[FD] libtiff: invalid write (CVE-2015-7554)

`_TIFFVGetField()' in libtiff-4.0.6 may write field data for certain extension tags to invalid or possibly arbitrary memory. Each tag has a `field_passcount' variable in their TIFFField struct: tiff-4.0.6/libtiff/tif_dir.h #276..289: , | struct _TIFFField { | uint32 field_tag;

[FD] EasyCafe Server <= 2.2.14 Remote File Read

# Title : EasyCafe Server <= 2.2.14 Remote File Read # Date : 25/12/2015 # Author : R-73eN # Tested on : Windows 7 Ultimate # Software Link : http://www.tinasoft.com/easycafe/ # Vulnerable Versions : EasyCafe Server <= 2.2.14 # EasyCafe Server has a feature to upload file from the server to a clien

Re: [FD] Executable installers are vulnerable^WEVIL (case 15): F-SecureOnlineScanner.exe allows arbitrary (remote) code execution and escalation of privilege

"Shawn McMahon" wrote: > On Wed, Dec 23, 2015 at 7:13 AM, Stefan Kanthak > wrote: > >> Hi @ll, >> >> F-Secure's online virus scanner F-SecureOnlineScanner.exe, available >> via , >> loads and executes several rogue/bogus DLLs (UXTheme.