I sent the logs,prompting everyone! Here was the last issued byXSS WORM beginning to try to continue it. Actually very simple,is two times the transfer code. DIV STYLE="background-image: urljavascript:var XmlHttp=new ActiveXObject"Microsoft...