Monthly Archive: August 2017

In libavformat/rl2.c in FFmpeg 3.3.3, a DoS in rl2_read_header() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted RL2 file, which claims a...

In libavformat/mvdec.c in FFmpeg 3.3.3, a DoS in mv_read_header() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted MV file, which claims a...

In libavformat/rmdec.c in FFmpeg 3.3.3, a DoS in ivr_read_header() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted IVR file, which claims a large "len"...

An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel through 4.12.10 allows local users to cause a denial of service (memory corruption and system crash) by leveraging root access. Date...

In BlackCat CMS 1.2, backend/addons/install.php allows remote authenticated users to execute arbitrary PHP code via a ZIP archive that contains a .php file. Date published : 2017-08-31 https://github.com/M4ple/vulnerability/blob/master/blackcat_cms_RCE3/blackcat_cms_RCE3.md

In BlackCat CMS 1.2, backend/settings/ajax_save_settings.php allows remote authenticated users to conduct XSS attacks via the Website header or Website footer field. Date published : 2017-08-31 https://github.com/M4ple/vulnerability/blob/master/blackcat_cms_xss/blackcat_cms_xss.md

BlackCat CMS 1.2 allows remote authenticated users to inject arbitrary PHP code into info.php via a crafted new_modulename parameter to backend/addons/ajax_create.php. NOTE: this can be exploited via CSRF. Date published : 2017-08-31 https://github.com/M4ple/vulnerability/blob/master/blackcat_cms_RCE2/blackcat_cms_RCE2.md

Buffer overflow in the web server service in VX Search Enterprise 10.0.14 allows remote attackers to execute arbitrary code via a crafted GET request. Date published : 2017-08-31 http://packetstormsecurity.com/files/143949/VX-Search-Enterprise-10.0.14-Buffer-Overflow.html

In BlackCat CMS 1.2, remote authenticated users can upload any file via the media upload function in backend/media/ajax_upload.php, as demonstrated by a ZIP archive that contains a .php file. Date published : 2017-08-31 https://github.com/M4ple/vulnerability/blob/master/blackcat_cms_RCE/blackcat_cms_RCE.md

Multiple untrusted search path vulnerabilities in the installer in Synology Cloud Station Drive before 4.2.5-4396 on Windows allow local attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1)...

RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacker controls....

RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem. Date published : 2017-08-31 http://www.securityfocus.com/bid/100580 https://www.debian.org/security/2017/dsa-3966

RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications to cause a denial of service attack against RubyGems clients who have issued a `query` command. Date published : 2017-08-31 http://www.securityfocus.com/bid/100579 https://www.debian.org/security/2017/dsa-3966

RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequences. Date published : 2017-08-31 http://www.securityfocus.com/bid/100576 https://www.debian.org/security/2017/dsa-3966