Linux Distros Unpatched Vulnerability : CVE-2018-1000051

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Artifex Mupdf version 1.12.0 contains a Use After Free vulnerability in fzkeepkeystorable that can result in DOS / Possible code execution. This attack appear t...

Foxit PDF Editor < 2025.2 Multiple Vulnerabilities

According to its version, the Foxit PDF Editor application previously named Foxit PhantomPDF installed on the remote Windows host is prior to 2025.2. It is, therefore affected by multiple vulnerabilities: - A memory corruption vulnerability exists in Foxit Reader 2025.1.0.27937 due to the use of ...

CVE-2012-4142

Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, ignores some characters in HTML documents in unspecified circumstances, which makes it easier for remote attackers to conduct cross-site scripting XSS attacks via a crafted document...

SUSE CVE-2009-1492

The getAnnots Doc method in the JavaScript API in Adobe Reader and Acrobat 9.1, 8.1.4, 7.1.1, and earlier allows remote attackers to cause a denial of service memory corruption or execute arbitrary code via a PDF file that contains an annotation, and has an OpenAction entry with JavaScript code...

SUSE CVE-2011-0627

Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via crafted Flash content, as possibly exploited in the wild in May 2011 by a Microsoft...

The vulnerability in the implementation of the util.printf() function allows attackers to execute arbitrary code in PDF viewer and editor applications like Adobe Reader and Adobe Acrobat.

The vulnerability of the util.printf function in PDF viewing and editing applications like Adobe Reader and Adobe Acrobat arises from the execution of operations outside of the buffer in memory, due to improper parameter checking. Exploiting this vulnerability allows a malicious actor to execute...

Exploit for CVE-2022-30190

CVE-2022-30190 CVE-2022-30190 Follina POC Host exploit.html...

Exploit for Path Traversal in Microsoft

This repository is an exploit module for CVE-2021-40444, a remote code execution vulnerability in Microsoft Office Word. The exploit is a malicious docx generator that creates a document that, when opened, will execute a malicious DLL file. The exploit is based on some reverse engineering over a...

Cross-site Scripting (XSS) - Stored in siwapp/siwapp

Description Stored Cross-Site Scripting XSS vulnerability due to the lack of content validation and output encoding. This vulnerability can be exploited by uploading a crafted payload inside a document. Then, the vulnerability can be triggered when the user previews the document´s content. Proof ...

The vulnerabilities of PDF viewing and editing programs like Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, Adobe Acrobat 2017, Adobe Acrobat Reader 2017, Adobe Acrobat 2015, and Adobe Acrobat Reader 2015 are related to memory usage after it is freed. This allows attackers to execute arbitrary code.

The vulnerability of PDF viewing and editing programs such as Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, Adobe Acrobat 2017, Adobe Acrobat Reader 2017, and Adobe Acrobat 2015/Reader 2015 is related to the use of memory after it is freed. Exploiting this vulnerability can...

Nitro Pro Heap Memory Corruption Vulnerability (CNVD-2020-16096)

Nitro Pro is a desktop product with full PDF creation and editing capabilities. A heap memory corruption vulnerability exists in npdf.dll in versions prior to Nitro Pro 13.13.2.242. An attacker can exploit this vulnerability via a specially crafted PDF document to cause heap corruption to occur a...

CVE-2018-8584

creationtimestamp| type| source ---|---|--- 2018-11-14 17:39:01+00:00| seen| MISP/5bec5b59-b2b0-4506-9c63-32a40a021402 2019-01-09 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/46104...

DEBIAN-CVE-2018-18454

CCITTFaxStream::readRow in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service heap-based buffer over-read via a crafted pdf file, as demonstrated by pdftoppm...

The vulnerability of the Win32k component in Windows operating systems, which allows a hacker to execute arbitrary code

The vulnerability of the Win32k component in Windows operating systems is related to errors in processing embedded fonts. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially crafted web page or document...

Internet Explorer zero-day: browser is once again under attack

Update 2018-05-25: CVE-2018-8174 has been added to the RIG exploit kit MDNC. Update 2018-05-22: Security researcher Richard Warren mentioned that a fully working IE zero-day now patched with payload was uploaded to VirusTotal. We decided to test Malwarebytes against it, since last time we only ha...

CVE-2016-8382

An exploitable heap corruption vulnerability exists in the DocSetSummary functionality of AntennaHouse DMC HTMLFilter. A specially crafted doc file can cause a heap corruption resulting in arbitrary code execution. An attacker can send a malicious doc file to trigger this vulnerability...

CVE-2017-17629

creationtimestamp| type| source ---|---|--- 2017-12-11 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/43287...

Microsoft Graphics Component Information Disclosure (CVE-2017-0283)

An information disclosure vulnerability exists in Microsoft Graphics Component. The vulnerability is due to improper handling of objects in memory, allowing an attacker to retrieve information that could lead to an Address Space Layout Randomization ASLR bypass. An attacker could convince a user ...

Modified Zyklon and plugins from India

IntroductionStreams of malicious emails Talos inspects every day usually consist of active spamming campaigns for various ransomware families, phishing campaigns and the common malware family suspects such as banking Trojans and bots.. It is however often more interesting to analyze campaigns...

The vulnerability of the Windows operating system, which allows a perpetrator to trigger a service failure

The vulnerability of the Windows operating system is related to the lack of access control. Exploiting this vulnerability can allow an attacker to cause a service failure using a specially crafted Office document...