An issue was discovered in ImageMagick 7.0.7-22 Q16. The IsWEBPImageLossless function in coders/webp.c allows attackers to cause a denial of service (segmentation violation) via a crafted file. Date published : 2018-02-25 https://github.com/ImageMagick/ImageMagick/issues/998
install/installNewDB.php in TestLink through 1.9.16 allows remote attackers to conduct injection attacks by leveraging control over DB LOGIN NAMES data during installation to provide a long, crafted value. Date published : 2018-02-25 https://www.exploit-db.com/exploits/44226/ https://www.exploit-db.com/exploits/44349/
realloc_symlink in rock.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (NULL Pointer Dereference) via a crafted iso file. Date published : 2018-02-24 http://www.securityfocus.com/bid/103202 http://ftp.gnu.org/gnu/libcdio/libcdio-1.0.0.tar.gz
print_iso9660_recurse in iso-info.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted iso file. Date published :...
A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_print.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9...
An out-of-bounds read in JPXStream::readTilePart in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml. Date published : 2018-02-24 https://forum.xpdfreader.com/viewtopic.php?f=3&t=654&p=819#p819
A NULL pointer dereference in XFAForm::scanFields in XFAForm.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml. Date published : 2018-02-24 https://forum.xpdfreader.com/viewtopic.php?f=3&t=613
Infinite recursion in AcroForm::scanField in AcroForm.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file due to lack of loop checking, as demonstrated by pdftohtml. Date published :...
A NULL pointer dereference in JPXStream::fillReadBuf in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml. Date published : 2018-02-24 https://forum.xpdfreader.com/viewtopic.php?f=3&t=613
Piwigo before 2.9.3 has SQL injection in admin/tags.php in the administration panel, via the tags array parameter in an admin.php?page=tags request. The attacker must be an administrator. Date published : 2018-02-24 https://github.com/Piwigo/Piwigo/issues/839 https://pastebin.com/tPebQFy4
ELinks 0.12 and Twibright Links 2.3 have Missing SSL Certificate Validation. Date published : 2018-02-23 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=694658 https://bugzilla.redhat.com/show_bug.cgi?id=881399
Seagate BlackArmor NAS allows remote attackers to execute arbitrary code via the session parameter to localhost/backupmgt/localJob.php or the auth_name parameter to localhost/backupmgmt/pre_connect_check.php. Date published : 2018-02-23 https://www.exploit-db.com/exploits/33159/
backupmgt/pre_connect_check.php in Seagate BlackArmor NAS contains a hard-coded password of ‘!~@##$$%FREDESWWSED’ for a backdoor user. Date published : 2018-02-23 https://www.exploit-db.com/exploits/33159/
In mxGraphViewImageReader.java in mxGraph before 3.7.6, the SAXParserFactory instance in convert() is missing flags to prevent XML External Entity (XXE) attacks, as demonstrated by /ServerView. Date published : 2018-02-23 https://github.com/jgraph/mxgraph/issues/124 https://lists.debian.org/debian-lts-announce/2018/03/msg00002.html