326 matches found
Linux Distros Unpatched Vulnerability : CVE-2014-1590
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The XMLHttpRequest.prototype.send method in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows...
Linux Distros Unpatched Vulnerability : CVE-2010-3773
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, when the XMLHttpRequestSpy module in the Firebug add-on is used, does not...
CVE-2022-31094
ScratchTools is a web extension designed to make interacting with the Scratch programming language community Scratching easier. In affected versions anybody who uses the Recently Viewed Projects feature is vulnerable to having their account taken over if they view a project that tries to. The iss...
CVE-2024-25938
A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a Barcode widget. A specially crafted JavaScript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. An...
CVE-2024-28888
A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a checkbox field object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker...
CVE-2024-49576
A use-after-free vulnerability exists in the way Foxit Reader 2024.3.0.26795 handles a checkbox CBFWidget object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An...
Foxit Reader 3D Page Object Use-After-Free Vulnerability
Talos Vulnerability Report TALOS-2024-2094 Foxit Reader 3D Page Object Use-After-Free Vulnerability December 18, 2024 CVE Number CVE-2024-47810 SUMMARY A use-after-free vulnerability exists in the way Foxit Reader 2024.3.0.26795 handles a 3D page object. A specially crafted Javascript code inside...
Exploit for CVE-2024-38998
PPCVE-2024-38998 Uma vulnerabilidade CVE-2024-38998 foi ide...
Openfind Mail2000 Security Vulnerability
Openfind Mail2000 is a web-based email system from China Netrock Information Openfind. A security vulnerability exists in Openfind Mail2000 that originates from allowing bypassing the HttpOnly flag, which allows an unauthenticated, remote attacker to obtain a session cookie with the HttpOnly flag...
Exploit for Improper Check for Unusual or Exceptional Conditions in Mozilla Firefox
Detect CVE-2024-4367 Quick-and-dirty YARA detection rule for...
CVE-2023-40473
PDF-XChange Editor Doc Object Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must...
CVE-2023-42073
PDF-XChange Editor is affected by a Doc Object Out-Of-Bounds Read Information Disclosure vulnerability. The flaw occurs in how Doc objects are handled; via JavaScript actions, an attacker can read past the end of an allocated object, potentially disclosing sensitive information. Some sources note...
URL Shortify < 1.7.6 - Unauthenticated Stored XSS via referer header
Description The plugin does not properly escape the value of the referer header, thus allowing an unauthenticated attacker to inject malicious javascript that will trigger in the plugins admin panel with statistics of the created short link. 1. Add a new shortened link in the interface...
PT-2023-18871 · Typora · Typora
Name of the Vulnerable Software and Affected Versions: Typora versions prior to 1.6.7 Description: The issue allows a crafted markdown file to run arbitrary JavaScript code in the context of Typora's main window via loading typora://app/typemark/updater/update.html in an tag. This can be exploite...
Foxit Reader Resource Management Error Vulnerability (CNVD-2023-61388)
Foxit Reader is a Chinese Foxit Foxit company's a PDF document reader. A security vulnerability exists in Foxit Reader version 12.1.2.15332, which can be exploited by an attacker to cause memory corruption and arbitrary code execution, due to a specially crafted Javascript code in a malicious PDF...
CVE-2022-37383
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...
CVE-2022-37366
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...
CVE-2022-37349
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the submitForm...
CVE-2022-37350
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...
CVE-2022-37376
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Editor 11.1.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...