Skip to content

nhiephon/Research

main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 

README.md

Research

Twitter

Hackerone

Facebook Whitehat

2022

CVE-2022-0273

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0273

CVE-2022-0405

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0405

CVE-2022-0406

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0406

CVE-2022-0574

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0574

CVE-2022-0578

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0578

CVE-2022-0665

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0665

CVE-2022-0697

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0697

CVE-2022-0716

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0716

CVE-2022-0726

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0726

CVE-2022-0727

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0727

CVE-2022-0761

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0761

CVE-2022-0912

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0912

CVE-2022-0917

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0917

CVE-2022-0950

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0950

CVE-2022-40405

[Description]

WoWonder Social Network Platform v4.1.2 was discovered to contain a SQL injection vulnerability via the offset parameter at requests.php?f=load-my-blogs.

[Vulnerability Type]

SQL Injection

[Vendor of Product]

WoWonder (www.wowonder.com)

[Affected Product Code Base]

WoWonder Social Network Platform - 4.1.2

[Affected Component]

target.website/requests.php?f=load-my-blogs&offset=inject_here

[Attack Type]

Remote

[Impact Information Disclosure]

True

[Attack Vectors]

Remote attackers can gain access to the database by exploiting a request to "requests.php?f=load-my-blogs" via "offset" parameter.

[Reference]

https://github.com/nhiephon/Research
https://www.wowonder.com

[Discoverer]

NXQ, nhiephon from NCSC of Vietnam

CVE-2022-42984

[Description]

WoWonder Social Network Platform 4.1.4 was discovered to contain a SQL injection vulnerability via the offset parameter at requests.php?f=search&s=recipients.

[Vulnerability Type]

SQL Injection

[Vendor of Product]

WoWonder (www.wowonder.com)

[Affected Product Code Base]

WoWonder Social Network Platform - 4.1.4

[Affected Component]

target.website/requests.php?f=search&s=recipients&query=inject_here

[Attack Type]

Remote

[Impact Denial of Service]

True

[Impact Information Disclosure]

True

[Attack Vectors]

Remote attackers can gain access to the database by exploiting a request to "requests.php?f=search&s=recipients" via "query" parameter.

[Reference]

https://github.com/nhiephon/Research
https://www.wowonder.com

[Discoverer]

NXQ, nhiephon from NCSC of Vietnam

2021

CVE-2021-3967

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3967

2020

CVE-2020-13905

[Description]

IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000038ed4.

[Additional Information]

Vendor fixed the error in the plugin. Please read "https://www.irfanview.com/plugins.htm"

[VulnerabilityType Other]

User mode write access violations

[Vendor of Product]

Irfanview

[Affected Product Code Base]

IrFanView 32-bit - 4.54

[Affected Component]

Plugin Formats.dll read file hdr. FORMATS!GetPlugInInfo+0x38ed4: 1006f044 8806 mov byte ptr [esi],al ds:002b:0af8f000=??

[Attack Type]

Local

[CVE Impact Other]

User mode write access violations

[Attack Vectors]

To exploit vulnerability, someone must open a crafted HDR file.

[Reference]

https://github.com/nhiephon/Research/blob/master/README.md
https://www.irfanview.com/plugins.htm

[Discoverer]

Nguyễn Quang and Lưu Minh Trí from NCSC of Vietnam

CVE-2020-13906

[Description]

IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000038eb7.

[Additional Information]

Vendor fixed the error in the plugin. Please read "https://www.irfanview.com/plugins.htm"

[VulnerabilityType Other]

User mode write access violations

[Vendor of Product]

Irfanview

[Affected Product Code Base]

IrFanView 32-bit - 4.54

[Affected Component]

Plugin Formats.dll read file hdr. FORMATS!GetPlugInInfo+0x38eb7: 1006f027 8806 mov byte ptr [esi],al ds:002b:0af4f000=??

[Attack Type]

Local

[CVE Impact Other]

User mode write access violations

[Attack Vectors]

To exploit vulnerability, someone must open a crafted HDR file.

[Reference]

https://github.com/nhiephon/Research/blob/master/README.md
https://www.irfanview.com/plugins.htm

[Discoverer]

TuanDA, HiepHV from NCSC of Vietnam

CVE-2020-23545

[Description]

IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ReadXPM_W+0x0000000000000531.

[Additional Information]

Vendor fixed the error in the plugin. Please read "https://www.irfanview.com/plugins.htm"

[VulnerabilityType Other]

User mode write access violations

[Vendor of Product]

Irfanview

[Affected Product Code Base]

IrFanView 32-bit - 4.54

[Affected Component]

Plugin Formats.dll read file xpm. FORMATS!ReadXPM_W+0x531: 10003991 880429 mov byte ptr [ecx+ebp],al ds:002b:0f7ff000=??

[Attack Type]

Local

[CVE Impact Other]

User mode write access violations

[Attack Vectors]

To exploit vulnerability, someone must open a crafted XPM file.

[Reference]

https://github.com/nhiephon/Research/blob/master/README.md
https://www.irfanview.com/plugins.htm

[Discoverer]

NXQ from NCSC of Vietnam

CVE-2020-23546

[Description]

IrfanView 4.54 allows attackers to cause a denial of service or possibly other unspecified impacts via a crafted XBM file, related to a "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at FORMATS!ReadMosaic+0x0000000000000981.

[Additional Information]

Vendor fixed the error in the plugin. Please read "https://www.irfanview.com/plugins.htm"

[VulnerabilityType Other]

The data from the faulting address is later used to a function call

[Vendor of Product]

Irfanview

[Affected Product Code Base]

IrfanView 32-bit - 4.54

[Affected Component]

Plugin Formats.dll read file xbm. FORMATS!ReadMosaic+0x981: 10003171 8a91e8110d10 mov dl,byte ptr FORMATS!GetPlugInInfo+0x9b0b8 ds:002b:dcd9deb4=??

[Attack Type]

Local

[CVE Impact Other]

User mode write access violations

[Attack Vectors]

To exploit vulnerability, someone must open a crafted XBM file.

[Reference]

https://github.com/nhiephon/Research/blob/master/README.md
https://www.irfanview.com/plugins.htm

[Discoverer]

NXQ from NCSC of Vietnam

CVE-2020-23549

[Description]

IrfanView 4.54 allows attackers to cause a denial of service or possibly other unspecified impacts via a crafted .cr2 file, related to a "Data from Faulting Address controls Branch Selection starting at FORMATS!GetPlugInInfo+0x00000000000047f6".

[Additional Information]

Vendor fixed the error in the plugin. Please read "https://www.irfanview.com/plugins.htm"

[VulnerabilityType Other]

Denial Of Service, Overflow

[Vendor of Product]

Irfanview

[Affected Product Code Base]

IrFanView 32-bit - 4.54

[Affected Component]

FORMATS!GetPlugInInfo+0x47f6: 10039416 8b0a mov ecx, dword ptr [edx] ds:002b:48663000=????????

[Attack Type]

Local

[CVE Impact Other]

Denial of Service

[Attack Vectors]

To exploit vulnerability, someone must open a crafted CR2 file.

[Reference]

https://github.com/nhiephon/Research/blob/master/README.md
https://www.irfanview.com/plugins.htm

[Discoverer]

NPD from NCSC of Vietnam

CVE-2020-23550

[Description]

IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007e82.

[Additional Information]

Vendor fixed the error in the plugin. Please read "https://www.irfanview.com/plugins.htm"

[VulnerabilityType Other]

User mode write access violations

[Vendor of Product]

Irfanview

[Affected Product Code Base]

Irfanview 32-bit - 4.54

[Affected Component]

Plugin Formats.dll read file dds. FORMATS!GetPlugInInfo+0x7e82: 1003cb12 8807 mov byte ptr [edi], al ds:002b:0ae3d000=??

[Attack Type]

Local

[CVE Impact Other]

User mode write access violations

[Attack Vectors]

To exploit vulnerability, someone must open a crafted DDS file.

[Reference]

https://github.com/nhiephon/Research
https://www.irfanview.com/plugins.htm

[Discoverer]

nhiephon from NCSC of Vietnam

CVE-2020-23551

[Description]

IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007e30.

[Additional Information]

Vendor fixed the error in the plugin. Please read "https://www.irfanview.com/plugins.htm"

[VulnerabilityType Other]

User mode write access violations

[Vendor of Product]

Irfanview

[Affected Product Code Base]

Irfanview 32-bit - 4.54

[Affected Component]

Plugin Formats.dll read file dds. FORMATS!GetPlugInInfo+0x7e30: 1003cac0 89448ffc mov dword ptr [edi+ecx*4-4], eax ds:002b:0af2d000=????????

[Attack Type]

Local

[CVE Impact Other]

User mode write access violations

[Attack Vectors]

To exploit vulnerability, someone must open a crafted DDS file.

[Reference]

https://github.com/nhiephon/Research
https://www.irfanview.com/plugins.htm

[Discoverer]

nhiephon from NCSC of Vietnam

CVE-2020-23552

[Description]

IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007e62.

[Additional Information]

Vendor fixed the error in the plugin. Please read "https://www.irfanview.com/plugins.htm"

[VulnerabilityType Other]

User mode write access violations

[Vendor of Product]

Irfanview

[Affected Product Code Base]

Irfanview 32-bit - 4.54

[Affected Component]

Plugin Formats.dll read file dds. FORMATS!GetPlugInInfo+0x7e62: 1003caf2 8807 mov byte ptr [edi], al ds:002b:0aebd000=??

[Attack Type]

Local

[CVE Impact Other]

User mode write access violations

[Attack Vectors]

To exploit vulnerability, someone must open a crafted DDS file.

[Reference]

https://github.com/nhiephon/Research
https://www.irfanview.com/plugins.htm

[Discoverer]

nhiephon from NCSC of Vietnam

CVE-2020-23553

[Description]

IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007d33.

[Additional Information]

Vendor fixed the error in the plugin. Please read "https://www.irfanview.com/plugins.htm"

[VulnerabilityType Other]

User mode write access violations

[Vendor of Product]

Irfanview

[Affected Product Code Base]

Irfanview 32-bit - 4.54

[Affected Component]

Plugin Formats.dll read file dds. FORMATS!GetPlugInInfo+0x7d33: 1003c9c3 f3a5 rep movs dword ptr es:[edi], dword ptr [esi]

[Attack Type]

Local

[CVE Impact Other]

User mode write access violations

[Attack Vectors]

To exploit vulnerability, someone must open a crafted DDS file.

[Reference]

https://github.com/nhiephon/Research
https://www.irfanview.com/plugins.htm

[Discoverer]

nhiephon from NCSC of Vietnam

CVE-2020-23554

[Description]

IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007e20.

[Additional Information]

Vendor fixed the error in the plugin. Please read "https://www.irfanview.com/plugins.htm"

[VulnerabilityType Other]

User mode write access violations

[Vendor of Product]

Irfanview

[Affected Product Code Base]

Irfanview 32-bit - 4.54

[Affected Component]

Plugin Formats.dll read file dds. FORMATS!GetPlugInInfo+0x7e20: 1003cab0 89448ff4 mov dword ptr [edi+ecx*4-0Ch], eax ds:002b:0af1d000=????????

[Attack Type]

Local

[CVE Impact Other]

User mode write access violations

[Attack Vectors]

To exploit vulnerability, someone must open a crafted DDS file.

[Reference]

https://github.com/nhiephon/Research
https://www.irfanview.com/plugins.htm

[Discoverer]

nhiephon from NCSC of Vietnam

CVE-2020-23555

[Description]

IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007e6e.

[Additional Information]

Vendor fixed the error in the plugin. Please read "https://www.irfanview.com/plugins.htm"

[VulnerabilityType Other]

User mode write access violations

[Vendor of Product]

Irfanview

[Affected Product Code Base]

Irfanview 32-bit - 4.54

[Affected Component]

Plugin Formats.dll read file dds. FORMATS!GetPlugInInfo+0x7e6e: 1003cafe 8807 mov byte ptr [edi], al ds:002b:0b03d000=??

[Attack Type]

Local

[CVE Impact Other]

User mode write access violations

[Attack Vectors]

To exploit vulnerability, someone must open a crafted DDS file.

[Reference]

https://github.com/nhiephon/Research
https://www.irfanview.com/plugins.htm

[Discoverer]

nhiephon from NCSC of Vietnam

CVE-2020-23556

[Description]

IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007e28.

[Additional Information]

Vendor fixed the error in the plugin. Please read "https://www.irfanview.com/plugins.htm"

[VulnerabilityType Other]

User mode write access violations

[Vendor of Product]

Irfanview

[Affected Product Code Base]

Irfanview 32-bit - 4.54

[Affected Component]

Plugin Formats.dll read file dds. FORMATS!GetPlugInInfo+0x7e28: 1003cab8 89448ff8 mov dword ptr [edi+ecx*4-8], eax ds:002b:0b0cd000=????????

[Attack Type]

Local

[CVE Impact Other]

User mode write access violations

[Attack Vectors]

To exploit vulnerability, someone must open a crafted DDS file.

[Reference]

https://github.com/nhiephon/Research
https://www.irfanview.com/plugins.htm

[Discoverer]

nhiephon from NCSC of Vietnam

CVE-2020-23557

[Description]

IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x000000000000755d.

[Additional Information]

Vendor fixed the error in the plugin. Please read "https://www.irfanview.com/plugins.htm"

[VulnerabilityType Other]

User mode write access violations

[Vendor of Product]

Irfanview

[Affected Product Code Base]

IrfanView 32-bit - 4.54

[Affected Component]

Plugin Formats.dll version 4.55.4 read file DCR. FORMATS!ShowPlugInSaveOptions_W+0x755d: 10012eed 66891471 mov word ptr [ecx+esi*2],dx ds:002b:0b0a1000=????

[Attack Type]

Local

[CVE Impact Other]

User mode write access violations

[Attack Vectors]

To exploit vulnerability, someone must open a crafted DCR file.

[Reference]

https://github.com/nhiephon/Research
https://www.irfanview.com/plugins.htm

[Discoverer]

nhiephon from NCSC of Vietnam

CVE-2020-23558

[Description]

IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x0000000000007f4b.

[Additional Information]

Vendor fixed the error in the plugin. Please read "https://www.irfanview.com/plugins.htm"

[VulnerabilityType Other]

User mode write access violations

[Vendor of Product]

Irfanview

[Affected Product Code Base]

IrfanView 32-bit - 4.54

[Affected Component]

Plugin Formats.dll version 4.55.4 read file DCR. FORMATS!ShowPlugInSaveOptions_W+0x7f4b: 100138db 66890c47 mov word ptr [edi+eax*2],cx ds:002b:1bc44e40=????

[Attack Type]

Local

[CVE Impact Other]

User mode write access violations

[Attack Vectors]

To exploit vulnerability, someone must open a crafted DCR file.

[Reference]

https://github.com/nhiephon/Research
https://www.irfanview.com/plugins.htm

[Discoverer]

nhiephon from NCSC of Vietnam

CVE-2020-23559

[Description]

IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x0000000000007d7f.

[Additional Information]

Vendor fixed the error in the plugin. Please read "https://www.irfanview.com/plugins.htm"

[VulnerabilityType Other]

User mode write access violations

[Vendor of Product]

Irfanview

[Affected Product Code Base]

IrfanView 32-bit - 4.54

[Affected Component]

Plugin Formats.dll version 4.55.4 read file DCR. FORMATS!ShowPlugInSaveOptions_W+0x7d7f: 1001370f 66891443 mov word ptr [ebx+eax*2],dx ds:002b:0b0e1000=????

[Attack Type]

Local

[CVE Impact Other]

User mode write access violations

[Attack Vectors]

To exploit vulnerability, someone must open a crafted DCR file.

[Reference]

https://github.com/nhiephon/Research
https://www.irfanview.com/plugins.htm

[Discoverer]

nhiephon from NCSC of Vietnam

CVE-2020-23560

[Description]

IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x000000000001bcab.

[VulnerabilityType Other]

User mode write access violations

[Vendor of Product]

Irfanview

[Affected Product Code Base]

IrfanView 32-bit - 4.54

[Affected Component]

Plugin Formats.dll version 4.55.4 read file DCR. FORMATS!ShowPlugInSaveOptions_W+0x1bcab: 1002763b 6689047e mov word ptr [esi+edi*2],ax ds:002b:4642d000=????

[Attack Type]

Local

[CVE Impact Other]

User mode write access violations

[Attack Vectors]

To exploit vulnerability, someone must open a crafted DCR file.

[Reference]

https://github.com/nhiephon/Research
https://www.irfanview.com/plugins.htm

[Discoverer]

nhiephon from NCSC of Vietnam

CVE-2020-23561

[Description]

IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x0000000000005722.

[VulnerabilityType Other]

User mode write access violations

[Vendor of Product]

Irfanview

[Affected Product Code Base]

IrfanView 32-bit - 4.54

[Affected Component]

Plugin Formats.dll version 4.55.4 read file DCR. FORMATS!ShowPlugInSaveOptions_W+0x5722: 100110b2 6689044a mov word ptr [edx+ecx*2],ax ds:002b:0b0a1000=????

[Attack Type]

Local

[CVE Impact Other]

User mode write access violations

[Attack Vectors]

To exploit vulnerability, someone must open a crafted DCR file.

[Reference]

https://github.com/nhiephon/Research
https://www.irfanview.com/plugins.htm

[Discoverer]

SPT from NCSC of Vietnam

CVE-2020-23562

[Description]

IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x000000000000aefe.

[VulnerabilityType Other]

User mode write access violations

[Vendor of Product]

Irfanview

[Affected Product Code Base]

IrfanView 32-bit - 4.54

[Affected Component]

Plugin Formats.dll version 4.55.4 read file DCR. FORMATS!ShowPlugInSaveOptions_W+0xaefe: 1001688e d918 fstp dword ptr [eax] ds:002b:00000000=????????

[Attack Type]

Local

[CVE Impact Other]

User mode write access violations

[Attack Vectors]

To exploit vulnerability, someone must open a crafted DCR file.

[Reference]

https://github.com/nhiephon/Research
https://www.irfanview.com/plugins.htm

[Discoverer]

HuyenNT, KetDV from NCSC of Vietnam

CVE-2020-23563

[Description]

IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x0000000000002cba.

[VulnerabilityType Other]

User mode write access violations

[Vendor of Product]

Irfanview

[Affected Product Code Base]

IrfanView 32-bit - 4.54

[Affected Component]

Plugin Formats.dll version 4.55.4 read file DCR. FORMATS!ShowPlugInSaveOptions_W+0x2cba: 1000e64a 6689044a mov word ptr [edx+ecx*2],ax ds:002b:0b091000=????

[Attack Type]

Local

[CVE Impact Other]

User mode write access violations

[Attack Vectors]

To exploit vulnerability, someone must open a crafted DCR file.

[Reference]

https://github.com/nhiephon/Research
https://www.irfanview.com/plugins.htm

[Discoverer]

LuongNP, ChienTD from NCSC of Vietnam

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published