ImageMagick – WindowsTechs.com

This Week in Security: ImageMagick, vBulletin, and Dota 2

Posted on February 10, 2023 by Jonathan Bennett

There are a few binaries that wind up running in a bunch of places, silently do their jobs, and being easily forgotten about. ImageMagick is used on many servers for …read more Continue reading This Week in Security: ImageMagick, vBulletin, and Dota 2→

This Week in Security: Ghoscript in Imagemagick, Solarwinds, and DHCP Shenanigans

Posted on September 10, 2021 by Jonathan Bennett

A PoC was just published for a potentially serious flaw in the Ghostscript interpreter. Ghostscript can load Postscript, PDF, and SVG, and it has a feature from Postscript that has …read more Continue reading This Week in Security: Ghoscript in Imagemagick, Solarwinds, and DHCP Shenanigans→

GitHub envisions a world with fewer software vulnerabilities

Posted on October 13, 2020 by Mirko Zorz

After five months in beta, the GitHub Code Scanning security feature has been made generally available to all users: for free for public repositories, as a paid option for private ones. “So much of the world’s development happens on GitHub that s… Continue reading GitHub envisions a world with fewer software vulnerabilities→

Custom Weather Camera Feed With Software Tricks

Posted on July 23, 2020 by Tom Nardi

With a gorgeous view of the Italian seaside, we’re not surprised [Danilo Larizza] had a couple IP cameras set up to pull in real-time views. But using a Raspberry Pi, an environmental sensor, and some software trickery to overlay the current (and naturally, perfect) weather conditions over the images? Now …read more

Continue reading Custom Weather Camera Feed With Software Tricks→

SEMrush Plugs Remote Code Execution Bug in Its SaaS Platform

Posted on June 25, 2019 by Tom Spring

Web analytics firm plugs a hole in its platform that allowed attackers to open a reverse shell that could be used to attack the service. Continue reading SEMrush Plugs Remote Code Execution Bug in Its SaaS Platform→

VU#332928: Ghostscript contains multiple -dSAFER sandbox bypass vulnerabilities

Posted on August 21, 2018 by CERT

Ghostscript contains multiple -dSAFER sandbox bypass vulnerabilities,which may allow a remote,unauthenticated attacker to execute arbitrary commands on a vulnerable system. Continue reading VU#332928: Ghostscript contains multiple -dSAFER sandbox bypass vulnerabilities→

Yahoo Retires ImageMagick After Bugs Leak Server Memory

Posted on May 23, 2017 by Michael Mimoso

Researcher Chris Evans reported a new bug and showed how also used a previously known flaw in ImageMagick to leak Yahoo server data and steal images and authentication secrets. Continue reading Yahoo Retires ImageMagick After Bugs Leak Server Memory→

18-Byte ImageMagick Hack Could Have Leaked Images From Yahoo Mail Server

Posted on May 23, 2017 by Swati Khandelwal

After the discovery of a critical vulnerability that could have allowed hackers to view private Yahoo Mail images, Yahoo retired the image-processing library ImageMagick.

ImageMagick is an open-source image processing library that lets users resize, s… Continue reading 18-Byte ImageMagick Hack Could Have Leaked Images From Yahoo Mail Server→