The ReadMAGICKImage function in coders/magick.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file. Date published : 2017-07-30 https://github.com/ImageMagick/ImageMagick/issues/628
The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file. Date published : 2017-07-30 https://github.com/ImageMagick/ImageMagick/issues/631
The ReadOneJNGImage function in coders/png.c in ImageMagick 6.9.9-4 and 7.0.6-4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. Date published : 2017-07-30 https://github.com/ImageMagick/ImageMagick/issues/632
InternetSoft FTP Commander 8.02 and prior has an untrusted search path, allowing DLL hijacking via a Trojan horse dwmapi.dll file. Date published : 2017-07-30 http://blog.pentest.space/2017/07/023-ftp-commander-802-unsafe-dll.html
VIT Spider Player 2.5.3 has an untrusted search path, allowing DLL hijacking via a Trojan horse dwmapi.dll, olepro32.dll, dsound.dll, or AUDIOSES.dll file. Date published : 2017-07-30 http://blog.pentest.space/2017/07/spider-player-253-unsafe-dll-loading.html
main.c in Tinyproxy 1.8.4 and earlier creates a /run/tinyproxy/tinyproxy.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for...
Tenshi 0.15 creates a tenshi.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for tenshi.pid modification before a...
In MODX Revolution 2.5.7, the "key" and "name" parameters in the System Settings module are vulnerable to XSS. A malicious payload sent to connectors/index.php will be triggered by every user, when they visit this...
The writeRandomBytes_RtlGenRandom function in xmlparse.c in libexpat in Expat 2.2.1 and 2.2.2 on Windows allows local users to gain privileges via a Trojan horse ADVAPI32.DLL in the current working directory because of an untrusted...
The function "Token& Scanner::peek" in scanner.cpp in yaml-cpp 0.5.3 and earlier allows remote attackers to cause a denial of service (assertion failure and application exit) via a ‘!2’ string. Date published : 2017-07-30 https://security.gentoo.org/glsa/202007-14...
interface/js/app/history.js in WebUI in Rspamd before 1.6.3 allows XSS via the Subject and Message-Id headers, which are mishandled in the history page. Date published : 2017-07-29 https://github.com/vstakhov/rspamd/issues/1738 https://github.com/vstakhov/rspamd/releases/tag/1.6.3
SQL injection vulnerability in coreadminauto-modulesformsprocess.php in BigTree 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via the tags array parameter. Date published : 2017-07-29 https://github.com/bigtreecms/BigTree-CMS/issues/304
A heap-based buffer over-read was found in the function decompileCALLFUNCTION in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. Date published : 2017-07-29 https://security.gentoo.org/glsa/201904-24 http://somevulnsofadlab.blogspot.jp/2017/07/libmingheap-buffer-overflow-in_24.html
A null pointer dereference vulnerability was found in the function stackswap (called from decompileSTACKSWAP) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. Date published...