«
Expand/Collapse
269 items tagged "image"
Related tags:
paint shop pro image [+],
hacks [+],
application [+],
apple quicktime [+],
advanced [+],
adobe [+],
imagemagick [+],
gold [+],
disclosure [+],
yvs [+],
microsoft [+],
linux security [+],
irfanview [+],
image decompression [+],
flashpix [+],
faststone [+],
buffer [+],
arbitrary code execution [+],
wordpress [+],
windows bitmap [+],
tiff import [+],
selectapix [+],
openjpeg [+],
office [+],
microsoft photo editor [+],
mandriva [+],
image tile [+],
image file [+],
gif image format [+],
gallery 1 [+],
exploits [+],
cross site scripting [+],
adobe image [+],
vulnerability [+],
s image gallery [+],
photographer [+],
pcx image [+],
overflow vulnerability [+],
memory corruption [+],
jpeg [+],
image processing [+],
heap [+],
function [+],
bmp image [+],
amateur photographer [+],
xnview [+],
x window system [+],
x window [+],
webapps [+],
script [+],
narcissus [+],
memory [+],
free image [+],
file upload [+],
digital [+],
ziv welch [+],
zero day [+],
zero [+],
yabsoft [+],
tif [+],
third party [+],
taxonomy [+],
store [+],
stack overflow [+],
stack buffer [+],
spam image [+],
spam [+],
silverstripe [+],
search [+],
script version [+],
script sql [+],
root root [+],
rle [+],
remote shell [+],
raspberrypi [+],
pixlr [+],
perspective design [+],
perspective [+],
pdf [+],
overflow [+],
open source library [+],
multiple [+],
metasploit framework [+],
maxsite [+],
loop [+],
libexif [+],
jpeg 2000 [+],
jasper [+],
integer overflow [+],
insufficient checks [+],
inclusion [+],
image store [+],
image search engine [+],
image perspective [+],
image manager [+],
image load [+],
image host [+],
image function [+],
image editor [+],
graphic filter [+],
gold version [+],
format library [+],
forgery [+],
faststone image viewer [+],
drupal [+],
django [+],
design [+],
default [+],
decompression algorithm [+],
credentials [+],
crash proof [+],
configuration function [+],
conduit [+],
chunk size [+],
bmp [+],
automation [+],
ajax [+],
active x [+],
acdsee [+],
gimp [+],
based buffer overflow [+],
webkit [+],
web [+],
viscom [+],
user [+],
upload [+],
uninitialized [+],
txt [+],
svg [+],
steven j. murdoch tags [+],
sql [+],
remote [+],
process [+],
preferred image [+],
picture [+],
php [+],
pcx [+],
new image [+],
misc [+],
microsoft office documents [+],
microcontrollers [+],
maximillian dornseif [+],
internet [+],
integer overflow vulnerability [+],
information [+],
image pattern [+],
image manipulation software [+],
image base [+],
host [+],
hollowing [+],
gdip [+],
chaos communication congress [+],
change mail [+],
case [+],
cameras [+],
buffer overflows [+],
apple mac os x [+],
apple mac os [+],
ananda [+],
agent [+],
accelerometer [+],
4images image [+],
file [+],
buffer overflow vulnerability [+],
gallery [+],
image gallery [+],
code execution [+],
xss [+],
x ichat [+],
western suburbs [+],
web applications [+],
warns [+],
vulnerabilities [+],
video projector [+],
video [+],
vector displays [+],
usn [+],
update [+],
transfer [+],
track [+],
tiff library [+],
ti 84 emulator [+],
thessaloniki [+],
targa [+],
surface [+],
stefan cornelius [+],
sql injection [+],
space station [+],
softbiz [+],
soap film [+],
soap [+],
slider [+],
sip [+],
simulating [+],
simple [+],
server image [+],
server [+],
security vulnerabilities [+],
security case [+],
security [+],
scan lines [+],
scam [+],
samuel sargent [+],
safer use [+],
resizer [+],
realistic emulation [+],
psp image [+],
psp [+],
projector [+],
pov [+],
poc [+],
piwip [+],
pivotx [+],
piezo buzzer [+],
photoshopped [+],
panoramic image [+],
panoramic [+],
overhead projector [+],
omnitouch [+],
nikon [+],
news [+],
neal [+],
myimages [+],
music [+],
multitouch [+],
multiple buffer overflow [+],
mount olympus [+],
module [+],
megapixel image [+],
max msp [+],
max [+],
matrix clock [+],
matrix [+],
markus gritsch [+],
mail admin [+],
macro lens [+],
macro images [+],
macro [+],
mac [+],
logic error [+],
log [+],
light image [+],
light [+],
library [+],
lens [+],
krazy [+],
kolab groupware [+],
kevin finisterre [+],
interphoto [+],
international space station [+],
inline [+],
information disclosure [+],
imlib [+],
imageshack [+],
image upload [+],
image structures [+],
image resizer [+],
image projector [+],
image orientation [+],
image news [+],
image galleries [+],
image factory [+],
image dimensions [+],
image buffer [+],
image authentication system [+],
horde [+],
homeworlds [+],
hijacking [+],
hardware upgrade [+],
groupware server [+],
greece [+],
gray scale image [+],
graphing calculator [+],
gejosoft [+],
gallery management [+],
galleries [+],
free [+],
frame [+],
flood light [+],
film screen [+],
facebook [+],
eyeos [+],
emulator [+],
email [+],
dxl [+],
dupe [+],
djvu [+],
diy [+],
directory traversal vulnerability [+],
digital picture frame [+],
digital images [+],
digital image [+],
different colored pens [+],
dev [+],
denial of service [+],
dan rosenberg [+],
cve [+],
cur [+],
crt [+],
configuration [+],
concept [+],
clock [+],
chris mckenzie [+],
chris harrison [+],
checking [+],
chance [+],
calculator emulator [+],
calculator [+],
bugtraq [+],
breadboarding [+],
box [+],
blue marble [+],
blair [+],
bet [+],
bauble [+],
ball [+],
automated system [+],
authentication [+],
audio [+],
arbitrary code [+],
apple itunes [+],
apple [+],
aperture ring [+],
alien [+],
activex [+],
Software [+],
Hardware [+],
viewer [+],
gif [+],
mandriva linux [+],
tiff [+],
hosting [+],
red hat security [+],
day [+],
tiff image [+],
proof of concept [+],
image viewer [+],
gif image [+],
exchangeable image file format [+],
shell [+],
buffer overflow [+],
x internet,
vmware,
videoprojecteur,
treat,
stupid question,
secunia,
script v1,
research,
question,
projectors,
passwd,
merci,
memory information,
logic,
linux,
john,
information disclosure vulnerability,
hostos,
enabled,
dsa,
dr dos,
display,
disk image,
disk,
debutant,
debian linux,
daniel,
boot,
bmp jpeg,
bmp image files,
apple safari,
apple os x,
apple os,
absolute image,
Newbie,
Espace,
BackTrack,
Area
-
-
10:01
»
Hack a Day
You can leave the TI graphing calculator at home thanks to this web-based TI-83 and TI-84 emulator. As with pretty much all emulators, this depends on a ROM image from the actual hardware to work. But if you have one of the supported calculators (TI-83+, TI-83+ SE, TI-84+, or TI-84+SE) you can dump the image [...]
-
-
16:00
»
SecuriTeam
ACDSee PRO 5.1 CUR Image Processing suffers from heap overflow vulnerability
-
16:00
»
SecuriTeam
IrfanView 4.33 DJVU Image Processing is prone to a heap overflow vulnerability
-
-
16:00
»
SecuriTeam
Amateur Photographer's Image Gallery is prone to multiple SQL injection vulnerabilities, a cross-site scripting vulnerability, and an arbitrary file-disclosure vulnerability because the application fails to sufficiently sanitize user-supplied data.
-
11:01
»
Hack a Day
Scaled down it’s not as obvious that this image isn’t a crystal clear rendering of Mortal Kombat gameplay. But we’ve linked it to the full size version (just click on the image) so that you can get a better look. Notice the scan lines? This is the result of an effort to more accurately mimic [...]
-
-
14:37
»
Packet Storm Security Exploits
This Metasploit module exploits a vulnerability found in Narcissus image configuration function. This is due to the backend.php file not handling the $release parameter properly, and then passes it on to the configure_image() function. In this function, the $release parameter can be used to inject system commands for passthru (a PHP function that's meant to be used to run a bash script by the vulnerable application), which allows remote code execution under the context of the web server.
-
14:37
»
Packet Storm Security Recent Files
This Metasploit module exploits a vulnerability found in Narcissus image configuration function. This is due to the backend.php file not handling the $release parameter properly, and then passes it on to the configure_image() function. In this function, the $release parameter can be used to inject system commands for passthru (a PHP function that's meant to be used to run a bash script by the vulnerable application), which allows remote code execution under the context of the web server.
-
14:37
»
Packet Storm Security Misc. Files
This Metasploit module exploits a vulnerability found in Narcissus image configuration function. This is due to the backend.php file not handling the $release parameter properly, and then passes it on to the configure_image() function. In this function, the $release parameter can be used to inject system commands for passthru (a PHP function that's meant to be used to run a bash script by the vulnerable application), which allows remote code execution under the context of the web server.
-
-
0:08
»
Packet Storm Security Exploits
Amateur Photographer's Image Gallery version 0.9a suffers from cross site scripting, remote file disclosure, and remote SQL injection vulnerabilities.
-
0:08
»
Packet Storm Security Recent Files
Amateur Photographer's Image Gallery version 0.9a suffers from cross site scripting, remote file disclosure, and remote SQL injection vulnerabilities.
-
0:08
»
Packet Storm Security Misc. Files
Amateur Photographer's Image Gallery version 0.9a suffers from cross site scripting, remote file disclosure, and remote SQL injection vulnerabilities.
-
-
10:32
»
SecDocs
Authors:
Maximillian Dornseif Steven J. Murdoch Tags:
covert channel Event:
Chaos Communication Congress 21th (21C3) 2004 Abstract: Many files are being published on the Internet which hold unexpected (and potentially embarrassing) data. We examine different cases of hidden data in file formats (including Word, PDF and JPEG) and show examples of these from a crawl of the Internet. There is a growing trend to publish information on the Internet, rather than more conventional paper based distribution system. While this brings many benefits, complex document formats increase the risk of unintended document disclosure. A reasonably well known example is hidden information in Microsoft Office documents, in particular Word. These contain several items of potentially compromising hidden data. For example the GUID (Globally Unique IDentifier) allows different documents to be linked together, and allows the Ethernet address of the author to be derived. The revision history shows previous edits and links them to a name. Also even if revision tracking is turned off, the undo history can provide similar data. Likewise PDF documents contain metadata on the author and software used. Also since PDF can contain vector-based graphics, information not shown on the screen because it is obscured by a different object, may still exist in the file. This is a particular problem with redaction, where confidential information is covered with a black rectangle. If the redaction is performed in the PDF producer rather than editing the original image or text, then the redacted material remains in the file. While it will not be shown, the PDF file can be modified to reveal the data, or tools could be written to extract the data directly. Another potential leak of data is EXIF thumbnails in JPEG images. These are typically created by digital cameras or image manipulation software, but not all graphics programs will update them along with the main image. This results in edited images retaining the original version of the image in the thumbnail. In some cases this may only be inconvenient, such as rotated images showing the unrotated preview, but in other cases this could be a significant information leak. We performed an experiment of crawling the Internet for JPEG images and automated the process of identifying those whose thumbnail was significantly different from the main image. Our result was that almost 1% of JPEG had an incorrect EXIF thumbnail. While many were simple cropping, some were considerably more embarrassing. For example image manipulation was exposed since the thumbnail showed the original unmodified version, the source of a image could be seen despite the copyright notice being cropped out, a supposedly anonymised image showed the identity of the subject and in some cases by looking at the thumbnail, a partially nude photograph revealed more of the subject than originally intended. Our presentation will cover the issues with these formats and show real world incidents of compromising information leakage.
-
-
21:49
»
SecDocs
Authors:
Maximillian Dornseif Steven J. Murdoch Tags:
covert channel Event:
Chaos Communication Congress 21th (21C3) 2004 Abstract: Many files are being published on the Internet which hold unexpected (and potentially embarrassing) data. We examine different cases of hidden data in file formats (including Word, PDF and JPEG) and show examples of these from a crawl of the Internet. There is a growing trend to publish information on the Internet, rather than more conventional paper based distribution system. While this brings many benefits, complex document formats increase the risk of unintended document disclosure. A reasonably well known example is hidden information in Microsoft Office documents, in particular Word. These contain several items of potentially compromising hidden data. For example the GUID (Globally Unique IDentifier) allows different documents to be linked together, and allows the Ethernet address of the author to be derived. The revision history shows previous edits and links them to a name. Also even if revision tracking is turned off, the undo history can provide similar data. Likewise PDF documents contain metadata on the author and software used. Also since PDF can contain vector-based graphics, information not shown on the screen because it is obscured by a different object, may still exist in the file. This is a particular problem with redaction, where confidential information is covered with a black rectangle. If the redaction is performed in the PDF producer rather than editing the original image or text, then the redacted material remains in the file. While it will not be shown, the PDF file can be modified to reveal the data, or tools could be written to extract the data directly. Another potential leak of data is EXIF thumbnails in JPEG images. These are typically created by digital cameras or image manipulation software, but not all graphics programs will update them along with the main image. This results in edited images retaining the original version of the image in the thumbnail. In some cases this may only be inconvenient, such as rotated images showing the unrotated preview, but in other cases this could be a significant information leak. We performed an experiment of crawling the Internet for JPEG images and automated the process of identifying those whose thumbnail was significantly different from the main image. Our result was that almost 1% of JPEG had an incorrect EXIF thumbnail. While many were simple cropping, some were considerably more embarrassing. For example image manipulation was exposed since the thumbnail showed the original unmodified version, the source of a image could be seen despite the copyright notice being cropped out, a supposedly anonymised image showed the identity of the subject and in some cases by looking at the thumbnail, a partially nude photograph revealed more of the subject than originally intended. Our presentation will cover the issues with these formats and show real world incidents of compromising information leakage.
-
-
6:00
»
Hack a Day
The image above shows Mount Olympus in the center, with a tiny bit of the western suburbs of Thessaloniki, the second largest city in Greece, in the lower right hand corner. These two points are 70 kilometers apart, but we’re not seeing a picture taken from the International Space Station. This is a picture from [...]
-
-
13:02
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-1255-01 - The libexif packages provide an Exchangeable image file format library. Exif allows metadata to be added to and read from certain types of image files. Multiple flaws were found in the way libexif processed Exif tags. An attacker could create a specially-crafted image file that, when opened in an application linked against libexif, could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
-
13:02
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-1255-01 - The libexif packages provide an Exchangeable image file format library. Exif allows metadata to be added to and read from certain types of image files. Multiple flaws were found in the way libexif processed Exif tags. An attacker could create a specially-crafted image file that, when opened in an application linked against libexif, could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
-
13:02
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-1255-01 - The libexif packages provide an Exchangeable image file format library. Exif allows metadata to be added to and read from certain types of image files. Multiple flaws were found in the way libexif processed Exif tags. An attacker could create a specially-crafted image file that, when opened in an application linked against libexif, could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
-
-
11:01
»
Hack a Day
The image you see above isn’t a simple photograph of our blue marble from thousands of miles above. No, that image is much cooler than a satellite because it’s a projection of the Earth onto a soap film screen. Yes, we can now display images on the surface of bubbles. Instead of a the soap [...]
-
-
19:54
»
Packet Storm Security Advisories
The Drupal Taxonomy Image third party module version 6.x suffers from arbitrary php code execution and cross site scripting vulnerabilities.
-
-
18:40
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2012-143 - Multiple vulnerabilities has been discovered and corrected in python-django. The django.http.HttpResponsePermanentRedirect classes in Django before 1.3.2 and 1.4.x before 1.4.1 do not validate the scheme of a redirect target, which might allow remote attackers to conduct cross-site scripting attacks via a data: URL. The django.forms.ImageField class in the form system in Django before 1.3.2 and 1.4.x before 1.4.1 completely decompresses image data during image validation, which allows remote attackers to cause a denial of service by uploading an image file. The get_image_dimensions function in the image-handling functionality in Django before 1.3.2 and 1.4.x before 1.4.1 uses a constant chunk size in all attempts to determine dimensions, which allows remote attackers to cause a denial of service via a large TIFF image. The updated packages have been upgraded to the 1.3.3 version which is not vulnerable to these issues.
-
18:40
»
Packet Storm Security Recent Files
Mandriva Linux Security Advisory 2012-143 - Multiple vulnerabilities has been discovered and corrected in python-django. The django.http.HttpResponsePermanentRedirect classes in Django before 1.3.2 and 1.4.x before 1.4.1 do not validate the scheme of a redirect target, which might allow remote attackers to conduct cross-site scripting attacks via a data: URL. The django.forms.ImageField class in the form system in Django before 1.3.2 and 1.4.x before 1.4.1 completely decompresses image data during image validation, which allows remote attackers to cause a denial of service by uploading an image file. The get_image_dimensions function in the image-handling functionality in Django before 1.3.2 and 1.4.x before 1.4.1 uses a constant chunk size in all attempts to determine dimensions, which allows remote attackers to cause a denial of service via a large TIFF image. The updated packages have been upgraded to the 1.3.3 version which is not vulnerable to these issues.
-
18:40
»
Packet Storm Security Misc. Files
Mandriva Linux Security Advisory 2012-143 - Multiple vulnerabilities has been discovered and corrected in python-django. The django.http.HttpResponsePermanentRedirect classes in Django before 1.3.2 and 1.4.x before 1.4.1 do not validate the scheme of a redirect target, which might allow remote attackers to conduct cross-site scripting attacks via a data: URL. The django.forms.ImageField class in the form system in Django before 1.3.2 and 1.4.x before 1.4.1 completely decompresses image data during image validation, which allows remote attackers to cause a denial of service by uploading an image file. The get_image_dimensions function in the image-handling functionality in Django before 1.3.2 and 1.4.x before 1.4.1 uses a constant chunk size in all attempts to determine dimensions, which allows remote attackers to cause a denial of service via a large TIFF image. The updated packages have been upgraded to the 1.3.3 version which is not vulnerable to these issues.
-
-
14:50
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-1180-01 - The GIMP is an image composition and editing program. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP's GIF image format plug-in. An attacker could create a specially-crafted GIF image file that, when opened, could cause the GIF plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. A heap-based buffer overflow flaw was found in the Lempel-Ziv-Welch decompression algorithm implementation used by the GIMP's GIF image format plug-in. An attacker could create a specially-crafted GIF image file that, when opened, could cause the GIF plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP.
-
14:50
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-1180-01 - The GIMP is an image composition and editing program. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP's GIF image format plug-in. An attacker could create a specially-crafted GIF image file that, when opened, could cause the GIF plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. A heap-based buffer overflow flaw was found in the Lempel-Ziv-Welch decompression algorithm implementation used by the GIMP's GIF image format plug-in. An attacker could create a specially-crafted GIF image file that, when opened, could cause the GIF plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP.
-
14:50
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-1180-01 - The GIMP is an image composition and editing program. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP's GIF image format plug-in. An attacker could create a specially-crafted GIF image file that, when opened, could cause the GIF plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. A heap-based buffer overflow flaw was found in the Lempel-Ziv-Welch decompression algorithm implementation used by the GIMP's GIF image format plug-in. An attacker could create a specially-crafted GIF image file that, when opened, could cause the GIF plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP.
-
14:49
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-1181-01 - The GIMP is an image composition and editing program. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the GIMP's Adobe Photoshop image file plug-in. An attacker could create a specially-crafted PSD image file that, when opened, could cause the PSD plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP's GIF image format plug-in. An attacker could create a specially-crafted GIF image file that, when opened, could cause the GIF plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP.
-
14:49
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-1181-01 - The GIMP is an image composition and editing program. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the GIMP's Adobe Photoshop image file plug-in. An attacker could create a specially-crafted PSD image file that, when opened, could cause the PSD plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP's GIF image format plug-in. An attacker could create a specially-crafted GIF image file that, when opened, could cause the GIF plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP.
-
14:49
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-1181-01 - The GIMP is an image composition and editing program. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the GIMP's Adobe Photoshop image file plug-in. An attacker could create a specially-crafted PSD image file that, when opened, could cause the PSD plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP's GIF image format plug-in. An attacker could create a specially-crafted GIF image file that, when opened, could cause the GIF plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP.
-
-
17:00
»
SecuriTeam
Image News slider plugin for WordPress is prone to multiple unspecified security vulnerabilities.
-
-
7:05
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2012-127 - A heap-based buffer overflow flaw was found in the way tiff2pdf, a TIFF image to a PDF document conversion tool, of libtiff, a library of functions for manipulating TIFF image format files, performed write of TIFF image content into particular PDF document file, when not properly initialized T2P context struct pointer has been provided by tiff2pdf as one of parameters for the routine performing the write. A remote attacker could provide a specially-crafted TIFF image format file, that when processed by tiff2pdf would lead to tiff2pdf executable crash or, potentially, arbitrary code execution with the privileges of the user running the tiff2pdf binary. The updated packages have been patched to correct this issue.
-
7:05
»
Packet Storm Security Recent Files
Mandriva Linux Security Advisory 2012-127 - A heap-based buffer overflow flaw was found in the way tiff2pdf, a TIFF image to a PDF document conversion tool, of libtiff, a library of functions for manipulating TIFF image format files, performed write of TIFF image content into particular PDF document file, when not properly initialized T2P context struct pointer has been provided by tiff2pdf as one of parameters for the routine performing the write. A remote attacker could provide a specially-crafted TIFF image format file, that when processed by tiff2pdf would lead to tiff2pdf executable crash or, potentially, arbitrary code execution with the privileges of the user running the tiff2pdf binary. The updated packages have been patched to correct this issue.
-
7:05
»
Packet Storm Security Misc. Files
Mandriva Linux Security Advisory 2012-127 - A heap-based buffer overflow flaw was found in the way tiff2pdf, a TIFF image to a PDF document conversion tool, of libtiff, a library of functions for manipulating TIFF image format files, performed write of TIFF image content into particular PDF document file, when not properly initialized T2P context struct pointer has been provided by tiff2pdf as one of parameters for the routine performing the write. A remote attacker could provide a specially-crafted TIFF image format file, that when processed by tiff2pdf would lead to tiff2pdf executable crash or, potentially, arbitrary code execution with the privileges of the user running the tiff2pdf binary. The updated packages have been patched to correct this issue.
-
-
17:24
»
Packet Storm Security Exploits
The RaspberryPi Occidentalis version 0.1 image spawns sshd by default without prompting users to change their credentials, leaving their systems accessible via root/root default credentials.
-
17:24
»
Packet Storm Security Recent Files
The RaspberryPi Occidentalis version 0.1 image spawns sshd by default without prompting users to change their credentials, leaving their systems accessible via root/root default credentials.
-
17:24
»
Packet Storm Security Misc. Files
The RaspberryPi Occidentalis version 0.1 image spawns sshd by default without prompting users to change their credentials, leaving their systems accessible via root/root default credentials.
-
-
21:56
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2012-104 - OpenJPEG allocated insufficient memory when encoding JPEG 2000 files from input images that have certain color depths. A remote attacker could provide a specially-crafted image file that, when opened in an application linked against OpenJPEG , would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. An input validation flaw, leading to a heap-based buffer overflow, was found in the way OpenJPEG handled the tile number and size in an image tile header. A remote attacker could provide a specially-crafted image file that, when decoded using an application linked against OpenJPEG, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. The updated packages have been patched to correct these issues.
-
21:56
»
Packet Storm Security Recent Files
Mandriva Linux Security Advisory 2012-104 - OpenJPEG allocated insufficient memory when encoding JPEG 2000 files from input images that have certain color depths. A remote attacker could provide a specially-crafted image file that, when opened in an application linked against OpenJPEG , would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. An input validation flaw, leading to a heap-based buffer overflow, was found in the way OpenJPEG handled the tile number and size in an image tile header. A remote attacker could provide a specially-crafted image file that, when decoded using an application linked against OpenJPEG, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. The updated packages have been patched to correct these issues.
-
21:56
»
Packet Storm Security Misc. Files
Mandriva Linux Security Advisory 2012-104 - OpenJPEG allocated insufficient memory when encoding JPEG 2000 files from input images that have certain color depths. A remote attacker could provide a specially-crafted image file that, when opened in an application linked against OpenJPEG , would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. An input validation flaw, leading to a heap-based buffer overflow, was found in the way OpenJPEG handled the tile number and size in an image tile header. A remote attacker could provide a specially-crafted image file that, when decoded using an application linked against OpenJPEG, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. The updated packages have been patched to correct these issues.
-
13:01
»
Hack a Day
This digital picture frame physically rotates in order to match the image’s orientation. [Markus Gritsch] built the frame, including a Python script to translate the photos to a format which makes the best use of the 2.4″ LCD screen. The screen is addressed in 8-bit parallel by a PICÂ 32MX120F032B processor. Image are read from an [...]
-
-
18:26
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-1068-01 - OpenJPEG is an open source library for reading and writing image files in JPEG 2000 format. An input validation flaw, leading to a heap-based buffer overflow, was found in the way OpenJPEG handled the tile number and size in an image tile header. A remote attacker could provide a specially-crafted image file that, when decoded using an application linked against OpenJPEG, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. OpenJPEG allocated insufficient memory when encoding JPEG 2000 files from input images that have certain color depths. A remote attacker could provide a specially-crafted image file that, when opened in an application linked against OpenJPEG, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
-
18:26
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-1068-01 - OpenJPEG is an open source library for reading and writing image files in JPEG 2000 format. An input validation flaw, leading to a heap-based buffer overflow, was found in the way OpenJPEG handled the tile number and size in an image tile header. A remote attacker could provide a specially-crafted image file that, when decoded using an application linked against OpenJPEG, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. OpenJPEG allocated insufficient memory when encoding JPEG 2000 files from input images that have certain color depths. A remote attacker could provide a specially-crafted image file that, when opened in an application linked against OpenJPEG, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
-
18:26
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-1068-01 - OpenJPEG is an open source library for reading and writing image files in JPEG 2000 format. An input validation flaw, leading to a heap-based buffer overflow, was found in the way OpenJPEG handled the tile number and size in an image tile header. A remote attacker could provide a specially-crafted image file that, when decoded using an application linked against OpenJPEG, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. OpenJPEG allocated insufficient memory when encoding JPEG 2000 files from input images that have certain color depths. A remote attacker could provide a specially-crafted image file that, when opened in an application linked against OpenJPEG, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
-
-
12:18
»
Packet Storm Security Exploits
Silverstripe Pixlr Image Editor third party module version 1.0.4 suffers from an unauthenticated remote shell upload vulnerability.
-
-
10:01
»
Hack a Day
This image should look familiar to regular readers. It’s a concept that [Chris Harrison] has been working on for a while, and this hardware upgrade uses equipment which which we’re all familiar. The newest rendition, which is named the Omnitouch, uses a shoulder-mounted system for both input and output. The functionality is the same as [...]
-
-
7:36
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2012-078 - Multiple vulnerabilities has been found and corrected in imagemagick. A flaw was found in the way ImageMagick processed images with malformed Exchangeable image file format metadata. An attacker could create a specially-crafted image file that, when opened by a victim, would cause ImageMagick to crash or, potentially, execute arbitrary code. A denial of service flaw was found in the way ImageMagick processed images with malformed Exif metadata. An attacker could create a specially-crafted image file that, when opened by a victim, could cause ImageMagick to enter an infinite loop. Various other issues have also been addressed.
-
7:36
»
Packet Storm Security Recent Files
Mandriva Linux Security Advisory 2012-078 - Multiple vulnerabilities has been found and corrected in imagemagick. A flaw was found in the way ImageMagick processed images with malformed Exchangeable image file format metadata. An attacker could create a specially-crafted image file that, when opened by a victim, would cause ImageMagick to crash or, potentially, execute arbitrary code. A denial of service flaw was found in the way ImageMagick processed images with malformed Exif metadata. An attacker could create a specially-crafted image file that, when opened by a victim, could cause ImageMagick to enter an infinite loop. Various other issues have also been addressed.
-
7:36
»
Packet Storm Security Misc. Files
Mandriva Linux Security Advisory 2012-078 - Multiple vulnerabilities has been found and corrected in imagemagick. A flaw was found in the way ImageMagick processed images with malformed Exchangeable image file format metadata. An attacker could create a specially-crafted image file that, when opened by a victim, would cause ImageMagick to crash or, potentially, execute arbitrary code. A denial of service flaw was found in the way ImageMagick processed images with malformed Exif metadata. An attacker could create a specially-crafted image file that, when opened by a victim, could cause ImageMagick to enter an infinite loop. Various other issues have also been addressed.
-
-
12:29
»
Packet Storm Security Recent Files
Mandriva Linux Security Advisory 2012-077 - Untrusted search path vulnerability in configure.c in ImageMagick before 6.6.5-5, when MAGICKCORE_INSTALLED_SUPPORT is defined, allows local users to gain privileges via a Trojan horse configuration file in the current working directory. A flaw was found in the way ImageMagick processed images with malformed Exchangeable image file format metadata. An attacker could create a specially-crafted image file that, when opened by a victim, would cause ImageMagick to crash or, potentially, execute arbitrary code. A denial of service flaw was found in the way ImageMagick processed images with malformed Exif metadata. An attacker could create a specially-crafted image file that, when opened by a victim, could cause ImageMagick to enter an infinite loop. Various other issues have also been addressed.
-
-
13:04
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-0544-01 - ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. A flaw was found in the way ImageMagick processed images with malformed Exchangeable image file format metadata. An attacker could create a specially-crafted image file that, when opened by a victim, would cause ImageMagick to crash or, potentially, execute arbitrary code. A denial of service flaw was found in the way ImageMagick processed images with malformed Exif metadata. An attacker could create a specially-crafted image file that, when opened by a victim, could cause ImageMagick to enter an infinite loop.
-
13:04
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-0544-01 - ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. A flaw was found in the way ImageMagick processed images with malformed Exchangeable image file format metadata. An attacker could create a specially-crafted image file that, when opened by a victim, would cause ImageMagick to crash or, potentially, execute arbitrary code. A denial of service flaw was found in the way ImageMagick processed images with malformed Exif metadata. An attacker could create a specially-crafted image file that, when opened by a victim, could cause ImageMagick to enter an infinite loop.
-
13:03
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-0545-01 - ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. A flaw was found in the way ImageMagick processed images with malformed Exchangeable image file format metadata. An attacker could create a specially-crafted image file that, when opened by a victim, would cause ImageMagick to crash or, potentially, execute arbitrary code. A denial of service flaw was found in the way ImageMagick processed images with malformed Exif metadata. An attacker could create a specially-crafted image file that, when opened by a victim, could cause ImageMagick to enter an infinite loop.
-
13:03
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-0545-01 - ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. A flaw was found in the way ImageMagick processed images with malformed Exchangeable image file format metadata. An attacker could create a specially-crafted image file that, when opened by a victim, would cause ImageMagick to crash or, potentially, execute arbitrary code. A denial of service flaw was found in the way ImageMagick processed images with malformed Exif metadata. An attacker could create a specially-crafted image file that, when opened by a victim, could cause ImageMagick to enter an infinite loop.
-
-
14:01
»
Hack a Day
This image contains a hidden audio track which you’re very familiar with. Well, it used to. We’d bet we messed up the careful encoding that [Chris McKenzie] used to hide data within an image when we resized the original. He’s using a method called Steganography to hide a message in plain sight. Since digital images [...]
-
-
7:14
»
Packet Storm Security Advisories
Red Hat Security Advisory 2011-1807-01 - JasPer is an implementation of Part 1 of the JPEG 2000 image compression standard. Two heap-based buffer overflow flaws were found in the way JasPer decoded JPEG 2000 compressed image files. An attacker could create a malicious JPEG 2000 compressed image file that, when opened, would cause applications that use JasPer to crash or, potentially, execute arbitrary code.
-
7:14
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2011-1807-01 - JasPer is an implementation of Part 1 of the JPEG 2000 image compression standard. Two heap-based buffer overflow flaws were found in the way JasPer decoded JPEG 2000 compressed image files. An attacker could create a malicious JPEG 2000 compressed image file that, when opened, would cause applications that use JasPer to crash or, potentially, execute arbitrary code.
-
7:14
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2011-1807-01 - JasPer is an implementation of Part 1 of the JPEG 2000 image compression standard. Two heap-based buffer overflow flaws were found in the way JasPer decoded JPEG 2000 compressed image files. An attacker could create a malicious JPEG 2000 compressed image file that, when opened, would cause applications that use JasPer to crash or, potentially, execute arbitrary code.
-
10:21
»
Hack a Day
So we saw this tip come in and thought–oh, another POV device. We watched the video (embedded after the break), took a sip of coffee, then almost sprayed the beverage all over the computer when we realized that this uses a diy sensor to synchronize the POV image. [Ch00f] came up with the idea for [...]
-
-
10:56
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-299 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Adobe 2D.x3d PICT image parsing routines. When Adobe Reader parses an PICT image it uses a static buffer to store certain image header values. Due to insufficient checks for the end of the buffer it is possible to write outside the stack buffer. The resulting stack overflow could result in remote code execution under the context of the current user.
-
10:56
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-299 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Adobe 2D.x3d PICT image parsing routines. When Adobe Reader parses an PICT image it uses a static buffer to store certain image header values. Due to insufficient checks for the end of the buffer it is possible to write outside the stack buffer. The resulting stack overflow could result in remote code execution under the context of the current user.
-
10:56
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-299 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Adobe 2D.x3d PICT image parsing routines. When Adobe Reader parses an PICT image it uses a static buffer to store certain image header values. Due to insufficient checks for the end of the buffer it is possible to write outside the stack buffer. The resulting stack overflow could result in remote code execution under the context of the current user.
-
10:56
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-298 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Adobe Image parsing library. When Adobe Reader tries to parse an .IFF image. While it tries to copy the image data from the RGBA chunk insufficient boundary checks are performed on a row counter which could lead to a heap overflow. This could result in remote code execution with the rights of the current user.
-
10:56
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-298 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Adobe Image parsing library. When Adobe Reader tries to parse an .IFF image. While it tries to copy the image data from the RGBA chunk insufficient boundary checks are performed on a row counter which could lead to a heap overflow. This could result in remote code execution with the rights of the current user.
-
10:56
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-298 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Adobe Image parsing library. When Adobe Reader tries to parse an .IFF image. While it tries to copy the image data from the RGBA chunk insufficient boundary checks are performed on a row counter which could lead to a heap overflow. This could result in remote code execution with the rights of the current user.
-
10:56
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-297 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Adobe Image parsing library. When Adobe Reader tries to parse an .PCX image it creates a 32 bits loop counter based on the height and width of the image. It then enters a loop to copy data from the file in to a memory buffer, but the loop counter used in that function is only a 16 bit integer and as such can never reach the end of the loop when the max loop counter is bigger then 0xFFFF. Exploitation of this issue allows for remote code execution under the context of the user running the application.
-
10:56
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-297 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Adobe Image parsing library. When Adobe Reader tries to parse an .PCX image it creates a 32 bits loop counter based on the height and width of the image. It then enters a loop to copy data from the file in to a memory buffer, but the loop counter used in that function is only a 16 bit integer and as such can never reach the end of the loop when the max loop counter is bigger then 0xFFFF. Exploitation of this issue allows for remote code execution under the context of the user running the application.
-
10:56
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-297 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Adobe Image parsing library. When Adobe Reader tries to parse an .PCX image it creates a 32 bits loop counter based on the height and width of the image. It then enters a loop to copy data from the file in to a memory buffer, but the loop counter used in that function is only a 16 bit integer and as such can never reach the end of the loop when the max loop counter is bigger then 0xFFFF. Exploitation of this issue allows for remote code execution under the context of the user running the application.
-
-
14:52
»
Hack a Day
This odd-looking ball can automatically take a panoramic image whenever you throw it up into the air. Seriously, that’s then entire set of operating instructions for the device. Inside, a 3D printed frame hosts an array of 36 cellphone cameras, each capable of taking a two megapixel image. Also included is an accelerometer. When it [...]
-
-
6:49
»
Packet Storm Security Recent Files
Whitepaper called Process Hollowing. Process hollowing is yet another tool in the kit of those who seek to hide the presence of a process. The idea is rather straight forward: a bootstrap application creates a seemingly innocent process in a suspended state. The legitimate image is then unmapped and replaced with the image that is to be hidden. If the preferred image base of the new image does not match that of the old image, the new image must be rebased. Once the new image is loaded in memory the EAX register of the suspended thread is set to the entry point. The process is then resumed and the entry point of the new image is executed.
-
6:49
»
Packet Storm Security Misc. Files
Whitepaper called Process Hollowing. Process hollowing is yet another tool in the kit of those who seek to hide the presence of a process. The idea is rather straight forward: a bootstrap application creates a seemingly innocent process in a suspended state. The legitimate image is then unmapped and replaced with the image that is to be hidden. If the preferred image base of the new image does not match that of the old image, the new image must be rebased. Once the new image is loaded in memory the EAX register of the suspended thread is set to the entry point. The process is then resumed and the entry point of the new image is executed.
-
-
12:02
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2011-132 - Multiple vulnerabilities have been identified and fixed in pidgin. It was found that the gdk-pixbuf GIF image loader routine gdk_pixbuf__gif_image_load() did not properly handle certain return values from its subroutines. A remote attacker could provide a specially-crafted GIF image, which, once opened in Pidgin, would lead gdk-pixbuf to return a partially initialized pixbuf structure. Various other issues were also addressed.
-
12:02
»
Packet Storm Security Recent Files
Mandriva Linux Security Advisory 2011-132 - Multiple vulnerabilities have been identified and fixed in pidgin. It was found that the gdk-pixbuf GIF image loader routine gdk_pixbuf__gif_image_load() did not properly handle certain return values from its subroutines. A remote attacker could provide a specially-crafted GIF image, which, once opened in Pidgin, would lead gdk-pixbuf to return a partially initialized pixbuf structure. Various other issues were also addressed.
-
12:02
»
Packet Storm Security Misc. Files
Mandriva Linux Security Advisory 2011-132 - Multiple vulnerabilities have been identified and fixed in pidgin. It was found that the gdk-pixbuf GIF image loader routine gdk_pixbuf__gif_image_load() did not properly handle certain return values from its subroutines. A remote attacker could provide a specially-crafted GIF image, which, once opened in Pidgin, would lead gdk-pixbuf to return a partially initialized pixbuf structure. Various other issues were also addressed.
-
-
7:08
»
Packet Storm Security Exploits
WordPress Image Gallery with Slideshow plugin versions 1.5 and below suffer from remote SQL injection and shell upload vulnerabilities.
-
-
23:02
»
Packet Storm Security Advisories
Red Hat Security Advisory 2011-0839-01 - The GIMP is an image composition and editing program. A heap-based buffer overflow flaw was found in the GIMP's Paint Shop Pro image file plug-in. An attacker could create a specially-crafted PSP image file that, when opened, could cause the PSP plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. A stack-based buffer overflow flaw was found in the GIMP's Lightning, Sphere Designer, and Gfig image filters. An attacker could create a specially-crafted Lightning, Sphere Designer, or Gfig filter configuration file that, when opened, could cause the relevant plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. Various other issues were also addressed.
-
23:02
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2011-0839-01 - The GIMP is an image composition and editing program. A heap-based buffer overflow flaw was found in the GIMP's Paint Shop Pro image file plug-in. An attacker could create a specially-crafted PSP image file that, when opened, could cause the PSP plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. A stack-based buffer overflow flaw was found in the GIMP's Lightning, Sphere Designer, and Gfig image filters. An attacker could create a specially-crafted Lightning, Sphere Designer, or Gfig filter configuration file that, when opened, could cause the relevant plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. Various other issues were also addressed.
-
23:02
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2011-0839-01 - The GIMP is an image composition and editing program. A heap-based buffer overflow flaw was found in the GIMP's Paint Shop Pro image file plug-in. An attacker could create a specially-crafted PSP image file that, when opened, could cause the PSP plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. A stack-based buffer overflow flaw was found in the GIMP's Lightning, Sphere Designer, and Gfig image filters. An attacker could create a specially-crafted Lightning, Sphere Designer, or Gfig filter configuration file that, when opened, could cause the relevant plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. Various other issues were also addressed.
-
22:58
»
Packet Storm Security Advisories
Red Hat Security Advisory 2011-0838-01 - The GIMP is an image composition and editing program. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP's Microsoft Windows Bitmap and Personal Computer eXchange image file plug-ins. An attacker could create a specially-crafted BMP or PCX image file that, when opened, could cause the relevant plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. A heap-based buffer overflow flaw was found in the GIMP's Paint Shop Pro image file plug-in. An attacker could create a specially-crafted PSP image file that, when opened, could cause the PSP plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. Various other issues were also addressed.
-
22:58
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2011-0838-01 - The GIMP is an image composition and editing program. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP's Microsoft Windows Bitmap and Personal Computer eXchange image file plug-ins. An attacker could create a specially-crafted BMP or PCX image file that, when opened, could cause the relevant plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. A heap-based buffer overflow flaw was found in the GIMP's Paint Shop Pro image file plug-in. An attacker could create a specially-crafted PSP image file that, when opened, could cause the PSP plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. Various other issues were also addressed.
-
22:58
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2011-0838-01 - The GIMP is an image composition and editing program. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP's Microsoft Windows Bitmap and Personal Computer eXchange image file plug-ins. An attacker could create a specially-crafted BMP or PCX image file that, when opened, could cause the relevant plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. A heap-based buffer overflow flaw was found in the GIMP's Paint Shop Pro image file plug-in. An attacker could create a specially-crafted PSP image file that, when opened, could cause the PSP plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. Various other issues were also addressed.
-
22:57
»
Packet Storm Security Advisories
Red Hat Security Advisory 2011-0837-01 - The GIMP is an image composition and editing program. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP's Microsoft Windows Bitmap and Personal Computer eXchange image file plug-ins. An attacker could create a specially-crafted BMP or PCX image file that, when opened, could cause the relevant plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. A heap-based buffer overflow flaw was found in the GIMP's Paint Shop Pro image file plug-in. An attacker could create a specially-crafted PSP image file that, when opened, could cause the PSP plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. Various other issues were also addressed.
-
22:57
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2011-0837-01 - The GIMP is an image composition and editing program. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP's Microsoft Windows Bitmap and Personal Computer eXchange image file plug-ins. An attacker could create a specially-crafted BMP or PCX image file that, when opened, could cause the relevant plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. A heap-based buffer overflow flaw was found in the GIMP's Paint Shop Pro image file plug-in. An attacker could create a specially-crafted PSP image file that, when opened, could cause the PSP plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. Various other issues were also addressed.
-
22:57
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2011-0837-01 - The GIMP is an image composition and editing program. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP's Microsoft Windows Bitmap and Personal Computer eXchange image file plug-ins. An attacker could create a specially-crafted BMP or PCX image file that, when opened, could cause the relevant plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. A heap-based buffer overflow flaw was found in the GIMP's Paint Shop Pro image file plug-in. An attacker could create a specially-crafted PSP image file that, when opened, could cause the PSP plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. Various other issues were also addressed.
-
-
14:24
»
Hack a Day
[Samuel Sargent] built his own lens for making stacked macro images.This project, which was completed as part of his senior thesis, utilizes a Zeiss enlarger lens. The aperture ring was broken, making it difficult to tell how much light was being let into the camera. Instead of scrapping the whole thing he turned it around, [...]
-
-
13:01
»
Hack a Day
There’s a pretty good chance that you already have everything needed to make this image projector. We thought that yesterday’s video projector was simple, but this one makes it look like a super-computer in comparison. [Esrun] grabbed a flood light, some transparency film, and a common magnifying glass for use in his still-image project. This [...]
-
-
13:34
»
Packet Storm Security Advisories
Secunia Research has discovered two vulnerabilities in Microsoft Office, which can be exploited by malicious people to compromise a user's system. An input validation error in the TIFF Import/Export Graphic Filter when copying certain data can be exploited to cause a heap-based buffer overflow via a specially crafted TIFF image. Another input validation error in the TIFF Import/Export Graphic Filter when copying certain data after having encountered a specific error can be exploited to cause a heap-based buffer overflow via a specially crafted TIFF image. Successful exploitation of the vulnerabilities may allow execution of arbitrary code when processing a TIFF image in an application using the graphics filter (e.g. opening the image in Microsoft Photo Editor or importing it into an Office document).
-
13:34
»
Packet Storm Security Recent Files
Secunia Research has discovered two vulnerabilities in Microsoft Office, which can be exploited by malicious people to compromise a user's system. An input validation error in the TIFF Import/Export Graphic Filter when copying certain data can be exploited to cause a heap-based buffer overflow via a specially crafted TIFF image. Another input validation error in the TIFF Import/Export Graphic Filter when copying certain data after having encountered a specific error can be exploited to cause a heap-based buffer overflow via a specially crafted TIFF image. Successful exploitation of the vulnerabilities may allow execution of arbitrary code when processing a TIFF image in an application using the graphics filter (e.g. opening the image in Microsoft Photo Editor or importing it into an Office document).
-
13:34
»
Packet Storm Security Misc. Files
Secunia Research has discovered two vulnerabilities in Microsoft Office, which can be exploited by malicious people to compromise a user's system. An input validation error in the TIFF Import/Export Graphic Filter when copying certain data can be exploited to cause a heap-based buffer overflow via a specially crafted TIFF image. Another input validation error in the TIFF Import/Export Graphic Filter when copying certain data after having encountered a specific error can be exploited to cause a heap-based buffer overflow via a specially crafted TIFF image. Successful exploitation of the vulnerabilities may allow execution of arbitrary code when processing a TIFF image in an application using the graphics filter (e.g. opening the image in Microsoft Photo Editor or importing it into an Office document).
-
13:18
»
Packet Storm Security Advisories
Secunia Research has discovered a vulnerability in Microsoft Office, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused by an error in the TIFF Import/Export Graphic Filter (TIFFIM32.FLT) when converting the endianess of certain data. This can be exploited to corrupt memory via e.g. a specially crafted TIFF image. Successful exploitation may allow execution of arbitrary code when processing a TIFF image in an application using the graphics filter (e.g. opening the image in Microsoft Photo Editor or importing it into an Office document).
-
13:18
»
Packet Storm Security Recent Files
Secunia Research has discovered a vulnerability in Microsoft Office, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused by an error in the TIFF Import/Export Graphic Filter (TIFFIM32.FLT) when converting the endianess of certain data. This can be exploited to corrupt memory via e.g. a specially crafted TIFF image. Successful exploitation may allow execution of arbitrary code when processing a TIFF image in an application using the graphics filter (e.g. opening the image in Microsoft Photo Editor or importing it into an Office document).
-
13:18
»
Packet Storm Security Misc. Files
Secunia Research has discovered a vulnerability in Microsoft Office, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused by an error in the TIFF Import/Export Graphic Filter (TIFFIM32.FLT) when converting the endianess of certain data. This can be exploited to corrupt memory via e.g. a specially crafted TIFF image. Successful exploitation may allow execution of arbitrary code when processing a TIFF image in an application using the graphics filter (e.g. opening the image in Microsoft Photo Editor or importing it into an Office document).
-
-
14:00
»
Packet Storm Security Advisories
Ubuntu Security Notice 993-1 - Stefan Cornelius discovered that libgdiplus incorrectly handled certain image files. If a user or automated system were tricked into opening a crafted image file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program.
-
-
8:57
»
Hack a Day
Normally when we feature a clock made with a 32×8 LED matrix we’d load up an image of the display for the banner photo. But this time around we were so impressed by [JB's] breadboard work we had to use this image. We see an ATmega168, three buttons, three LEDs, a piezo buzzer, 32.768 kHz [...]
-
-
12:01
»
Packet Storm Security Recent Files
Mandriva Linux Security Advisory 2010-166 - Multiple integer overflows in libgdiplus 2.6.7, as used in Mono, allow attackers to execute arbitrary code via a crafted TIFF file, related to the gdip_load_tiff_image function in tiffcodec.c; a crafted JPEG file, related to the gdip_load_jpeg_image_internal function in jpegcodec.c; or a crafted BMP file, related to the gdip_read_bmp_image function in bmpcodec.c, leading to heap-based buffer overflows. The updated packages have been patched to correct this issue.
-
12:00
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2010-166 - Multiple integer overflows in libgdiplus 2.6.7, as used in Mono, allow attackers to execute arbitrary code via a crafted TIFF file, related to the gdip_load_tiff_image function in tiffcodec.c; a crafted JPEG file, related to the gdip_load_jpeg_image_internal function in jpegcodec.c; or a crafted BMP file, related to the gdip_read_bmp_image function in bmpcodec.c, leading to heap-based buffer overflows. The updated packages have been patched to correct this issue.
-
-
4:36
»
0day.today (was: 1337day, Inj3ct0r, 1337db)
GejoSoft Image Hosting Script Persistent XSS
-
-
1:00
»
0day.today (was: 1337day, Inj3ct0r, 1337db)
Image22 ActiveX v1.1.1 Buffer Overflow Exploit
-
-
1:00
»
0day.today (was: 1337day, Inj3ct0r, 1337db)
Ananda Image Gallery SQL Injection Vulnerabilty
-
-
1:00
»
0day.today (was: 1337day, Inj3ct0r, 1337db)
DXL dev Image Hosting => upload shell
-
1:00
»
0day.today (was: 1337day, Inj3ct0r, 1337db)
MyImages Image file manager => upload shell
-
-
1:01
»
Packet Storm Security Advisories
Ubuntu Security Notice 954-1 - Kevin Finisterre discovered that the TIFF library did not correctly handle certain image structures. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could execute arbitrary code with user privileges, or crash the application, leading to a denial of service. Dan Rosenberg and Sauli Pahlman discovered multiple flaws in the TIFF library. If a user or automated system were into opening a specially crafted TIFF image, a remote attacker could execute arbitrary code with user privileges, or crash the application, leading to a denial of service.
-
-
20:23
»
SecuriTeam
A vulnerability was discovered in imlib2, which can be exploited by malicious people to compromise an application using the library.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
1:00
»
0day.today (was: 1337day, Inj3ct0r, 1337db)
Ananda Image Gallery SQL Injection vulnerability
-
-
1:00
»
0day.today (was: 1337day, Inj3ct0r, 1337db)
Image Galleries PiwiP Remote File Inclusion Vulnerability
-
-
1:00
»
0day.today (was: 1337day, Inj3ct0r, 1337db)
CF Image Host 1.1v Log with admin and password
-
1:00
»
0day.today (was: 1337day, Inj3ct0r, 1337db)
Email image upload Remote file Upload Vulnerability
-
-
1:00
»
0day.today (was: 1337day, Inj3ct0r, 1337db)
Image Store Remote file Upload Vulnerability
-
-
12:00
»
Hack a Day
This is an interesting take on a music box. [Blair Neal] is using an overhead projector with a roll of transparency to make a synthesized music box. A camera watches the projected image and feeds data to Max/MSP to produce the sounds. Customization merely requires creative image analysis. In this case, different colored pens or [...]
OSVDB Vulnerabilities
Exploit-DB
SecurityFocus Vulnerabilities
Bugtraq
XSSed
Sophos security news
Penetration Testing
BackTrack Linux Forums
Threatpost
carnal0wnage.attackresearch.com
Carnal0wnage
Darknet
The Exploitant
Wirevolution