Henri Salo

icon indicating an email [email protected]

icon company Nixu Corporation icon location Finland

Results 58 comments of Henri Salo

Exiv2 RoadMap

Thank you Robin Mills for all your efforts towards better open-source software. It was a pleasure to cooperate with you :+1:

GetSimpleCMS v3.3.13 allows CSRF to change the administrator account's password. in admin/settings.php

CVE-2018-17103 has been assigned for this issue.

Apple Login doesn’t work because of Content security policy?

I can confirm that this issue is still open with 78.8.0esr (64-bit) and d6ce4ebf9e30e846b9e383384f7a20d121fb4030 with error "The loading of “https://idmsa.apple.com/..snip..” in a frame is denied by “X-Frame-Options“ directive set to...

heap-buffer-overflow (READ of size 1) in prelexer.hpp

Reproduced.

heap-buffer-overflow (READ of size 1) in lexer.hpp

Reproduced.

Heap overflow in heif_colorconversion.cc:2263

CVE-2020-23109 has been assigned for this issue.

Segmentation faults in rrdtool info command

@oetiker that is probably the case. If/when you implement fixes I'm more than happy to help continuing the fuzzing to improve the quality of the tool. :)

Backup certain conf files: consistent file extension (.bak, .old, .original, etc.)

etckeeper might be useful

There is two CSRF vulnerability that can delete user or usergroup

Please use https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19291 for this vulnerability.

There is one SSRF vulnerability that can get some sensitive information

CVE-2020-20582 has been assigned for this vulnerability.