Author: Cyberthreat Blog

reg.php in Allen Disk 1.6 doesn’t check if isset($_SESSION[‘captcha’][‘code’])==1, which makes it possible to bypass the CAPTCHA via an empty $_POST[‘captcha’].

/admin/loginc.php in Allen Disk 1.6 doesn’t check if isset($_SESSION[‘captcha’][‘code’]) == 1, which leads to CAPTCHA bypass by emptying $_POST[‘captcha’].

The my_skip_input_data_fn function in imagew-jpeg.c in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted image.

The lzw_add_to_dict function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted image.

ImageMagick before 7.0.5-2 uses uninitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space, as demonstrated by remote attacks against ImageMagick code in a long-running...