Digital Publications by Supsystic <= 1.6.11 - Authenticated Stored Cross-Site Scripting (XSS)

When creating or editing a publication, all values such as Area Width, Publication Width are vulnerable to stored XSS. It is possible to store code in all input fields as the code does not sanitize any user input. v1.6.11 attempted to fix the issue by using sanitizetextfield, however the output i...

Duf - Disk Usage/Free Utility (Linux, BSD, macOS & Windows)

Disk Usage/Free Utility Linux, BSD, macOS & Windows Features User-friendly, colorful output Adjusts to your terminal's width Sort the results according to your needs Groups & filters devices Can conveniently output JSON Installation Packages Linux Arch Linux: duf Nix: nix-env -iA nixpkgs.duf...

Qualcomm Qualcomm Graphics Buffer Error Vulnerability

Qualcomm Graphics is a graphics support firmware for use on processors from Qualcomm Incorporated USA. A buffer error vulnerability exists in Qualcomm Graphics, which arises from an out-of-bounds memory access that occurs when calculating a negative width alignment requirement for an external...

CVE-2020-27756

In ParseMetaGeometry of MagickCore/geometry.c, image height and width calculations can lead to divide-by-zero conditions which also lead to undefined behavior. This flaw can be triggered by a crafted input file processed by ImageMagick and could impact application availability. The patch uses...

CVE-2020-27756

In ParseMetaGeometry of MagickCore/geometry.c, image height and width calculations can lead to divide-by-zero conditions which also lead to undefined behavior. This flaw can be triggered by a crafted input file processed by ImageMagick and could impact application availability. The patch uses...

CVE-2020-13893

Multiple stored cross-site scripting XSS vulnerabilities in Sage EasyPay 10.7.5.10 allow authenticated attackers to inject arbitrary web script or HTML via multiple parameters through Unicode Transformations Best-fit Mapping, as demonstrated by the full-width variants of the less-than sign...

Arbitrary Code Execution

Teeworlds is vulnerable to arbitrary code execution. An integer overflow in CMap::Load in engine/shared/map.cpp allows an attacker to execute arbitrary code on the host OS via a buffer overflow from the mishandling of the multiplication of width and height...

Change WordPress Login Logo < 1.1.5 - Authenticated Stored Cross-Site Scripting

The height, and width fields used to update the custom logo was found to be vulnerable to stored XSS, as they did not sanitize user input properly before publishing the changes. It is triggered when a user loads the login page. PoC Set the following payload as Height or Width in the plugin's...

CSS Injection

Overview chartkick is a Ruby gem that allows creation of JavaScript charts. Affected versions of this package are vulnerable to CSS Injection. Chartkick is vulnerable to CSS injection if user input is passed to the width or height option. An attacker can set additional CSS properties, like:...

Stegcloak - Hide Secrets With Invisible Characters In Plain Text Securely Using Passwords

StegCloak is a pure JavaScript steganography module designed in functional programming style, to hide secrets inside text by compressing and encrypting with Zero Width Characters. It can be used to safely watermark strings, invisible scripts on webpages, texts on social media or for any other...

CVE-2019-20788

libvncclient/cursor.c in LibVNCServer through 0.9.12 has a HandleCursorShape integer overflow and heap-based buffer overflow via a large height or width value. NOTE: this may overlap CVE-2019-15690...

DEBIAN-CVE-2019-20788

libvncclient/cursor.c in LibVNCServer through 0.9.12 has a HandleCursorShape integer overflow and heap-based buffer overflow via a large height or width value. NOTE: this may overlap CVE-2019-15690...

poppler: heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc

In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths...

ImageMagick: heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a width of zero is mishandled

A heap-based buffer over-read was discovered in ImageMagick in the way it selects an individual threshold for each pixel based on the range of intensity values in its local neighborhood due to a width of zero mishandle error. Applications compiled against ImageMagick libraries that accept...

libvncserver: integer overflow and heap-based buffer overflow in libvncclient/cursor.c in HandleCursorShape function

A flaw was found in libvncserver in versions through 0.9.12. A large height or width value may cause an integer overflow or a heap-based buffer overflow. The highest threat from this vulnerability is to system availability...

CVE-2020-10251

In ImageMagick 7.0.9, an out-of-bounds read vulnerability exists within the ReadHEICImageByID function in coders\heic.c. It can be triggered via an image with a width or height value that exceeds the actual size of the image...

ImageMagick Out-of-Bounds Read Vulnerability

ImageMagick is a software for creating, editing, and composing images that can read, convert, and write images in many formats. An out-of-bounds read vulnerability exists in the ReadHEICImageByID function in codersheic.c in ImageMagick 7.0.9. An attacker can exploit this vulnerability to cause a...

Huawei EulerOS: Security Advisory for netpbm (EulerOS-SA-2019-2426)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

curl: Division by zero if terminal width is 2

Summary: In fly there will be a division by zero if progress bar width is 2. That can happen if terminal width is 2. Steps To Reproduce: This script crash: stty rows 10 cols 2 ; curl --progress-bar somefile temp Impact I believe that if it's possible to set terminal width for a service, then that...

EulerOS 2.0 SP3 : giflib (EulerOS-SA-2019-2587)

According to the versions of the giflib package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Heap-based buffer overflow in giffix.c in giffix in giflib 5.1.1 allows attackers to cause a denial of service program crash via crafted image an...