Foxit Reader Code Execution Vulnerability (CNVD-2023-96089)

Foxit Reader is a Chinese Foxit Foxit company's a PDF document reader. A code execution vulnerability exists in Foxit Reader prior to version 12.1.3.15356 due to a flaw in the Javascript saveAs API. An attacker could exploit this vulnerability to execute arbitrary code on the system...

CVE-2023-35985

An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due to a failure to properly validate a dangerous extension. A specially crafted malicious file can create files at arbitrary locations, which can lead to arbitrary code execution. ...

CVE-2023-40194

An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due to mistreatment of whitespace characters. A specially crafted malicious file can create files at arbitrary locations, which can lead to arbitrary code execution. An attacker nee...

Foxit PDF Editor < 2023.3 Multiple Vulnerabilities

According to its version, the Foxit PDF Editor application previously named Foxit PhantomPDF installed on the remote Windows host is prior to 2023.3. It is, therefore affected by multiple vulnerabilities: - A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15356 handles 3D...

Information disclosure

XWiki Platform is a generic wiki platform. Starting in version 6.3-milestone-2 and prior to versions 14.10.15, 15.5.1, and 15.6RC1, the Solr-based search suggestion provider that also duplicates as generic JavaScript API for search results in XWiki exposes the content of all documents of all wiki...

CVE-2023-48241

XWiki Platform contains an information-disclosure flaw in the Solr-based search suggestion service. From CVE-2023-48241 and connected data, the vulnerability affects XWiki Platform versions starting at 6.3-milestone-2 up to but not including fixed releases: 14.10.15, 15.5.1, and 15.6RC1. The Solr...

(Pwn2Own) Adobe Acrobat Reader DC Protected API Restrictions Bypass Vulnerability

This vulnerability allows remote attackers to bypass JavaScript API restrictions on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists withi...

Vulnerability Spotlight: Use-after-free condition in Google Chrome WebGL

Cisco Talos recently discovered an exploitable use-after-free vulnerability in Google Chromes Web Graphics Library WebGL. Google Chrome is a cross-platform web browser -- and Chromium is the open-source version of the browser that both Google and other software developers use as the basis to buil...

CVE-2023-21514

Improper scheme validation from InstantPlay Deeplink in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store...

CVE-2023-21515

InstantPlay which included vulnerable script which could execute javascript in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store...

CVE-2023-21516

XSS vulnerability from InstantPlay in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store...

CVE-2023-21514

Improper scheme validation from InstantPlay Deeplink in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store...

Cross site scripting

XSS vulnerability from InstantPlay in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store...

CVE-2023-21514

Improper scheme validation from InstantPlay Deeplink in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store...

CVE-2023-21516

XSS vulnerability from InstantPlay in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store...

CVE-2023-21516

CVE-2023-21516 concerns Samsung Galaxy Store’s InstantPlay feature. Multiple connected sources confirm an XSS vulnerability in Galaxy Store versions prior to 4.5.49.8, allowing an attacker to use the JavaScript API to install APKs from Galaxy Store. The issue is rooted in InstantPlay and exposes ...

CVE-2023-21514

Improper scheme validation from InstantPlay Deeplink in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store...

CVE-2023-21514

The CVE-2023-21514 entries describe an improper scheme validation vulnerability in Galaxy Store’s InstantPlay Deeplink prior to version 4.5.49.8. The underlying flaw allows an attacker to trigger a JavaScript API to install an APK from Galaxy Store, with impact described as high for confidentiali...

CVE-2023-21515

InstantPlay which included vulnerable script which could execute javascript in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store...

PT-2023-18271 · Samsung · Galaxy Store

Name of the Vulnerable Software and Affected Versions: Galaxy Store versions prior to 4.5.49.8 Description: The issue allows attackers to execute javascript API to install APK from Galaxy Store due to a vulnerable script in InstantPlay. This script can execute javascript in Galaxy Store, enabling...