This Metasploit module exploits a vulnerability in HotSpot bytecode verifier where an invalid optimization of GETFIELD/PUTFIELD/GETSTATIC/PUTSTATIC instructions leads to insufficient type checks. This allows a way to escape the JRE sandbox, and load additional classes in order to perform malicious operations.
94d1b02973615daa0c50e2dd0f511b93Secunia Research has discovered a vulnerability in Cyrus IMAPd, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused by an error in the authentication mechanism of the NNTP server. This can be exploited to bypass the authentication process and execute commands intended for authenticated users only by sending an "AUTHINFO USER" command without a following "AUTHINFO PASS" command. Versions 2.4.10 and 2.4.11 are affected.
bdc245287c58d035977407b17f525b1bSecunia Research has discovered a vulnerability in KDE Okular, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused by a boundary error within the RLE decompression in the "TranscribePalmImageToJPEG()" function in generators/plucker/unpluck/image.cpp. This can be exploited to cause a heap-based buffer overflow by e.g. tricking a user into opening a specially crafted PDB file. Version 4.4.5 is affected.
4206064fb3450a30a10689d42f8e9717Secunia Research has discovered three integer overflow vulnerabilities in libgdiplus for Mono, which can be exploited by malicious people to compromise an application using the library. Version 2.6.7 is affected.
edd8180baf4f75f6b26ee4e642069834Secunia Research has discovered two vulnerabilities in SWFTools, which can be exploited by malicious people to compromise a user's system. An integer overflow error within the "getPNG()" function in lib/png.c can be exploited to cause a heap-based buffer overflow via specially crafted PNG images. An integer overflow error within the "jpeg_load()" function in lib/jpeg.c can be exploited to cause a heap-based buffer overflow via specially crafted JPEG images.
449024581463936d88d1336bcdf8f8cdSecunia Research has discovered two vulnerabilities in Ziproxy, which can be exploited by malicious people to compromise a vulnerable system. An integer overflow within the "jpg2bitmap()" function in src/image.c can be exploited to cause a heap-based buffer overflow via specially crafted JPG images. An integer overflow within the "png2bitmap()" function in src/image.c can be exploited to cause a heap-based buffer overflow via specially crafted PNG images. Ziproxy version 3.0.0 is affected.
e4aabda878242182c10ebbe6fb429698Secunia Research has discovered a vulnerability in Orbit Downloader, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application not properly sanitizing the "name" attribute of the "file" element of metalink files before using it to download files. If a user is tricked into downloading from a specially crafted metalink file, this can be exploited to download files to directories outside of the intended download directory via directory traversal attacks. The vulnerability is confirmed in version 3.0.0.4 and 3.0.0.5. Other versions may also be affected.
9bf1696f33e4255c295cdf8d7557b96cSecunia Research has discovered a vulnerability in aria2, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application not properly sanitising the "name" attribute of the "file" element of metalink files before using it to download files. If a user is tricked into downloading from a specially crafted metalink file, this can be exploited to download files to directories outside of the intended download directory via directory traversal attacks. aria2 version 1.9.1 build2 is affected.
8a22c61c138639b9792910d307904f0dSecunia Research has discovered a vulnerability in Free Download Manager, which can be exploited by malicious people to compromise a user's system. The "name" attribute of the "file" element of metalink files is not properly sanitised before being used to download files. If a user is tricked into downloading from a specially crafted metalink file, this can be exploited to download files to directories outside of the intended download directory via directory traversal attacks. Free Download Manager version 3.0 build 850 is affected.
6a6ed6b4d16c3e2e5da57f216df52d68Secunia Research has discovered four vulnerabilities in Free Download Manager, which can be exploited by malicious people to compromise a user's system. Free Download Manager version 3.0 build 850 is affected.
e4107f8f7aff093286d9da965cbb3133Secunia Research has discovered a vulnerability in KDE, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to KGet not properly sanitising the "name" attribute of the "file" element of metalink files before using it to download files. If a user is tricked into downloading from a specially crafted metalink file, this can be exploited to download files to directories outside of the intended download directory via directory traversal attacks. KDE version 4.4.2 is affected.
3305045279517e7f1a37b710180a597dSecunia Research has discovered a vulnerability in KDE, which can be exploited by malicious people to bypass certain security features. The vulnerability is caused by KGet downloading files without the user's acknowledgment, overwriting existing files of the same name when displaying a dialog box that allows a user to choose the file to download out of the options offered by a metalink file. KDE version 4.4.2 is affected.
a18d2589a2ed398500a429606f2e9904Secunia Research has discovered a vulnerability in IrfanView, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a boundary error when processing certain RLE compressed PSD images and can be exploited to cause a heap-based buffer overflow by tricking a user into opening a specially crafted PSD file. Successful exploitation may allow execution of arbitrary code. Version 4.25 is affected.
c459eb16eb6d204e377978b43457b810Secunia Research has discovered a vulnerability in IrfanView, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a sign-extension error when processing certain PSD images, which can be exploited to cause a heap-based buffer overflow by tricking a user into opening a specially crafted PSD file. Successful exploitation may allow execution of arbitrary code. Version 4.25 is affected.
1d02a239b656c9b47420d49aa0503894Secunia Research has discovered a vulnerability in Internet Download Manager, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a boundary error when sending certain test sequences to an FTP server. This can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into downloading a file from a specially crafted FTP URI. Successful exploitation allows execution of arbitrary code. Internet Download Manager version 5.18 is affected.
3c4375824800f2b5512b3eddcbc4331bSecunia Research has discovered a vulnerability in imlib2, which can be exploited by malicious people to compromise an application using the library. The vulnerability is caused by a logic error within the "IMAGE_DIMENSIONS_OK()" macro in src/lib/image.h. This can be exploited to cause heap-based buffer overflows via e.g. specially crafted ARGB, XPM, and BMP image files.
7c12c62fa341ea3a6ab8bc44b2a0f180Secunia Research has discovered a vulnerability in XnView, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to an integer overflow when processing DICOM images with certain dimensions. This can be exploited to cause a heap-based buffer overflow by e.g. tricking a user into opening a specially crafted DICOM file. Version 1.97 is affected.
06aae772fe010c07ca5d04fd20ac13e2Secunia Research has discovered a vulnerability in DevIL, which can be exploited by malicious people to compromise an application using the library. The vulnerability is caused by a boundary error within the "GetUID()" function in src-IL/src/il_dicom.c. This can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into opening a specially crafted DICOM file in an application using the library. The vulnerability is confirmed in version 1.7.8. Other versions may also be affected.
58714520d3876effb9f18755329c2f3dSecunia Research has discovered a vulnerability in Gimp, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused by an integer overflow error within the "read_channel_data()" function in plug-ins/file-psd/psd-load.c. This can be exploited to cause a heap-based buffer overflow by e.g. tricking a user into opening a specially crafted PSD file. Version 2.6.7 is affected.
386e572c3ff9889366d1e2085c1d0e06Secunia Research has discovered a vulnerability in Gimp, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused by an integer overflow error within the "ReadImage()" function in plug-ins/file-bmp/bmp-read.c. This can be exploited to cause a heap-based buffer overflow by e.g. tricking a user into opening a specially crafted BMP file. Version 2.6.7 is affected.
3dabb0a7395d955c0d3e07a1ba13e642Secunia Research has discovered a vulnerability in IrfanView's Formats plug-in version 4.22, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an integer overflow when processing XPM files with certain dimensions. This can be exploited to cause a heap-based buffer overflow by e.g. tricking a user into opening a specially crafted XPM file.
176a384654d3a2af79e25045ad3ab1b2Secunia Research has discovered some buffer overflows ksquirrel-libs, which can be exploited by malicious people to compromise an application using the library. The vulnerabilities are caused due to boundary errors within the "mt_codec::getHdrHead()" function in kernel/kls_hdr/fmt_codec_hdr.cpp, which can be exploited to cause stack-based buffer overflows by e.g. tricking a user into opening a specially crafted Radiance RGBE (*.hdr) file. Version 0.8.0 is affected.
2d62b3f35db85dee2a1ad160a43353b7Secunia Research has discovered a vulnerability in SHOUTcast DNAS, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error when receiving data from a relay master server. This can be exploited to overflow a static buffer by tricking a SHOUTcast admin into setting up a server to act as relay for a malicious server. Successful exploitation allows to e.g. overwrite the password of the web administration interface. Version 1.9.8 is affected.
4f013be57abc3ad84ed62019f85a0932Secunia Research has discovered a vulnerability in Orbit Downloader, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error when generating the "Connecting" log message for HTTP downloads. This can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into downloading from a malicious HTTP server or opening a specially crafted HTTP URL containing an overly long host name. Successful exploitation allows execution of arbitrary code. Orbit Downloader versions 2.8.2 and 2.8.3 are vulnerable.
1549f884d3cbf6fade719a7e7dbf7df9Secunia Research has discovered a vulnerability in OpenSG, which can be exploited by malicious people to compromise an application using the library. The vulnerability is caused due to a boundary error within the "HDRImageFileType::checkHDR()" function in Source/System/Image/ OSGHDRImageFileType.cpp, which can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into opening a specially crafted Radiance RGBE (*.hdr) file. Successful exploitation allows execution of arbitrary code.
0067bce449d99bdc3c90ab7a2e162950
© 2019 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed