Monthly Archive: July 2017

A SIGFPE is raised in the function box_blur_line of rsvg-filter.c in GNOME librsvg 2.40.17 during an attempted parse of a crafted SVG file, because of incorrect protection against division by zero. Date published :...

Geneko GWR routers allow directory traversal sequences starting with a /../ substring, as demonstrated by unauthenticated read access to the configuration file. Date published : 2017-07-19 https://blogs.securiteam.com/index.php/archives/3317#more-3317

coders/jpeg.c in ImageMagick before 7.0.6-1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via JPEG data that is too short. Date published : 2017-07-19 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867894...

coders/mpc.c in ImageMagick before 7.0.6-1 does not enable seekable streams and thus cannot validate blob sizes, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact...

The ReadJPEGImage function in coders/jpeg.c in ImageMagick before 7.0.6-1 allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted file. Date published : 2017-07-19 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867893 https://github.com/ImageMagick/ImageMagick/commit/f6463ca9588579633bbaed9460899d892aa3c64a

The ReadSCREENSHOTImage function in coders/screenshot.c in ImageMagick before 7.0.6-1 has memory leaks, causing denial of service. Date published : 2017-07-19 http://www.securityfocus.com/bid/99948 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867897

The ReadPESImage function in coderspes.c in ImageMagick 7.0.6-1 has an infinite loop vulnerability that can cause CPU exhaustion via a crafted PES file. Date published : 2017-07-19 http://www.securityfocus.com/bid/99964 https://github.com/ImageMagick/ImageMagick/issues/537

Subrion CMS before 4.1.6 has a SQL injection vulnerability in /front/actions.php via the $_POST array. Date published : 2017-07-19 https://github.com/intelliants/subrion/issues/480

Subrion CMS before 4.1.5.10 has a SQL injection vulnerability in /front/search.php via the $_GET array. Date published : 2017-07-19 https://github.com/intelliants/subrion/issues/479

The WHM Upload Locale interface in cPanel before 56.0.51, 58.x before 58.0.52, 60.x before 60.0.45, 62.x before 62.0.27, 64.x before 64.0.33, and 66.x before 66.0.2 has XSS via a locale filename, aka SEC-297. Date...

In Sitecore 8.2, there is absolute path traversal via the shell/Applications/Layouts/IDE.aspx fi parameter and the admin/LinqScratchPad.aspx Reference parameter. Date published : 2017-07-19 https://packetstormsecurity.com/files/143357/Sitecore-CMS-8.2-Cross-Site-Scripting-File-Disclosure.html https://xc0re.net/2017/07/03/sitecore-cms-v-8-2-multiple-vulnerabilties/

In Sitecore 8.2, there is reflected XSS in the shell/Applications/Tools/Run Program parameter. Date published : 2017-07-19 https://packetstormsecurity.com/files/143357/Sitecore-CMS-8.2-Cross-Site-Scripting-File-Disclosure.html https://xc0re.net/2017/07/03/sitecore-cms-v-8-2-multiple-vulnerabilties/

D-Link DIR-615 before v20.12PTb04 has a second admin account with a 0x1 BACKDOOR value, which might allow remote attackers to obtain access via a TELNET connection. Date published : 2017-07-19 ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-615/REVT/DIR-615_REVT_RELEASE_NOTES_20.12PTB04.pdf http://www.rootlabs.com.br/backdoor-dlink-dir-615/

The Humax Wi-Fi Router model HG100R-* 2.0.6 is prone to an authentication bypass vulnerability via specially crafted requests to the management console. The bug is exploitable remotely when the router is configured to expose...