Loginsoft has dedicated a team of engineers to discover vulnerabilities in various open source web applications. We are proud and elated to share that all our research findings have been accepted and acknowledged by the vendors successfully. The following is a list of such vulnerabilities unveiled by our Research team.

Vulnerability Reports

CVE-2019-6990: Multiple Vulnerabilities identified in ZoneMinder

Multiple Vulnerabilities identified in ZoneMinder Loginsoft-2019-1038 February 11, 2019 About Package ZoneMinder is an open source surveillance software system provider which stands best in delivering the high standard state of art surveillance cameras and other...

CVE-2019-7172: Vulnerability discovered in the package ATutor

Vulnerability discovered in the package ATutor Loginsoft-2019-1035 February 11, 2019 CVE Number CVE-2019-7172 CWE CWE - 79 Product Details ATutor is an open source web based online learning system which is mainly used to design, develop and deliver the online courses....

CVE-2018-18407: Heap overflow in csum_replace4() – tcpreplay 4.3

Heap overflow in csum_replace4() – tcpreplay 4.3 Loginsoft-2018-18407 November 2, 2018 CVE Number CVE-2018-18407 CWE CWE-122: Heap-based Buffer Overflow Product Details Tcpreplay is a suite of free Open Source utilities for editing and replaying previously captured...

Bug Reports

Buffer overflow vulnerability in PS_options() – gnuplot 5.2.5

Buffer overflow vulnerability in PS_options() - gnuplot 5.2.5 Loginsoft-2018-17974 November 2, 2018 CWE CWE-120: Classic Buffer Overflow Product Details Gnuplot is a portable command-line driven graphing utility. URL: https://sourceforge.net/projects/gnuplot/...

Null pointer dereference vulnerability in main() – giflib 5.1.4

Null pointer dereference vulnerability in main() - giflib 5.1.4 October 30, 2018 CVE Number - CWE CWE-476: NULL Pointer Dereference Product Details A program to modify GIF image colormaps. Any local colormap in a GIF file can be modified at a time, or the global...

Unrestricted resource consumption in wilmidi 0.4.3

Unrestricted resource consumption in wilmidi 0.4.3 Loginsoft-2018-1008 September 13, 2018 CWE CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion')   Product Details WildMIDI is a simple software midi player which has a core softsynth library that can be...

Denial of service in VCFtools 0.1.16

Denial of service in VCFtools 0.1.16 Loginsoft-2018-1007 August 29, 2018 CWE CWE-20: Improper Input Validation Product Details VCFtools is a suite of functions for use on genetic variation data in the form of VCF and BCF files. The tools provided will be used mainly...