It's not an online scanner, it's scanning offline on the filesystem. I can test that even without an installation. The only issue here is that I have a database with information of the form "app X had its last security vuln Y that was fixed in Z". It seems right now there is no fixed version, so that's what I'm reporting. I can update it once you make a new release. See here how the data looks: https://git.schokokeks.org/freewvs.git/blob/master/freewvsdb/wiki.json
I'm not running phpwiki myself, I'm developing a tool that scans for vulnerable web applications [1]. [1] https://source.schokokeks.org/freewvs/
Cross Site Scripting vulnerability
Security vulnerabilities described on exploit-db
pam_mount uses deprecated openssl 1.1 features
Can I ask what the fix is? Your comment indicates this is an underlying thunderbird issue and can't be fixed within Enigmail.
I created a patch that fixes all those issues and a few more. Appart from the ones you mentioned it is also possible to achieve XSS via the formaction attribute or via svg animations (animate to attribute). I'm now adding a lot more filtering, but I believe this doesn't break any common html mails, as other webmailers apply similar filtering. I'm completely removing inline SVG (gmail does the same, so I don't think anyone uses them). Some of the filtering is now redundant, but it may help kill further...
I created a patch that fixes all those issues and a few more. Appart from the ones you mentioned it is also possible to achieve XSS via the formaction attribute or via svg animations (animate to attribute). I'm now adding a lot more filtering, but I believe this doesn't break any common html mails, as other webmailers apply similar filtering. I'm completely removing inline SVG (gmail does the same, so I don't think anyone uses them). Some of the filtering is now redundant, but it may help kill further...
asan stack trace
netstat IPv6 handling causes overlapping memcpy
I guess nobody is developing here any more, but for completeness I'm attaching a sample address sanitizer stack trace. This can be tested by compiling espeak with asan (make CXXFLAGS="-fsanitize=address -g" LDFLAGS="-fsanitize=address") and then simply running "espeak a".
Mixed content warning on https version of dosbox page
out of bounds heap read in dirac::VHFilter::Interleave
example file attached
heap overflow (write) in dirac::ArithCodecBase::ReadAllData
heap out of bounds read in convert_latin1
duplicate definition of _tab_page_modules
[lxtask] fix multiple definitions of global variables (builds with -fno-common)
compilation with openssl 1.1 fails
null pointer access / segfault in NArchive::N7z::CInArchive::ReadAndDecodePackedStreams
null pointer access / segfault after failing memory allocation in 7zIn.cpp
Can confirm fix. I think this bug report can now go public, can you change the "Private"...
fix delete instead of delete [] in encrypt.h
fix buffer overflow in SoftRasterInit
fix gcc compiler warning about pointer conversion in path.h
heap out of bounds read in NArchive::N7z::CDecoder::Decode on malformed input
segfault / null pointer access on malformed input file
errors in tests regarding string length
Tested again with latest git code, no change. bug still there.
How have you tried to reproduce it? (I wrote that this can be seen with valgrind...
I don't see a fix for this, this is still happening in the current git head code....
Invalid heap read in gif2rgb, function DumpScreen2RGB()
Invalid write (heap overflow) in gif2rgb with images of size 0
Avoid negative array access in dictionary.cpp
missing include in read.cpp
Hi, just reviewing old issues. The bug here is in the file getarg.c. The command...
I'm just reviewing old issues I reported, this was closed without a comment, but...
stack overflow / endless recursion on malformed input
I re-found this bug while fuzzing cramfsck, your fix works. Unfortunately it seems...
[lxterminal] Return value on non-void function
I had tested the latest release (5.8) but now I see this is quite old. However the...
Invalid C input file causes invalid read / heap overflow
heap overflow / off by one read with malformed arc file
Just fyi, libarchive supports rar files (and a ton of other file formats), is free...
segfault in giftool on malformed input file
malformed gif causes crash in giftool
malformed gif causes segfault in giffilter
invalid memory access in most command line tools in util
malformed input causes endless loop
Probably something like this: a) export AFL_HARDEN=1; export AFL_USE_ASAN=1 b) compiled...
An upper bound for the comments doesn't seem like a clean solution There's something...
This was my fuzzing input
malformed .flac file causes crash / segfault
Secure ZIP encryption should be default, warn about or disable insecure encryption