A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 9184 of biosig.c on the current master branch (35a819fa), when the Tag is 131:
else if (tag==131) //0x83
{
// Patient Age
if (len!=7) fprintf(stderr,"Warning MFER tag131 incorrect length %i!=7\n",len);
curPos += ifread(buf,1,len,hdr);
A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 9141 of biosig.c on the current master branch (35a819fa), when the Tag is 67:
else if (tag==67) //0x43: Sample skew
{
int skew=0; // [1]
curPos += ifread(&skew, 1, len,hdr);
In this case, the address of the newly-defined integer `skew` \[1\] is overflowed instead of `buf`. This means a stack overflow can occur using much smaller values of `len` in this code path.
A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 9191 of biosig.c on the current master branch (35a819fa), when the Tag is 65:
else if (tag==65) //0x41: patient event
{
// event table
curPos += ifread(buf,1,len,hdr);
A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 9090 of biosig.c on the current master branch (35a819fa), when the Tag is 64:
else if (tag==64) //0x40
{
// preamble
char tmp[256]; // [1]
curPos += ifread(tmp,1,len,hdr);
In this case, the overflowed buffer is the newly-declared `tmp` \[1\] instead of `buf`. While `tmp` is larger than `buf`, having a size of 256 bytes, a stack overflow can still occur in cases where `len` is encoded using multiple octets and is greater than 256.
A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 8970 of biosig.c on the current master branch (35a819fa), when the Tag is 63:
else if (tag==63) {
uint8_t tag2=255, len2=255;
count = 0;
while ((count<len) && !(FlagInfiniteLength && len2==0 && tag2==0)){
curPos += ifread(&tag2,1,1,hdr);
curPos += ifread(&len2,1,1,hdr);
if (VERBOSE_LEVEL==9)
fprintf(stdout,"MFER: tag=%3i chan=%2i len=%-4i tag2=%3i len2=%3i curPos=%i %li count=%4i\n",tag,chan,len,tag2,len2,curPos,iftell(hdr),(int)count);
if (FlagInfiniteLength && len2==0 && tag2==0) break;
count += (2+len2);
curPos += ifread(&buf,1,len2,hdr);
Here, the number of bytes read is not the Data Length decoded from the current frame in the file (`len`) but rather is a new length contained in a single octet read from the same input file (`len2`). Despite this, a stack-based buffer overflow condition can still occur, as the destination buffer is still `buf`, which has a size of only 128 bytes, while `len2` can be as large as 255.
A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 8850 of biosig.c on the current master branch (35a819fa), when the Tag is 13:
else if (tag==13) {
if (len>8) fprintf(stderr,"Warning MFER tag13 incorrect length %i>8\n",len);
curPos += ifread(&buf,1,len,hdr);
A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 8842 of biosig.c on the current master branch (35a819fa), when the Tag is 12:
else if (tag==12) //0x0C
{
// sampling resolution
if (len>6) fprintf(stderr,"Warning MFER tag12 incorrect length %i>6\n",len);
val32 = 0;
int8_t v8;
curPos += ifread(&UnitCode,1,1,hdr);
curPos += ifread(&v8,1,1,hdr);
curPos += ifread(buf,1,len-2,hdr);
In addition to values of `len` greater than 130 triggering a buffer overflow, a value of `len` smaller than 2 will also trigger a buffer overflow due to an integer underflow when computing `len-2` in this code path.
A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 8824 of biosig.c on the current master branch (35a819fa), when the Tag is 11:
else if (tag==11) //0x0B
{
// Fs
if (len>6) fprintf(stderr,"Warning MFER tag11 incorrect length %i>6\n",len);
double fval;
curPos += ifread(buf,1,len,hdr);
A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 8785 of biosig.c on the current master branch (35a819fa), when the Tag is 8:
else if (tag==8) {
if (len>2) fprintf(stderr,"Warning MFER tag8 incorrect length %i>2\n",len);
curPos += ifread(buf,1,len,hdr);
A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 8779 of biosig.c on the current master branch (35a819fa), when the Tag is 6:
else if (tag==6) // 0x06 "number of sequences"
{
// NRec
if (len>4) fprintf(stderr,"Warning MFER tag6 incorrect length %i>4\n",len);
curPos += ifread(buf,1,len,hdr);
A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 8759 of biosig.c on the current master branch (35a819fa), when the Tag is 5:
else if (tag==5) //0x05: number of channels
{
uint16_t oldNS=hdr->NS;
if (len>4) fprintf(stderr,"Warning MFER tag5 incorrect length %i>4\n",len);
curPos += ifread(buf,1,len,hdr);
A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 8751 of biosig.c on the current master branch (35a819fa), when the Tag is 4:
else if (tag==4) {
// SPR
if (len>4) fprintf(stderr,"Warning MFER tag4 incorrect length %i>4\n",len);
curPos += ifread(buf,1,len,hdr);
A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 8744 of biosig.c on the current master branch (35a819fa), when the Tag is 3:
else if (tag==3) {
// character code
char v[17]; // [1]
if (len>16) fprintf(stderr,"Warning MFER tag2 incorrect length %i>16\n",len);
curPos += ifread(&v,1,len,hdr);
v[len] = 0;
In this case, the overflowed buffer is the newly-declared `v` \[1\] instead of `buf`. Since `v` is only 17 bytes large, much smaller values of `len` (even those encoded using a single octet) can trigger an overflow in this code path.
A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 8719 of biosig.c on the current master branch (35a819fa), when the Tag is 0:
if (tag==0) {
if (len!=1) fprintf(stderr,"Warning MFER tag0 incorrect length %i!=1\n",len);
curPos += ifread(buf,1,len,hdr);
}
A heap-based buffer overflow vulnerability exists in the Nex parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted .nex file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
PhpOffice/PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Prior to versions 1.30.0, 2.1.12, 2.4.0, 3.10.0, and 5.0.0, SSRF can occur when a processed HTML document is read and displayed in the browser. The vulnerability lies in the setPath method of the PhpOffice\PhpSpreadsheet\Worksheet\Drawing class, where a crafted string from the user is passed to the HTML reader. This issue has been patched in versions 1.30.0, 2.1.12, 2.4.0, 3.10.0, and 5.0.0.
A heap-based buffer overflow vulnerability exists in the ISHNE parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted ISHNE ECG annotations file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
A heap-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
An integer overflow vulnerability exists in the ABF parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted ABF file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
A heap-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
An integer overflow vulnerability exists in the GDF parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted GDF file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
An out-of-bounds read vulnerability exists in the Nex parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted .nex file can lead to an information leak. An attacker can provide a malicious file to trigger this vulnerability.
A heap-based buffer overflow vulnerability exists in the RHS2000 parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted RHS2000 file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
An issue in System PDV v1.0 allows a remote attacker to obtain sensitive information via the hash parameter in a URL. The application contains an Insecure Direct Object Reference (IDOR) vulnerability, which occurs due to a lack of proper authorization checks when accessing objects referenced by this parameter. This allows direct access to other users' data or internal resources without proper permission. Successful exploitation of this flaw may result in the exposure of sensitive information.
A flaw has been found in mtons mblog up to 3.5.0. Affected by this vulnerability is an unknown functionality of the file /settings/profile. Executing manipulation of the argument signature can lead to cross site scripting. The attack may be launched remotely. The exploit has been published and may be used. Other parameters might be affected as well.
The Custom Query Shortcode plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 0.4.0 via the 'lens' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of files on the server, which can contain sensitive information.
Cross-Site Request Forgery (CSRF) vulnerability in Kevin Langley Jr. Post Type Converter post-type-converter allows Cross Site Request Forgery.This issue affects Post Type Converter: from n/a through <= 0.6.
Information disclosure and exposure of authentication FTP credentials over the debug port 1604 in the MINOVA TTA service. This allows unauthenticated remote access to an active FTP account containing sensitive internal data and import structures. In environments where this FTP server is part of automated business processes (e.g. EDI or data integration), this could lead to data manipulation, extraction, or abuse. Debug ports 1602, 1603 and 1636 also expose service architecture information and system activity logs
An Unquoted Search Path vulnerability has been identified in the utility for Moxa’s industrial computers (Windows). Due to the unquoted path configuration in the SerialInterfaceService.exe utility, a local attacker with limited privileges could place a malicious executable in a higher-priority directory within the search path. When the Serial Interface service starts, the malicious executable could be run with SYSTEM privileges. Successful exploitation could allow privilege escalation or enable an attacker to maintain persistence on the affected system. While successful exploitation can severely impact the confidentiality, integrity, and availability of the affected device itself, there is no loss of confidentiality, integrity, or availability within any subsequent systems.
A path traversal vulnerability in the NPM package installation process of Google Cloud Dataform allows a remote attacker to read and write files in other customers' repositories via a maliciously crafted package.json file.
Improper Handling of Length Parameter Inconsistency vulnerability in web server function on Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module allows a remote unauthenticated attacker to delay the processing of the web server function and prevent legitimate users from utilizing the web server function, by sending a specially crafted HTTP request.
A weakness has been identified in xuhuisheng lemon up to 1.13.0. This affects the function uploadImage of the file CmsArticleController.java of the component com.mossle.cms.web.CmsArticleController.uploadImage. This manipulation of the argument Upload causes unrestricted upload. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited.
A vulnerability was identified in Scada-LTS up to 2.7.8.1. The affected element is an unknown function of the file /pointHierarchySLTS of the component Folder Handler. The manipulation of the argument Title leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.
A vulnerability was determined in jqlang jq up to 1.6. Impacted is the function run_jq_tests of the file jq_test.c of the component JSON Parser. Executing manipulation can lead to reachable assertion. The attack requires local access. The exploit has been publicly disclosed and may be utilized. Other versions might be affected as well.
A vulnerability was found in HuangDou UTCMS 9. This issue affects some unknown processing of the file app/modules/ut-frame/admin/update.php of the component Config Handler. Performing manipulation of the argument UPDATEURL results in server-side request forgery. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
A vulnerability has been found in HuangDou UTCMS 9. This vulnerability affects unknown code of the file app/modules/ut-frame/admin/login.php of the component Login. Such manipulation of the argument code leads to incorrect comparison. The attack can be executed remotely. The attack requires a high level of complexity. It is stated that the exploitability is difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
A flaw has been found in YiFang CMS up to 2.0.5. This affects the function mergeMultipartUpload of the file app/utils/base/plugin/P_file.php. This manipulation of the argument File causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
A vulnerability was detected in YiFang CMS up to 2.0.5. Affected by this issue is some unknown functionality of the file app/logic/L_tool.php. The manipulation of the argument new_url results in sql injection. The attack may be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
A security vulnerability has been detected in YiFang CMS up to 2.0.5. Affected by this vulnerability is the function exportInstallTable of the file app/utils/base/database/Migrate.php. The manipulation leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
A weakness has been identified in givanz Vvveb up to 1.0.7.2. Affected is an unknown function of the file /system/traits/media.php. Executing manipulation of the argument files[] can lead to unrestricted upload. The attack can be launched remotely. The exploit has been made available to the public and could be exploited. Applying a patch is advised to resolve this issue. The code maintainer explains, that "[he] fixed the code to remove this vulnerability and will make a new release".
A security flaw has been discovered in ckolivas lrzip up to 0.651. This impacts the function __GI_____strtol_l_internal of the file strtol_l.c. Performing manipulation results in null pointer dereference. The attack is only possible with local access. The exploit has been released to the public and may be exploited.
A vulnerability was identified in wangsongyan wblog 0.0.1. This affects the function RestorePost of the file backup.go. Such manipulation of the argument fileName leads to server-side request forgery. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
A flaw has been found in PoDoFo 1.1.0-dev. This issue affects the function PdfTokenizer::DetermineDataType of the file src/podofo/main/PdfTokenizer.cpp of the component PDF Dictionary Parser. Executing manipulation can lead to use after free. It is possible to launch the attack on the local host. The exploit has been published and may be used. This patch is called 22d16cb142f293bf956f66a4d399cdd65576d36c. A patch should be applied to remediate this issue.
A weakness has been identified in Bjskzy Zhiyou ERP up to 11.0. Affected by this issue is the function getFieldValue of the component com.artery.workflow.ServiceImpl. This manipulation of the argument sql causes sql injection. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
A security flaw has been discovered in vim up to 9.1.1615. Affected by this vulnerability is the function main of the file src/xxd/xxd.c of the component xxd. The manipulation results in buffer overflow. The attack requires a local approach. The exploit has been released to the public and may be exploited. Upgrading to version 9.1.1616 addresses this issue. The patch is identified as eeef7c77436a78cd27047b0f5fa6925d56de3cb0. It is recommended to upgrade the affected component.
A vulnerability was identified in vim 9.1.0000. Affected is the function __memmove_avx_unaligned_erms of the file memmove-vec-unaligned-erms.S. The manipulation leads to memory corruption. The attack needs to be performed locally. The exploit is publicly available and might be used. Some users are not able to reproduce this. One of the users mentions that this appears not to be working, "when coloring is turned on".