154 matches found
XWiki Platform 跨站脚本漏洞
XWiki Platform is a suite of Wiki platforms for creating web collaboration applications from the XWiki Foundation in France. A cross-site scripting vulnerability exists in xwiki-platform-web versions 2.2.1 through 14.4.8, xwiki-platform-web-templates versions prior to 14.4.8, 14.5 through 14.10.5...
PT-2023-5495 · Unknown · Pdf-Xchange Editor
Name of the Vulnerable Software and Affected Versions: PDF-XChange Editor affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page or open a...
The vulnerability of the PDF document viewing program Foxit PDF Reader (formerly Foxit Reader) and the PDF file editing program Foxit PDF Editor (formerly Foxit PhantomPDF) lies in the use of dangerous methods or functions, allowing a perpetrator to execute arbitrary code.
The vulnerability of the PDF document viewing program Foxit PDF Reader formerly Foxit Reader and the PDF file editing program Foxit PDF Editor formerly Foxit PhantomPDF is related to the use of dangerous methods or functions. Exploiting this vulnerability can allow an attacker to execute arbitrar...
PDF-XChange Editor 缓冲区错误漏洞
Tracker Software PDF-XChange Editor is a suite of software for viewing and editing documents in PDF format from Tracker Software, a Canadian company. A buffer error vulnerability exists in PDF-XChange Editor, which is caused by a buffer overflow problem in the handling of Doc objects...
The vulnerabilities of PDF viewing and editing programs like Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, and Adobe Acrobat 2020/Adobe Acrobat Reader 2020 involve reading data beyond the buffer in memory, allowing attackers to gain unauthorized access to protected information.
The vulnerabilities of PDF viewing and editing programs such as Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, Adobe Acrobat 2020, and Adobe Acrobat Reader 2020 are related to reading data beyond the buffer in memory. Exploiting these vulnerabilities can allow attackers to gai...
PDF-XChange Editor 缓冲区错误漏洞
Tracker Software PDF-XChange Editor is a suite of software for viewing and editing PDF format files from Tracker Software, a Canadian company. A security vulnerability exists in PDF-XChange Editor that originates from a problem with the parsing of certain PDF files...
PDF-XChange Editor 缓冲区错误漏洞
Tracker Software PDF-XChange Editor is a suite of software for viewing and editing PDF format files from Tracker Software, a Canadian company. A buffer error vulnerability exists in PDF-XChange Editor that stems from problems parsing certain PDF files...
Tracker Software PDF-XChange Editor 缓冲区错误漏洞
Tracker Software PDF-XChange Editor is a suite of software for viewing and editing PDF format files from Tracker Software, a Canadian company. A security vulnerability exists in Tracker Software PDF-XChange Editor that stems from a problem with the parsing of certain U3D files...
PDF-XChange Editor 缓冲区错误漏洞
Tracker Software PDF-XChange Editor is a suite of software for viewing and editing PDF format files from Tracker Software, a Canadian company. A buffer error vulnerability exists in PDF-XChange Editor that stems from problems parsing certain JP2 files...
CVE-2021-43446
ONLYOFFICE all versions as of 2021-11-08 is vulnerable to Cross Site Scripting XSS. The "macros" feature of the document editor allows malicious cross site scripting payloads to be used...
CVE-2021-43449
ONLYOFFICE all versions as of 2021-11-08 is vulnerable to Server-Side Request Forgery SSRF. The document editor service can be abused to read and serve arbitrary URLs as a document...
CVE-2021-43447
ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Access Control. An authentication bypass in the document editor allows attackers to edit documents without authentication...
CVE-2021-43446
ONLYOFFICE all versions as of 2021-11-08 is vulnerable to Cross Site Scripting XSS. The "macros" feature of the document editor allows malicious cross site scripting payloads to be used...
Cross site scripting
ONLYOFFICE all versions as of 2021-11-08 is vulnerable to Cross Site Scripting XSS. The "macros" feature of the document editor allows malicious cross site scripting payloads to be used...
Server side request forgery (ssrf)
ONLYOFFICE all versions as of 2021-11-08 is vulnerable to Server-Side Request Forgery SSRF. The document editor service can be abused to read and serve arbitrary URLs as a document...
Authentication flaw
ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Access Control. An authentication bypass in the document editor allows attackers to edit documents without authentication...
ONLYOFFICE 跨站脚本漏洞
Ascensio System ONLYOFFICE is an office software from Ascensio System, Latvia. A security vulnerability exists in all versions of ONLYOFFICE prior to 2021-11-08 that stems from vulnerability to cross-site scripting XSS attacks. The "macros" feature of the document editor allows the use of malicio...
CVE-2021-43449
ONLYOFFICE all versions as of 2021-11-08 is vulnerable to Server-Side Request Forgery SSRF. The document editor service can be abused to read and serve arbitrary URLs as a document...
CVE-2021-43445
ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Access Control. An attacker can authenticate with the web socket service of the ONLYOFFICE document editor which is protected by JWT auth by using a default JWT signing key...
PT-2023-12450 · Unknown · Onlyoffice
Name of the Vulnerable Software and Affected Versions: ONLYOFFICE versions prior to the version released after 2021-11-08 Description: The issue concerns a Cross Site Scripting XSS problem. The "macros" feature of the document editor in ONLYOFFICE allows malicious cross site scripting payloads to...