Monthly Archive: July 2017

In the WP Rocket plugin 2.9.3 for WordPress, the Local File Inclusion mitigation technique is to trim traversal characters (..) — however, this is insufficient to stop remote attacks and can be bypassed by...

A memory leak was found in the way SIPcrack 0.2 handled processing of SIP traffic, because a lines array was mismanaged. A remote attacker could potentially use this flaw to crash long-running sipdump network...

An out-of-bounds read and write flaw was found in the way SIPcrack 0.2 processed SIP traffic, because 0x00 termination of a payload array was mishandled. A remote attacker could potentially use this flaw to...

NexusPHP V1.5 has XSS via a javascript: or data: URL in a UBBCode url tag. Date published : 2017-07-26 http://118.89.230.52/about/details.docx

When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the ReadMATImage() function in coders/mat.c. Date published : 2017-07-26 http://www.securityfocus.com/bid/100014 https://github.com/ImageMagick/ImageMagick/issues/587

GraphicsMagick 1.3.26 has a heap overflow in the WriteCMYKImage() function in coders/cmyk.c when processing multiple frames that have non-identical widths. Date published : 2017-07-26 http://www.securityfocus.com/bid/100357 http://hg.code.sf.net/p/graphicsmagick/code/rev/d00b74315a71

GraphicsMagick 1.3.26 has a NULL pointer dereference in the WriteMAPImage() function in coders/map.c when processing a non-colormapped image, a different vulnerability than CVE-2017-11638. Date published : 2017-07-26 http://www.securityfocus.com/bid/100395 http://hg.code.sf.net/p/graphicsmagick/code/rev/29550606d8b9

GraphicsMagick 1.3.26 has a Memory Leak in the PersistCache function in magick/pixel_cache.c during writing of Magick Persistent Cache (MPC) files. Date published : 2017-07-26 http://hg.code.sf.net/p/graphicsmagick/code/rev/db732abd9318 https://www.debian.org/security/2018/dsa-4321

When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to an address access exception in the WritePTIFImage() function in coders/tiff.c. Date published : 2017-07-26 http://www.securityfocus.com/bid/99989 https://github.com/ImageMagick/ImageMagick/issues/584

When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WriteCIPImage() function in coders/cip.c, related to the GetPixelLuma function in MagickCore/pixel-accessor.h. Date published : 2017-07-26...

GraphicsMagick 1.3.26 has a segmentation violation in the WriteMAPImage() function in coders/map.c when processing a non-colormapped image, a different vulnerability than CVE-2017-11642. Date published : 2017-07-26 http://hg.code.sf.net/p/graphicsmagick/code/rev/29550606d8b9 https://www.debian.org/security/2018/dsa-4321

GraphicsMagick 1.3.26 has a NULL pointer dereference in the WritePCLImage() function in coders/pcl.c during writes of monochrome images. Date published : 2017-07-26 http://hg.code.sf.net/p/graphicsmagick/code/rev/f3ffc5541257 https://www.debian.org/security/2018/dsa-4321

GraphicsMagick 1.3.26 has a heap overflow in the WriteRGBImage() function in coders/rgb.c when processing multiple frames that have non-identical widths. Date published : 2017-07-26 http://www.securityfocus.com/bid/99978 http://hg.code.sf.net/p/graphicsmagick/code/rev/39961adf974c

dapur/app/app_user/controller/status.php in Fiyo CMS 2.0.7 has SQL injection via the id parameter. Date published : 2017-07-26 https://github.com/FiyoCMS/FiyoCMS/issues/7