Monthly Archive: December 2017

In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted MAT image file. Date published :...

In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a stack-based buffer over-read in WriteWEBPImage in coders/webp.c, related to a WEBP_DECODER_ABI_VERSION check. Date published : 2017-12-23 http://www.securityfocus.com/bid/102317 https://github.com/ImageMagick/ImageMagick/issues/907

In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a heap-based buffer over-read in ReadOneMNGImage in coders/png.c, related to length calculation and caused by an off-by-one error. Date published : 2017-12-23 http://www.securityfocus.com/bid/102305 https://github.com/ImageMagick/ImageMagick/issues/906

An issue was discovered in Valve Steam Link build 643. Root passwords longer than 8 characters are truncated because of the default use of DES (aka the CONFIG_FEATURE_DEFAULT_PASSWD_ALGO="des" setting). Date published : 2017-12-23 https://blogger.davidmanouchehri.com/2017/12/steam-link-security-truncated-password.html...

An issue was discovered in Valve Steam Link build 643. When the SSH daemon is enabled for local development, the device is publicly available via IPv6 TCP port 22 over the internet (with stateless...

Vanguard Marketplace Digital Products PHP 1.4 allows arbitrary file upload via an "Add a new product" or "Add a product preview" action, which can make a .php file accessible under a uploads/ URI. Date...

Vanguard Marketplace Digital Products PHP 1.4 has SQL Injection via the PATH_INFO to the /p URI. Date published : 2017-12-23 https://www.exploit-db.com/exploits/43316/

The JEXTN Video Gallery extension 3.0.5 for Joomla! has SQL Injection via the id parameter in a view=category action. Date published : 2017-12-23 https://www.exploit-db.com/exploits/43330/

The "JEXTN Question And Answer" extension 3.1.0 for Joomla! has SQL Injection via the an parameter in a view=tags action, or the ques-srch parameter. Date published : 2017-12-23 https://www.exploit-db.com/exploits/43329/

The JBuildozer extension 1.4.1 for Joomla! has SQL Injection via the appid parameter in an entriessearch action. Date published : 2017-12-23 https://www.exploit-db.com/exploits/43323/ https://vel.joomla.org/vel-blog/2046-jbuildozer-1-4-1-sql-injection

The mgl-instagram-gallery plugin for WordPress has XSS via the single-gallery.php media parameter. Date published : 2017-12-23 https://cxsecurity.com/issue/WLB-2017120183

In Liferay Portal 6.1.0, the tags section has XSS via a Public Render Parameter (p_r_p) value, as demonstrated by p_r_p_564233524_tag. Date published : 2017-12-23 https://cxsecurity.com/issue/WLB-2017120169

pdf/pdf-write.c in Artifex MuPDF before 1.12.0 mishandles certain length changes when a repair operation occurs during a clean operation, which allows remote attackers to cause a denial of service (buffer overflow and application crash)...

kernel/bpf/verifier.c in the Linux kernel through 4.14.8 mishandles states_equal comparisons between the pointer data type and the UNKNOWN_VALUE data type, which allows local users to obtain potentially sensitive address information, aka a "pointer leak."...