Headline
CVE-2020-23565: publicResearch/poc/irfanview/3 at master · KamasuOri/publicResearch
Irfanview v4.53 allows attackers to execute arbitrary code via a crafted JPEG 2000 file. Related to a "Data from Faulting Address controls Branch Selection starting at JPEG2000!ShowPlugInSaveOptions_W+0x0000000000032850".
Related news
Irfanview v4.53 allows attackers to to cause a denial of service (DoS) via a crafted JPEG 2000 file. Related to "Integer Divide By Zero starting at JPEG2000!ShowPlugInSaveOptions_W+0x00000000000082ea"
CSZ CMS v1.2.4 was discovered to contain an arbitrary file upload vulnerability in the component /core/MY_Security.php.
OpenSNS v6.1.0 contains a blind SQL injection vulnerability in /Controller/ChinaCityController.class.php via the pid parameter.
OpenSNS v6.1.0 contains a blind SQL injection vulnerability in /Controller/ChinaCityController.class.php via the cid parameter.
FlameCMS 3.3.5 contains a time-based blind SQL injection vulnerability in /account/register.php.
FlameCMS 3.3.5 contains a SQL injection vulnerability in /master/article.php via the "Id" parameter.
The Support Board WordPress plugin before 3.3.4 does not escape multiple POST parameters (such as status_code, department, user_id, conversation_id, conversation_status_code, and recipient_id) before using them in SQL statements, leading to SQL injections which are exploitable by unauthenticated users.
Pligg CMS 2.0.2 contains a time-based SQL injection vulnerability via the $recordIDValue parameter in the admin_update_module_widgets.php file.
SQL Injection can occur in Simple Water Refilling Station Management System 1.0 via the water_refilling/classes/Login.php username parameter.
SQL Injection vulnerability in Hospital Management System due to lack of input validation in messearch.php.
In Archive_Tar before 1.4.14, symlinks can refer to targets outside of the extracted archive, a different vulnerability than CVE-2020-36193.
Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked.
Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed.
An off-by-one read vulnerability was discovered in ImageMagick before version 7.0.7-28 in the formatIPTCfromBuffer function in coders/meta.c. A local attacker may use this flaw to read beyond the end of the buffer or to crash the program.