Monthly Archive: August 2017

IBM Emptoris Services Procurement 10.0.0.5 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL to specify a malicious file from a remote system, which could allow...

A memory allocation failure was discovered in the ReadPNMImage function in coders/pnm.c in GraphicsMagick 1.3.26. The vulnerability causes a big memory allocation, which may lead to remote denial of service in the MagickRealloc function...

A stack-based buffer overflow was discovered in the pgxtoimage function in bin/jp2/convert.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution....

An invalid write access was discovered in bin/jp2/convert.c in OpenJPEG 2.2.0, triggering a crash in the tgatoimage function. The vulnerability may lead to remote denial of service or possibly unspecified other impact. Date published...

A heap-based buffer overflow was discovered in the opj_t2_encode_packet function in lib/openjp2/t2.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact....

CrushFTP before 7.8.0 and 8.x before 8.2.0 has a redirect vulnerability. Date published : 2017-08-30 https://crushftp.com/version7.html https://crushftp.com/version8.html

CrushFTP before 7.8.0 and 8.x before 8.2.0 has an HTTP header vulnerability. Date published : 2017-08-30 https://crushftp.com/version7.html https://crushftp.com/version8.html

CrushFTP before 7.8.0 and 8.x before 8.2.0 has XSS. Date published : 2017-08-30 https://crushftp.com/version7.html https://crushftp.com/version8.html

CrushFTP 8.x before 8.2.0 has a serialization vulnerability. Date published : 2017-08-30 https://crushftp.com/version8.html

ARM mbed TLS before 1.3.21 and 2.x before 2.1.9, if optional authentication is configured, allows remote attackers to bypass peer authentication via an X.509 certificate chain with many intermediates. NOTE: although mbed TLS was...

The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows directory traversal attacks for reading arbitrary files via the module/admin_conf/download.php file parameter. Date published : 2017-08-30 https://github.com/EyesOfNetworkCommunity/eonweb/issues/8

Fiyo CMS 2.0.7 has XSS in dapurappsapp_configsys_config.php via the site_name parameter. Date published : 2017-08-30 https://github.com/FiyoCMS/FiyoCMS/issues/8

GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage() in a coders/xbm.c "Read hex image data" version==10 case that results in the reader not returning; it would cause large amounts of CPU and...

GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage() in a coders/xbm.c "Read hex image data" version!=10 case that results in the reader not returning; it would cause large amounts of CPU and...