SQL Injection vulnerability in file `Base_module_model.php` in Daylight Studio FUEL-CMS version 1.4.9, allows remote attackers to execute arbitrary code via the `col` parameter to function `list_items`.

**Daylight Studio FUEL-CMS SQLi Vulnerability**

Moderate severity GitHub Reviewed Published Aug 11, 2023 to the GitHub Advisory Database • Updated Aug 11, 2023

GHSA-7rvp-xqj7-rxf2: Daylight Studio FUEL-CMS SQLi Vulnerability

An issue was discovered in `OFPBundleCtrlMsg` in `parser.py` in FaucetSDN Ryu version 4.34, allows remote attackers to cause a denial of service (DoS) (infinite loop).

**FaucetSDN Ryu Denial of Service Vulnerability**

Moderate severity GitHub Reviewed Published Aug 11, 2023 to the GitHub Advisory Database • Updated Aug 11, 2023

GHSA-4987-5p3p-9r27: FaucetSDN Ryu Denial of Service Vulnerability

An issue was discovered in `OFPQueueGetConfigReply` in `parser.py` in FaucetSDN Ryu version 4.34, allows remote attackers to cause a denial of service (DoS) (infinite loop).

GHSA-5x64-925v-h4gv: FaucetSDN Ryu Denial of Service Vulnerability

A prototype pollution vulnerability in MrSwitch hello.js prior to version 1.18.8 allows remote attackers to execute arbitrary code via `hello.utils.extend` function.

**MrSwitch hello.js vulnerable to prototype pollution**

Moderate severity GitHub Reviewed Published Aug 11, 2023 to the GitHub Advisory Database • Updated Aug 11, 2023

GHSA-g3vf-47fv-8f3c: MrSwitch hello.js vulnerable to prototype pollution

Cross Site Scripting (XSS) vulnerability in `adm_user` parameter in Gila CMS version 1.11.3, allows remote attackers to execute arbitrary code during the Gila CMS installation.

**Gila CMS Cross-site Scripting Vulnerability**

Moderate severity GitHub Reviewed Published Aug 11, 2023 to the GitHub Advisory Database • Updated Aug 11, 2023

GHSA-rvjp-j5j4-c9j5: Gila CMS Cross-site Scripting Vulnerability

A hitherto undocumented threat actor operating for nearly a decade and codenamed MoustachedBouncer has been attributed to cyber espionage attacks aimed at foreign embassies in Belarus.
"Since 2020, MoustachedBouncer has most likely been able to perform adversary-in-the-middle (AitM) attacks at the ISP level, within Belarus, in order to compromise its targets," ESET security researcher Matthieu

A hitherto undocumented threat actor operating for nearly a decade and codenamed **MoustachedBouncer** has been attributed to cyber espionage attacks aimed at foreign embassies in Belarus.

"Since 2020, MoustachedBouncer has most likely been able to perform adversary-in-the-middle (AitM) attacks at the ISP level, within Belarus, in order to compromise its targets," ESET security researcher Matthieu Faou said, describing the group as skilled and advanced.

The adversary, active since at least 2014, is assessed to be aligned with Belarusian interests, likely employing a lawful interception system such as SORM to conduct its AitM attacks as well as deploy disparate tools called NightClub and Disco.

Both the Windows malware frameworks support additional spying plugins including a screenshotter, an audio recorder, and a file stealer. The oldest sample of NightClub dates back to November 19, 2014, when it was uploaded to VirusTotal from Ukraine.

Embassy staff from four different countries have been targeted since June 2017: two from Europe, one from South Asia, and one from Northeast Africa. One of the European diplomats was compromised twice in November 2020 and July 2022. The names of the countries were not revealed.

MoustachedBouncer is also believed to work closely with another advanced persistent threat (APT) actor known as Winter Vivern (aka TA473 or UAC-0114), which has a track record of striking government officials in Europe and the U.S.

The exact initial infection vector used to deliver NightClub is presently unknown. The distribution of Disco, on the other hand, is accomplished by means of an AitM attack.

"To compromise their targets, MoustachedBouncer operators tamper with their victims' internet access, probably at the ISP level, to make Windows believe it's behind a captive portal," Faou said. "For IP ranges targeted by MoustachedBouncer, the network traffic is tampered at the ISP level, and the latter URL redirects to a seemingly legitimate, but fake, Windows Update URL."

"While the compromise of routers in order to conduct AitM on embassy networks cannot be fully discarded, the presence of lawful interception capabilities in Belarus suggests the traffic mangling is happening at the ISP level rather than on the targets' routers," Fou said.

Two Belarusian internet service providers (ISPs), viz Unitary Enterprise A1 and Beltelecom, are suspected to be involved in the campaign, per the Slovak cybersecurity company.

Victims who land on the bogus page are greeted with a message urging them to install critical security updates by clicking on a button. In doing so, a rogue Go-based "Windows Update" installer is downloaded to the machine that, when executed, sets up a scheduled task to run another downloader binary responsible for fetching additional plugins.

The add-ons expand on Disco's functionality by capturing screenshots every 15 seconds, executing PowerShell scripts, and setting up a reverse proxy.

A significant aspect of the plugins is the use of the Server Message Block (SMB) protocol for data exfiltration to command-and-control servers that are inaccessible over the internet, making the threat actor's infrastructure highly resilient.

Also used in the January 2020 attack aimed at diplomats of a Northeast African country in Belarus is a C# dropper referred to as SharpDisco, which facilitates the deployment of two plugins by means of a reverse shell in order to enumerate connected drives and exfiltrate files.

The NightClub framework also comprises a dropper that, in turn, launches an orchestrator component to harvest files of interest and transmit them over the Simple Mail Transfer Protocol (SMTP) protocol. Newer variants of NightClub found in 2017 and 2020 also incorporate a keylogger, audio recorder, screenshotter, and a DNS-tunneling backdoor.

"The DNS-tunneling backdoor (ParametersParserer.dll) uses a custom protocol to send and receive data from a malicious DNS server," Faou explained. "The plugin adds the data to exfiltrate as part of the subdomain name of the domain that is used in the DNS request."

The commands supported by the modular implant allow the threat actor to search for files matching a specific pattern, read, copy, and remove files, write to files, copy directories, and create arbitrary processes.

It's believed that NightClub is used in scenarios where traffic interception at the ISP level isn't possible because of anonymity-boosting mitigations such as the use of an end-to-end encrypted VPN where internet traffic is routed outside of Belarus.

"The main takeaway is that organizations in foreign countries where the internet cannot be trusted should use an end-to-end encrypted VPN tunnel to a trusted location for all their internet traffic in order to circumvent any network inspection devices," Faou said.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Researchers Uncover Decade-Long Cyber Espionage on Foreign Embassies in Belarus

An issue was discovered in decode_frame in libavcodec/tiff.c in FFmpeg version 4.3, allows remote attackers to cause a denial of service (DoS).

**\[FFmpeg-devel\] \[PATCH 7/7\] avcodec/tiff: Disallow striped and tiled tiffs except for DNG****Michael Niedermayer** michael at niedermayer.cc 
_Fri Nov 6 01:11:10 EET 2020_

* Previous message (by thread): \[FFmpeg-devel\] \[PATCH 6/7\] avcodec/h264idct\_template: Fix integer overflow in ff\_h264\_chroma422\_dc\_dequant\_idct()
* Next message (by thread): \[FFmpeg-devel\] \[PATCH\] Moves yuv2yuvX\_sse3 to yasm, unrolls main loop and other small optimizations for ~20% speedup.
* **Messages sorted by:** \[ date \] \[ thread \] \[ subject \] \[ author \]

strips + tiles is not allowed in TIFF
DNG uses a separate codepath

Regression since da5b3d002862d1e105002a6dc1567e6551860896.

Fixes: NULL pointer dereference
Fixes: poc1

Found-by: 1vanChen of NSFOCUS Security Team
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc\>
---
 libavcodec/tiff.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/libavcodec/tiff.c b/libavcodec/tiff.c
index 2e45464218..00f0c0ccf7 100644
--- a/libavcodec/tiff.c
+++ b/libavcodec/tiff.c
@@ -1923,14 +1923,17 @@ again:
 has\_strip\_bits = s->strippos || s->strips || s->stripoff || s->rps || s->sot || s->sstype || s->stripsize || s->stripsizesoff;
 
 if (has\_tile\_bits && has\_strip\_bits) {
- av\_log(avctx, AV\_LOG\_WARNING, "Tiled TIFF is not allowed to strip\\n");
+ int tiled\_dng = s->is\_tiled && is\_dng;
+ av\_log(avctx, tiled\_dng ? AV\_LOG\_WARNING : AV\_LOG\_ERROR, "Tiled TIFF is not allowed to strip\\n");
+ if (!tiled\_dng)
+ return AVERROR\_INVALIDDATA;
 }
 
 /\* now we have the data and may start decoding \*/
 if ((ret = init\_image(s, &frame)) < 0)
 return ret;
 
- if (!s->is\_tiled) {
+ if (!s->is\_tiled || has\_strip\_bits) {
 if (s->strips == 1 && !s->stripsize) {
 av\_log(avctx, AV\_LOG\_WARNING, "Image data size missing\\n");
 s->stripsize = avpkt->size - s->stripoff;
-- 
2.17.1

* Previous message (by thread): \[FFmpeg-devel\] \[PATCH 6/7\] avcodec/h264idct\_template: Fix integer overflow in ff\_h264\_chroma422\_dc\_dequant\_idct()
* Next message (by thread): \[FFmpeg-devel\] \[PATCH\] Moves yuv2yuvX\_sse3 to yasm, unrolls main loop and other small optimizations for ~20% speedup.
* **Messages sorted by:** \[ date \] \[ thread \] \[ subject \] \[ author \]

More information about the ffmpeg-devel mailing list

CVE-2020-36138: Disallow striped and tiled tiffs except for DNG

An issue was discovered in pcmt superMicro-CMS version 3.11, allows attackers to delete files via crafted image file in images.php.

New issue

**Have a question about this project?** Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed

gift89a opened this issue

Jan 14, 2021

· 2 comments

Closed

**Arbitrary file deletion vulnerability #1**

gift89a opened this issue

Jan 14, 2021

· 2 comments

**Comments**

**Vulnerability exploitation conditions: Log in to the management background**

Vulnerable code: superMicro-CMS-main/admin/images.php line:151

\` if (array\_key\_exists('submit2', $\_POST)) { // Delete

 	$imagename = trim($_POST['delete']);
 	$delete = '../img/' . $imagename; //**$imagename, User controllable parameters**
 	// $disallowed = array('img-loading.gif', 'nav-icon.jpg');
 
 	if (strlen($imagename) < 1) {
 		$problem = TRUE;
 		$response = 'No image filename was entered.';
 	}
 
 	// Admin images moved to admin
 
 	if (($imagename == 'og.jpg') || ($imagename == 'bg_footer.gif') || ($imagename == 'bg_footer_monochrome.gif')) {
 		$problem = TRUE;
 		$response = "The default images can't be deleted. Maybe upload a new one (og.jpg must be 200 pixels square).";
 	}
 
 	if (!$problem) {
 		if (file_exists($delete)) {
 			unlink($delete); //**Unfiltered, can directly all files**
 			$response = 'Success. ' . $imagename . ' was deleted.';
 		} else {
 			$response = 'Image ' . $imagename . ' doesn\'t exist. Try another.';
 		}
 	}
 }`
 

Vulnerability POC：

Thanks for that too. Will do it.

Changes made. Thanks again.

2 participants

CVE-2021-25856: Arbitrary file deletion vulnerability · Issue #1 · pcmt/superMicro-CMS

Cross Site Scripting (XSS) vulnerability in Name Input Field in Contact Us form in Laborator Kalium before 3.0.4, allows remote attackers to execute arbitrary code.

CVE-2020-24075: Kalium Changelog - Laborator

Buffer Overflow vulnerability in XNView version 2.49.3, allows local attackers to execute arbitrary code via crafted TIFF file.

Dear user,

XnView 2.49.4 for Windows is available. Versions are available on the normal XnView Download page.

Please note that the XnView Download page offers packages with German/French Setup and German/French Online help.

Direct links to the English Standard version are:  
http://download.xnview.com/XnView-win.exe (English Setup, Multi language)  
http://download.xnview.com/XnView-win.zip (ZIP file, Multi language)

XnView Shell Extension 32bits:  
http://download.xnview.com/XnShellEx.exe  
http://download.xnview.com/XnShellEx.zip

XnView Shell Extension 64bits:  
http://download.xnview.com/XnShellEx64.exe  
http://download.xnview.com/XnShellEx64.zip

SHA256:  
XnView-win.exe: 030E3E45C51A349A3417B52AD6F6547267F1AA6E86BF03BB13E49341AB9FAEB8  
XnView-win.zip: 9E936FB7CD699019A2D1ADF795D6BB078A08686D95ACA0BEA482E0ECE5C72902  
XnView-win-full.exe: 31E13FE27894610D27167ABB0503C6B109E00169D6F3E291BE6661D27953E1C6  
XnView-win-full.zip: 646DE249CEB6E9C1736BC34217C36E720FD7E2FA25468B271A6DEC18707D4E3E  
XnView-win-small.exe: 57E5DF33083C3F440CFA7E44ABE4403724679EEC7A1E57018A5B81A1748557FB  
XnView-win-small.zip: 15DC199567011B41B616BB38DFF31771A9D3E65F1517FC2BEE2068DD69B479FE

\_\_\_\_ 2.49.4 Changelog

\* Ghostscript 9.53.x  
\* GPS & file date - viewtopic.php?f=56&t=40971  
\* TIFF Security vulnerability (Thanks to Michael Heinzl)  
\* NConvert: -levels2 - viewtopic.php?f=57&t=40490  
\* NConvert: -resize supports cm/mm/inches  
\* NConvert: -autodeskew fixed  
\* NConvert: -noholder to disable %$ chars - viewtopic.php?f=57&t=40820

\_\_\_\_ 2.49.3 Changelog

\* Convert 16 to 256 colors - viewtopic.php?f=36&t=39421  
\* Disable ESC to close tabs - viewtopic.php?f=35&t=17078  
\[General\] EscToCloseView=0  
\* Select file from search results & switching mode - viewtopic.php?f=34&t=40063  
\* Title empty when recurse - viewtopic.php?f=36&t=39979  
\* Resize - viewtopic.php?f=35&t=40248  
\* Slideshow: Order of files - viewtopic.php?f=56&t=40087  
\* Fortis Mag fix  
\* NConvert: -wmsize watermark percent size - viewtopic.php?f=57&t=38754  
\* NConvert: canvas size in inches/cm/mm - viewtopic.php?f=57&t=39361  
\* NConvert: replace\_color - viewtopic.php?f=57&t=39769  
\* NConvert: -temperature added

\_\_\_\_ 2.49.2 Changelog

\* Problem with Ghostscript 9.50  
\* PDF font problem - viewtopic.php?f=36&t=39662  
\* CR3 - viewtopic.php?f=35&t=39478  
\* .sld must use 'Recurse' setting - viewtopic.php?f=35&t=39330  
\* GIF loop - viewtopic.php?f=36&t=31689  
\* PAM CMYK

\_\_\_\_ 2.49.1 Changelog

\* TIFF 16bits greyscale

\_\_\_\_ 2.49 Changelog

\* SQLite 3.29.0  
\* NConvert: greater\_than/less\_than condition - viewtopic.php?f=57&t=39147  
\* PSD: Error when writing metadata - viewtopic.php?f=57&t=39137  
\* Export - Problem with RGBA - viewtopic.php?f=36&t=39044  
\* Capture - viewtopic.php?f=36&t=38934  
\* Left/Right F11 to open fullscreen on Left/Right monitor  
\* Create multi file & folder with '.' - viewtopic.php?f=36&t=39008  
\* # to comment line in .sld file  
\* Multipage create: Check if output filename exists  
\* Slideshow crash when using animated GIF - viewtopic.php?f=36&t=38902  
\* XIM format import added  
\* Change timestamp must not use 12h format - viewtopic.php?f=36&t=38702  
\* GIF not played correctly in Slideshow - viewtopic.php?f=34&t=38303  
\* CVE - https://github.com/apriorit/pentesting/ ... ugs/xnview  
\* NConvert: -unsharp  
\* NConvert: -exposure - viewtopic.php?f=57&t=39136  
\* NConvert: -colorize h l s  
\* NConvert: Remove EXIF orientation -exif\_rotation - viewtopic.php?f=57&t=38648  
\* \[Rename\]/TemplateStart, position of number in template - viewtopic.php?f=34&t=38568  
\* CVE-2019-12151  
\* ShellEx: 'Convert...' & input fields

\_\_\_\_ 2.48 Changelog

\* RGB inverted when printing 8bits cmap picture from browser  
\* WebP 32bits  
\* PDF Multipage create - viewtopic.php?f=35&t=38030

\_\_\_\_ 2.47 Changelog

XCF 2.10  
ICNS with JPEG2000 icon  
GIF loop & Quick slideshow - viewtopic.php?f=36&t=31689  
Problem with local charset for image description EXIF field  
\[Start\]/BugBlueLine=1 to remove the bug of blue line  
PDF output without font info - viewtopic.php?f=35&t=38030  
Space must not show tagbox if not enabled  
NConvert: -no\_auto\_rotate - viewtopic.php?f=57&t=38239  
NConvert: -autocrop with position  
NConvert: add -lower to lower case output filename  
NConvert: Bug when output filename contains a numeric enumerator - viewtopic.php?f=57&t=38014

\_\_\_\_ 2.46 Changelog

JPEG2000 YCC - viewtopic.php?f=35&t=37806  
Bad loading for ARW - viewtopic.php?f=36&t=37683  
TIFF with JPEG compression - viewtopic.php?f=35&t=37585  
Adjust dialog clipped - viewtopic.php?f=36&t=32011  
PDF version 1.4 output  
Sqlite 2.24.0  
RLE & ICO vulnerabilities Cody Sixteen from STM Solutions  
NConvert: stdout problem on windows - viewtopic.php?f=57&t=37810

\_\_\_\_ 2.45 Changelog

License written in HKCU  
Support HPI with transparency  
Shows dots under certain conditions - viewtopic.php?f=36&t=37447  
Resize - viewtopic.php?f=36&t=37451  
Blue bar - viewtopic.php?f=36&t=36278  
Resize dialog crash with ^^ - viewtopic.php?f=36&t=36644  
Parameters & External program - viewtopic.php?f=35&t=15465

\_\_\_\_ 2.44 Changelog

Monitor power off during slideshow  
Color profile not used Browser>Print - viewtopic.php?f=36&t=36833  
\-filelist doesn't work anymore  
Tile child window - viewtopic.php?f=56&t=36527  
Strange colors on grey image - viewtopic.php?f=35&t=36485  
UTF8 Exif Image Description

\_\_\_\_ 2.43 Changelog

Better HEIF support - http://www.xnview.com/download/plugins/heif\_x32.zip  
Unwanted file types shown in Viewer - viewtopic.php?f=36&t=35484  
FileListUseExt=1  
Alpha glitch - viewtopic.php?f=36&t=36454  
Folder browsing via command line - viewtopic.php?f=36&t=36434  
Lossless crop corruption - viewtopic.php?f=36&t=36378

\_\_\_\_ 2.42 Changelog

HEIF support - Extract http://www.xnview.com/download/plugins/heif\_x32.zip in Plugins folder

\_\_\_\_ 2.41 Changelog

Basic support for unicode filename  
2Gb limitation on 64bits OS - http://newsgroup.xnview.com/viewtopic.php?f=36&t=35165  
Displaying RGBA image without use alpha - http://newsgroup.xnview.com/viewtopic.php?f=36&t=35809  
Print TIFF with orientation flag in browser - http://newsgroup.xnview.com/viewtopic.php?f=36&t=36197  
GIF loop not saved in .sld - http://newsgroup.xnview.com/viewtopic.php?f=35&t=35991  
Clip support - http://newsgroup.xnview.com/viewtopic.php?f=34&t=28554  
Slideshow crash on RAW files - http://newsgroup.xnview.com/viewtopic.php?f=36&t=34632  
TIF > 2GB & multipage - http://newsgroup.xnview.com/viewtopic.php?f=79&t=35056  
RGBA printing  
Thumbnails upscaling - http://newsgroup.xnview.com/viewtopic.php?f=35&t=36090  
NConvert: -keepdocsize fixed  
NConvert: -shadow - http://newsgroup.xnview.com/viewtopic.php?f=57&t=36163  
NConvert: -align - http://newsgroup.xnview.com/viewtopic.php?f=57&t=36164

\_\_\_\_ 2.40 Changelog

CMYK image default color profile - http://newsgroup.xnview.com/viewtopic.php?f=35&t=31685  
http://newsgroup.xnview.com/viewtopic.php?f=35&t=28839  
RGBA resize (bilinear) - http://newsgroup.xnview.com/viewtopic.php?f=36&t=33425  
http://newsgroup.xnview.com/viewtopic.php?t=29238  
http://newsgroup.xnview.com/viewtopic.php?t=34493  
Ctrl+RMB to copy color - http://newsgroup.xnview.com/viewtopic.php?p=141793  
Capture rectangle on second monitor - http://newsgroup.xnview.com/viewtopic.php?f=56&t=32892  
Print 50+ via command line - http://newsgroup.xnview.com/viewtopic.php?f=35&t=35350  
Filelist to print - http://newsgroup.xnview.com/viewtopic.php?f=34&t=35378  
LIBPNG 1.6.29  
SQLite 3.18.0  
ZLIB 1.2.11  
LCMS 2.8  
BMP 2+10+10+10 - http://newsgroup.xnview.com/viewtopic.php?f=36&t=32577  
Category removed if delete file - http://newsgroup.xnview.com/viewtopic.p ... 2&start=15  
Category moved with Cut/Paste  
8BF & undo - http://newsgroup.xnview.com/viewtopic.php?f=36&t=34508  
'Purge Now' - http://newsgroup.xnview.com/viewtopic.php?f=34&t=32667  
OpenEXR updated - http://newsgroup.xnview.com/viewtopic.php?f=36&t=33039  
Resize gamma correction - http://newsgroup.xnview.com/viewtopic.php?f=34&t=33273  
Change timestamp & DST - http://newsgroup.xnview.com/viewtopic.php?f=36&t=33483  
Selection + Tab - http://newsgroup.xnview.com/viewtopic.php?f=36&t=33983  
GIF loop - http://newsgroup.xnview.com/viewtopic.php?f=35&t=34036  
PAM format - http://newsgroup.xnview.com/viewtopic.php?f=36&t=35132  
JPEG 2000 - http://newsgroup.xnview.com/viewtopic.php?f=36&t=35277  
Maximize on first monitor - http://newsgroup.xnview.com/viewtopic.php?f=36&t=32343  
Resize default size - http://newsgroup.xnview.com/viewtopic.php?f=34&t=33694  
PEF for thumbnail's folder - http://newsgroup.xnview.com/viewtopic.php?f=35&t=35363  
Cancel removed from Setup wizard - http://newsgroup.xnview.com/viewtopic.php?f=34&t=32958  
Previous/Next file & RecognizeByExt == false - http://newsgroup.xnview.com/viewtopic.php?f=36&t=33127  
Next/Previous & video - http://newsgroup.xnview.com/viewtopic.php?f=36&t=35182  
Better dialog for update - http://newsgroup.xnview.com/viewtopic.php?f=34&t=19950  
WebP plugin updated  
OpenJPEG2000 updated  
RIOT addon updated  
PNGOUT updated  
X3F with only embedded JPEG  
NConvert: text with -text\_rotation - http://newsgroup.xnview.com/viewtopic.php?f=57&t=35441  
NConvert: -text\_border added

\_\_\_\_ 2.39 Changelog

no IPTC fields in tooltip/info  
Thumbnail for blend file

\_\_\_\_ 2.38 Changelog

Sort by exif - http://newsgroup.xnview.com/viewtopic.php?f=36&t=32387  
Zooming instead file navigation - http://newsgroup.xnview.com/viewtopic.php?f=36&t=33917

\_\_\_\_ 2.37 Changelog

Better HiDPI support  
Change timestamp and video  
GPS direction - http://newsgroup.xnview.com/viewtopic.php?f=35&t=33587  
Right click (make selection) and delete - http://newsgroup.xnview.com/viewtopic.php?f=36&t=33700  
NConvert: Multipage extract - http://newsgroup.xnview.com/viewtopic.php?f=57&t=33879

\_\_\_\_ 2.36 Changelog

FLIF format added  
SVG support via rsvg-convert.exe - http://newsgroup.xnview.com/viewtopic.php?f=34&t=31748  
Search similar & extension - http://newsgroup.xnview.com/viewtopic.php?f=56&t=32840  
Multipage save doesn't use read settings  
PCT crash - http://newsgroup.xnview.com/viewtopic.php?f=36&t=33025  
NConvert: -t start step for number in output name

\_\_\_\_ 2.35 Changelog

#THUMB\_WIDTH\_MAX# & #THUMB\_HEIGHT\_MAX# - http://newsgroup.xnview.com/viewtopic.php?f=34&t=30652  
JPEGXR  
Backspace not working in fullscreen  
LibPNG 1.6.20  
ZIPPack Addon - http://newsgroup.xnview.com/viewtopic.php?f=35&t=31563

Pierre.

Tag

#git