The libquicktime package contains the libquicktime library, various plugins and codecs, along with graphical and command line utilities used for encoding and decoding QuickTime files. This is useful for reading and writing files in the QuickTime format. The goal of the project is to enhance, while providing compatibility with the Quicktime 4 Linux library. The quicktime_read_moov function in moov.c in libquicktime 1.2.4 can cause a denial of service(infinite loop and CPU consumption) via a crafted mp4 file. The lqt_frame_duration function in lqt_quicktime.c in libquicktime 1.2.4 can cause a denial of service(invalid memory read and application crash) via a crafted mp4 file.
The cr_tknzr_parse_comment function in cr-tknzr.c in libcroco 0.6.12 can cause a denial of service (memory allocation error) via a crafted CSS file. The cr_parser_parse_selector_co function in cr-parser.c in libcroco 0.6.12 can cause a denial of service (infinite loop) via a crafted CSS file.
This exploit is a privilege escalation vulnerability in the Diskarbitrationd service of macOS. It allows an attacker to gain root privileges on the system by exploiting a race condition between the Diskarbitrationd service and the atrun service. The exploit involves mounting a malicious disk image, creating a symbolic link to the /private/var/at directory, and then creating a cron job that will execute a setuid root binary. The attacker can then execute the binary to gain root privileges.
A vulnerability exists in the way userspace daemons check a message sender's entitlements. SecTaskCreateWithAuditToken only uses the pid, not also the pid generation number to build the SecTaskRef. This leaves two avenues for a sender without an entitlement to talk to a service which requires it: a) If the process can exec binaries then they can simply send the message then exec a system binary with that entitlement. b) If the process can't exec a binary (it's in a sandbox for example) then exploitation is still possible if the processes has the ability to crash and force the restart of a binary with that entitlement.
Mapscrn ( Part of setfont ) 2.0.3 contains a stack-based buffer overflow vulnerability. An attacker could exploit this vulnerability to execute arbitrary code in the context of the application. Failed exploit attempts will result in a denial-of-service condition.
Ahsan Tahir, an independent security researcher discovered a Persistent Cross-Site Scripting Vulnerability through Unrestricted File Upload of SVG file in Craft CMS (v2.6). The security risk of the xss vulnerability is estimated as medium with a common vulnerability scoring system count of 3.6. Exploitation of the persistent xss web vulnerability requires a limited editor user account with low privileged (only editing news) and only low user interaction. If attacker upload any file that can use for XSS (HTML, SWF, PHP etc..) it will not accept to uplaod as image. But for images it will stay the same. So if attacker upload SVG with JS content it will work fine and execute JS! The 'Content-Type: image/svg+xml; charset=us-ascii' header will make this XSS attack work. Successful exploitation of the XSS vulnerability results in persistent phishing attacks, session hijacking, persistent external redirect to malicious sources and persistent manipulation of affected or connected module context.
Net Monitor for Employees is an application to monitor users machine and its agent based. Its agent install itself as a service ("Net Monitor for Employees Agent") with an unquoted service path running with SYSTEM privileges. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system.
This p0c produces a BSOD by sending a specific IOCTL code to the vstor2_mntapi20_shared device driver due to a double call to IofCompleteRequest (generating a MULTIPLE_IRP_COMPLETE_REQUESTS bug check)
Mujstest, which is part of mupdf is a scriptable tester for mupdf + js. A crafted image posted early for another issue, causes a stack overflow. The complete ASan output shows that the memory access at offset 1056 partially underflows the variables 'text', 'w', 'h', 'x', and 'y'.
After some fuzz testing, a crashing test case was found in Git HEAD 8eea208e099614487e4bd7cc0d67d91489dae642. To reproduce, the command 'mutool convert -F cbz nullptr_fz_paint_pixmap_with_mask -o /dev/null' was used. AddressSanitizer reported a READ memory access on an unknown address 0x000000000020.
Services By CQR