Информационная безопасность
[RU] switch to English


Проблемы с декодированием UTF-8 в QT / KJS
Опубликовано:5 апреля 2007 г.
Источник:
SecurityVulns ID:7532
Тип:библиотека
Уровень опасности:
6/10
Описание:Не блокируются длинные последовательности, что может приводить к межсайтовому скриптингу и обратному пути в директориях.
Затронутые продукты:QT : qt 3.3
 KDE : KDE 3.5
CVE:CVE-2007-0242 (The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not reject long UTF-8 sequences as required by the standard, which allows remote attackers to conduct cross-site scripting (XSS) and directory traversal attacks via long sequences that decode to dangerous metacharacters.)

Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )
дополнено с 5 апреля 2007 г.
Опубликовано:5 апреля 2007 г.
Источник:
SecurityVulns ID:7534
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.
Затронутые продукты:PHPMYNEWSLETTER : phpMyNewsletter 0.6
 FLEXPHPNEWS : Flexphpnews 0.0
 MYSPEACH : MySpeach 3.0
 WORDPRESS : WordPress 2.1
 MAPTOOLS : MapLab 2.2
 LITECMS : lite-cms 0.2
 EXV2 : eXV2 CMS 2.0
 PHPEXPLORATOR : phpexplorator 2.0
 IXONCMS : iXon-CMS 0.30
 KCMS : K-CMS 1.0
 MONKEYCMS : Monkey CMS 0.0
 PHPECHOCMS : phpechocms 2
 XOOPS : RM+Soft Gallery 1.0 module for Xoops
 XOOPS : myAlbum-P 2.0 module for Xoops
 XOOPS : debaser 0.92 module for Xoops
 XOOPS : Camportail 1.1 module for Xoops
 XOOPS : Kshop 1.17 module for Xoops
 XOOPS : Tiny Event 1.01 module for Xoops
 XOOPS : eCal 2.24 module for Xoops
 XOOPS : Zmagazine 1.0 module for Xoops
 XOOPS : XFsection 1.07 module for Xoops
 XOOPS : WF-Section 1.01 module for Xoops
 XOOPS : PopnupBlog 2.52 module for Xoops
 XOOPS : Rha7 Downloads 1.0 module for Xoops
 XOOPS : WF-Snippets 1.02 module for Xoops
 CYBOARDS : CyBoards PHP Lite 1.21
 PHPBB : mutant 0.9 module for phpBB
 AROUNDME : AROUNDMe 0.7
 RSPA : Really Simple PHP and Ajax 2007-03-23
 CWBPRO : CWB PRO 1.5
 BTSONDAGE : BT-Sondage 1.12
CVE:CVE-2007-1988 (Cross-site scripting (XSS) vulnerability in kernel/filters.inc.php in PHPEcho CMS 2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter.)
 CVE-2007-1987 (** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in PHPEcho CMS 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) _plugin_file parameter to smarty/internals/core.load_pulgins.php or the (2) root_path parameter to index.php. NOTE: CVE disputes (1) because the inclusion occurs within a function that is not called during a direct request. CVE disputes (2) because root_path is defined in config.php before use.)
 CVE-2007-1986 (Multiple PHP remote file inclusion vulnerabilities in barnraiser AROUNDMe 0.7.7 allow remote attackers to execute arbitrary PHP code via a URL in the (1) language_path_core parameter to inc/core_profile.header.php, the (2) template_path_core parameter to template/barnraiser_01/maint_contact_view.tpl.php, and the (3) template_path parameter to template/barnraiser_01/default.tpl.php. NOTE: this issue might overlap CVE-2006-5533.)
 CVE-2007-1985 (Multiple PHP remote file inclusion vulnerabilities in phpexplorator.php in phpexplorator 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) cmd or (2) lang_path parameter.)
 CVE-2007-1984 (PHP remote file inclusion vulnerability in index.php in lite-cms 0.2.1 allows remote attackers to execute arbitrary PHP code via a URL in the inc parameter.)
 CVE-2007-1983 (PHP remote file inclusion vulnerability in include/default_header.php in Cyboards PHP Lite 1.21 allows remote attackers to execute arbitrary PHP code via a URL in the script_path parameter, a different vector than CVE-2006-2871.)
 CVE-2007-1982 (Multiple PHP remote file inclusion vulnerabilities in Really Simple PHP and Ajax (RSPA) 2007-03-23 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) __IncludeFilePHPClass, (2) __ClassPath, and (3) __class parameters to (a) rspa/framework/Controller_v5.php, and (b) rspa/framework/Controller_v4.php.)
 CVE-2007-1980 (SQL injection vulnerability in index.php in the Topliste 1.0 module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the cid parameter.)
 CVE-2007-1979 (SQL injection vulnerability in index.php in the PopnupBlog 2.52 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the postid parameter, possibly involving the get_blogid_from_postid function in class/PopnupBlogUtils.php. NOTE: later versions such as 3.03 and 3.05 might also be affected.)
 CVE-2007-1978 (SQL injection vulnerability in index.php in the Arcade 1.00 module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the cid parameter in a view_game_list action.)
 CVE-2007-1974 (SQL injection vulnerability in the getArticle function in class/wfsarticle.php in WF-Section (aka WF-Sections) 1.0.1, as used in Xoops modules such as (1) Zmagazine 1.0, (2) Happy Linux XFsection 1.07 and earlier, and possibly other modules, allows remote attackers to execute arbitrary SQL commands via the articleid parameter to print.php.)
 CVE-2007-1967 (** DISPUTED ** PHP remote file inclusion vulnerability in index.php in stat12 allows remote attackers to execute arbitrary PHP code via a URL in the langpath parameter. NOTE: this issue was published by an unreliable researcher, and there is little information to determine which product is actually affected. This is probably an invalid report based on analysis by CVE and a third party.)
 CVE-2007-1966 (Session fixation vulnerability in eXV2 CMS 2.0.4.3 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID cookie.)
 CVE-2007-1965 (Multiple cross-site scripting (XSS) vulnerabilities in eXV2 CMS 2.0.4.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the set_lang parameter to (1) archive.php, (2) article.php, (3) index.php, or (4) topics.php.)
 CVE-2007-1962 (SQL injection vulnerability in index.php in the WF-Snippets 1.02 and earlier module for XOOPS allows remote attackers to execute arbitrary SQL commands via the c parameter in a cat action.)
 CVE-2007-1961 (PHP remote file inclusion vulnerability in mutant_functions.php in the Mutant 0.9.2 portal for phpBB 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.)
 CVE-2007-1960 (SQL injection vulnerability in visit.php in the Rha7 Downloads (rha7downloads) 1.0 module for XOOPS, and possibly other versions up to 1.10, allows remote attackers to execute arbitrary SQL commands via the lid parameter.)
 CVE-2007-1897 (SQL injection vulnerability in xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows remote authenticated users to execute arbitrary SQL commands via a string parameter value in an XML RPC mt.setPostCategories method call, related to the post_id variable.)
 CVE-2007-1896 (Directory traversal vulnerability in chat.php in Sky GUNNING MySpeach 3.0.7 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) and trailing %00 (NULL) in a my_ms[root] cookie.)
 CVE-2007-1895 (PHP remote file inclusion vulnerability in chat.php in Sky GUNNING MySpeach 3.0.7 and earlier, when used with PHP 5, allows remote attackers to execute arbitrary PHP code via an ftp URL in a my_ms[root] cookie, a different vector than CVE-2007-0491 and CVE-2006-4630.)
 CVE-2007-1894 (Cross-site scripting (XSS) vulnerability in wp-includes/general-template.php in WordPress before 20070309 allows remote attackers to inject arbitrary web script or HTML via the year parameter in the wp_title function.)
 CVE-2007-1893 (xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows remote authenticated users with the contributor role to bypass intended access restrictions and invoke the publish_posts functionality, which can be used to "publish a previously saved post.")
 CVE-2007-1851 (Multiple directory traversal vulnerabilities in Really Simple PHP and Ajax (RSPA) 2007-03-23 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the __class parameter to (1) Controller_v4.php or (2) Controller_v5.php.)
 CVE-2007-1813 (SQL injection vulnerability in display.php in the eCal 2.24 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the katid parameter.)
 CVE-2007-1812 (PHP remote file inclusion vulnerability in utilitaires/gestion_sondage.php in BT-Sondage 112 allows remote attackers to execute arbitrary PHP code via a URL in the repertoire_visiteur parameter.)
 CVE-2007-1811 (SQL injection vulnerability in index.php in the Tiny Event (tinyevent) 1.01 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the id parameter in a show action.)
 CVE-2007-1810 (SQL injection vulnerability in product_details.php in the Kshop 1.17 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the id parameter.)
 CVE-2007-1809 (Multiple PHP remote file inclusion vulnerabilities in GraFX Company WebSite Builder (CWB) PRO 1.5 allow remote attackers to execute arbitrary PHP code via a URL in the INCLUDE_PATH parameter to (1) cls_headline_prod.php, (2) cls_listorders.php, or (3) cls_viewpastorders.php in include/, different vectors than CVE-2007-1513.)
 CVE-2007-1808 (SQL injection vulnerability in show.php in the Camportail 1.1 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the camid parameter in a showcam action.)
 CVE-2007-1807 (SQL injection vulnerability in modules/myalbum/viewcat.php in the myAlbum-P 2.0 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter.)
 CVE-2007-1806 (SQL injection vulnerability in categos.php in the RM+Soft Gallery (rmgallery) 1.0 module for Xoops allows remote attackers to execute arbitrary SQL commands via the idcat parameter.)
 CVE-2007-1805 (SQL injection vulnerability in genre.php in the debaser 0.92 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the genreid parameter.)
Оригинальный текстdocumentSumit Siddharth, [Full-disclosure] Wordpress 2.1.2 xmlrpc Vulnerabilities (06.04.2007)
 documentCrackers_Child, CWB PRO Version 1.5(INCLUDE_PATH)Remote File Include Vulnerabilites (05.04.2007)
 documentGolD_M, CWB PRO Version 1.5(INCLUDE_PATH)Remote File Include Vulnerabilites (05.04.2007)
 documentDj7xpl, Flexphpnews 0.0.5 (news.php newsid) Remote SQL Injection Vulnerability (05.04.2007)
 documentka0x, MapLab MS4W 2.2.1 Remote File Inclusion Vulnerability (05.04.2007)
 documentXORON, PHP-FUSION Arcade Module (cid) Remote SQL Injection Vuln (05.04.2007)
 documentXORON, PHP-FUSION topliste Module (cid) Remote SQL Injection Vuln (05.04.2007)
 documentHamid Ebadi, RSPA Remote File Inclusion (05.04.2007)
 documentXst3nZ, MySpeach <= 3.0.7 Remote/Local File Inclusion Vulnerability (05.04.2007)
 documentfrog frog, phpMyNewsletter 0.6.10 (customize.php l) RFI Vulnerability: (05.04.2007)
 documentkezzap66345, AROUNDMe 0.7.7 Multiple Remote File Inclusion Vulnerabilities (05.04.2007)
 documentthe_3dit0r_(at)_yahoo.com, MyBlog: PHP and MySQL Blog/CMS software Remote File Include Vulnerabilitiy (05.04.2007)
 documentthe_3dit0r_(at)_yahoo.com, MyBlog: PHP and MySQL Blog/CMS software Cross-Site Scripting Vulnerabilitiy (05.04.2007)
 documentthe_3dit0r_(at)_yahoo.com, phpechocms2 Remote File Include Vulnerabilities (05.04.2007)
 documentthe_3dit0r_(at)_yahoo.com, phpechocms v.2 Cross-Site Scripting Vulnerabilitiy (05.04.2007)
 documentthe_3dit0r_(at)_yahoo.com, Monkey CMS v0.0.3 Remote File Include Vulnerabilitiy (05.04.2007)
 documentthe_3dit0r_(at)_yahoo.com, K-CMS v1.0 Remote File Include Vulnerabilities (05.04.2007)
 documentthe_3dit0r_(at)_yahoo.com, iXon_CMS 0.30 Remote File Include Vulnerabilities (05.04.2007)
 documentRaeD Hasadya, Remot File Include In phpexplorator_2_0 (05.04.2007)
 documentSecurityAudit_(at)_majorsecurity.de, [MajorSecurity Advisory #38]eXV2 CMS - Session fixation and Cross-Site-Scripting Issues (05.04.2007)
 documentthe_3dit0r_(at)_yahoo.com, lite-cms-0.2.1 Remote File Include Vulnerabilities (05.04.2007)
 documentRaeD Hasadya, Remote File Include In Script stat12 (05.04.2007)
Файлы:Wordpress 2.1.2 SQL Injection POC
 WinMail Server 4.4 build 1124 (WebMail) remote add new Super User exploit
 XOOPS Module RM+Soft Gallery 1.0(categos.php) BLIND SQL Injection Exploit
 XOOPS Module myAlbum-P <= 2.0 (cid) Remote BLIND SQL Injection Exploit
 XOOPS Module debaser <= 0.92(genre.php) BLIND SQL Injection Exploit
 XOOPS Module Camportail <= 1.1 (camid) Remote BLIND SQL Injection Exploit
 XOOPS Module Kshop <= 1.17 (id) Remote BLIND SQL Injection Exploit
 XOOPS Module Tiny Event <= 1.01 (id) Remote BLIND SQL Injection Exploit
 XOOPS Module Zmagazine 1.0 (print.php) Remote BLIND SQL Injection Exploit
 CyBoards PHP Lite 1.21 (script_path) Remote File Include Exploit
 phpBB mutant 0.9.2 (phpbb_root_path) Remote File Inclusion Exploit
 XOOPS Module eCal 2.24 <= (display.php) Remote BLIND SQL Injection Exploit
 XOOPS Module XFsection <= 1.07 (articleid) BLIND SQL Injection Exploit
 XOOPS Module WF-Section <= 1.01 (articleid) Remote BLIND SQL Injection Exploit
 XOOPS Module PopnupBlog <= 2.52 (postid) BLIND SQL Injection Exploit
 XOOPS Module Rha7 Downloads 1.0 (visit.php) Remote BLIND SQL Injection Exploit
 XOOPS Module WF-Snippets <= 1.02 (c) BLIND SQL Injection Exploit

Многочисленные уязвимости в OpenOffice (multiple bugs)
дополнено с 29 марта 2007 г.
Опубликовано:5 апреля 2007 г.
Источник:
SecurityVulns ID:7501
Тип:клиент
Уровень опасности:
6/10
Описание:Проблемы шел-символов при открытии документа, выполнение кода.
Затронутые продукты:OPENOFFICE : OpenOffice 1.1
 OPENOFFICE : OpenOffice 2.0
 OPENOFFICE : OpenOffice 2.1
CVE:CVE-2007-0239 (OpenOffice.org (OOo) Office Suite allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a prepared link in a crafted document.)
 CVE-2007-0238 (Stack-based buffer overflow in filter\starcalc\scflt.cxx in the StarCalc parser in OpenOffice.org (OOo) Office Suite before 2.2, and 1.x before 1.1.5 Patch, allows user-assisted remote attackers to execute arbitrary code via a document with a long Note.)
Оригинальный текстdocumentNGSSoftware Insight Security Research Advisory (NISR), High Risk Vulnerability in OpenOffice (05.04.2007)

Многочисленные уязвимости в библиотеке SAP RFC (multiple bugs)
Опубликовано:5 апреля 2007 г.
Источник:
SecurityVulns ID:7533
Тип:библиотека
Уровень опасности:
5/10
Описание:Уязвимости в функциях TRUSTED_SYSTEM_SECURITY, RFC_START_PROGRAM, RFC_START_GUI, SYSTEM_CREATE_INSTANCE, RFC_SET_REG_SERVER_PROPERTY.
Затронутые продукты:SAP : SAP RFC Library 6.40
 SAP : SAP RFC Library 7.00
CVE:CVE-2007-1918 (The RFC_SET_REG_SERVER_PROPERTY function in the SAP RFC Library 6.40 and 7.00 before 20070109 implements an option for exclusive access to an RFC server, which allows remote attackers to cause a denial of service (client lockout) via unspecified vectors. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended.)
 CVE-2007-1917 (Buffer overflow in the SYSTEM_CREATE_INSTANCE function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended.)
 CVE-2007-1916 (Buffer overflow in the RFC_START_GUI function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended.)
 CVE-2007-1915 (Buffer overflow in the RFC_START_PROGRAM function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended.)
 CVE-2007-1914 (The RFC_START_PROGRAM function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to obtain sensitive information (external RFC server configuration data) via unspecified vectors, a different vulnerability than CVE-2006-6010. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended.)
 CVE-2007-1913 (The TRUSTED_SYSTEM_SECURITY function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to verify the existence of users and groups on systems and domains via unspecified vectors, a different vulnerability than CVE-2006-6010. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended.)
Оригинальный текстdocumentMariano Nuсez Di Croce, CYBSEC Release: SAP Security - Paper & Tool release (05.04.2007)
 documentCYBSEC Advisories, CYBSEC Security Pre-Advisory: SAP RFC_SET_REG_SERVER_PROPERTY RFC Function Denial Of Service (05.04.2007)
 documentCYBSEC Advisories, CYBSEC Security Pre-Advisory: SAP SYSTEM_CREATE_INSTANCE RFC Function Buffer Overflow (05.04.2007)
 documentCYBSEC Advisories, CYBSEC Security Pre-Advisory: SAP RFC_START_GUI RFC Function Buffer Overflow (05.04.2007)
 documentCYBSEC Advisories, CYBSEC Security Pre-Advisory: SAP RFC_START_PROGRAM RFC Function Multiple Vulnerabilities (05.04.2007)
 documentCYBSEC Advisories, CYBSEC Pre-Advisory: SAP TRUSTED_SYSTEM_SECURITY RFC Function Information Disclosure (05.04.2007)

Переполнения буфера во многих просмотрщиках изображений (multiple bugs)
дополнено с 5 апреля 2007 г.
Опубликовано:2 ноября 2007 г.
Источник:
SecurityVulns ID:7535
Тип:клиент
Уровень опасности:
6/10
Описание:Многочисленные переполнения буфера при разборе изображений BMP, TIFF, XPM, CLP, PSP, RAS, IFF, PNG.
Затронутые продукты:ADOBE : Photoshop CS2
 GNU : GIMP 2.2
 IRFANVIEW : IrfanView 3.99
 ACD : ACDSee 9.0
 FASTSTONE : FastStone Image Viewer 2.9
 IRFANVIEW : IrfanView 4.0
 ADOBE : Photoshop CS3
 ADOBE : Photoshop Elements 5.0
 COREL : Paint Shop Pro 11.20
 ABCVIEW : ABC-View Manager 1.42
 XNVIEW : XnView 1.90
 PHOTOFILTRE : Photofiltre Studio 8.1
CVE:CVE-2007-4344
 CVE-2007-2366 (Buffer overflow in Corel Paint Shop Pro 11.20 allows user-assisted remote attackers to execute arbitrary code via a crafted .PNG file.)
 CVE-2007-2366 (Buffer overflow in Corel Paint Shop Pro 11.20 allows user-assisted remote attackers to execute arbitrary code via a crafted .PNG file.)
 CVE-2007-2365 (Buffer overflow in Adobe Photoshop CS2 and CS3, and Photoshop Elements 5.0, allows user-assisted remote attackers to execute arbitrary code via a crafted .PNG file.)
 CVE-2007-2365 (Buffer overflow in Adobe Photoshop CS2 and CS3, and Photoshop Elements 5.0, allows user-assisted remote attackers to execute arbitrary code via a crafted .PNG file.)
 CVE-2007-2363 (Buffer overflow in IrfanView 4.00 and earlier allows user-assisted remote attackers to execute arbitrary code via a crafted .IFF file.)
 CVE-2007-2363 (Buffer overflow in IrfanView 4.00 and earlier allows user-assisted remote attackers to execute arbitrary code via a crafted .IFF file.)
 CVE-2007-1948 (Buffer overflow in IrfanView 3.99 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via the (1) xoffset or (2) yoffset RLE command, or (3) large non-RLE encoded blocks in a crafted BMP image, as demonstrated by rle8of3.bmp and rle8of4.bmp.)
 CVE-2007-1946 (Integer overflow in Windows Explorer in Microsoft Windows XP SP1 might allow user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large width dimension in a crafted BMP image, as demonstrated by w4intof.bmp.)
 CVE-2007-1943 (Integer overflow in ACDSee Photo Manager 9.0 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via large width image sizes in a crafted BMP image, as demonstrated by w3intof.bmp and w4intof.bmp.)
 CVE-2007-1942 (Integer overflow in FastStone Image Viewer 2.9 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a crafted BMP image, as demonstrated by wh3intof.bmp and wh4intof.bmp.)
Оригинальный текстdocumentSECUNIA, Secunia Research: ACDSee Products Image and Archive Plug-ins Buffer Overflows (02.11.2007)
 documentifsecure_(at)_gmail.com, Several Windows image viewers vulnerabilities (05.04.2007)
Файлы:ACDSee v9.0 .XPM File Buffer Overflow
 XnView 1.90.3 .XPM File Buffer Overflow
 ABC-View Manager 1.42 .PSP File Buffer Overflow
 Photoshop CS2/CS3, Paint Shop Pro 11.20 .PNG File Buffer Overflow
 FreshView 7.15 .PSP File Buffer Overflow
 Adobe Photoshop CS2 / CS3 Unspecified .BMP File Buffer Overflow
 Corel Paint Shop Pro Photo v11.20 Unspecified .CLP File Buffer Overflow
 Exploits Photofiltre Studio v8.1.1 .TIF File Buffer Overflow
 IrfanView <= 4.00 .IFF File Buffer Overflow
 Gimp v2.2.14 .RAS File SUNRAS Plugin Buffer Overflow
 Several Windows image viewers vulnerabilities PoC

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород