113 matches found
CVE-2019-6762
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
CVE-2020-8853
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
[SECURITY] Fedora 41 Update: ghostscript-10.03.1-4.fc41
This package provides useful conversion utilities based on Ghostscript softwa re, for converting PS, PDF and other document formats between each other. Ghostscript is a suite of software providing an interpreter for Adobe Systems' PostScript PS and Portable Document Format PDF page description...
Save as PDF by Pdfcrowd < 3.2.2 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to "Settings Save as Image" 2...
Denial Of Service (DoS)
ghostscript is vulnerable to Denial Of Service DoS. The vulnerability exists due to the integer overflow in the plglyphname of plfont.c, which allows an attacker to cause an application by transforming a maliciously crafted PCL file to PDF format...
Code injection
Dangerzone is software for converting potentially dangerous PDFs, office documents, or images to safe PDFs. The Dangerzone CLI dangerzone-cli command logs output from the container where the file sanitization takes place, to the user's terminal. Prior to version 0.4.2, if the container is...
CVE-2023-39342 Dangerzone CLI does not sanitize ANSI escape characters
Dangerzone is software for converting potentially dangerous PDFs, office documents, or images to safe PDFs. The Dangerzone CLI dangerzone-cli command logs output from the container where the file sanitization takes place, to the user's terminal. Prior to version 0.4.2, if the container is...
Artifex Software Ghostscript Input Validation Error Vulnerability
Artifex Software Ghostscript is an open source parser for Postscript a page description language and programming language used in the electronics industry and desktop publishing from Artifex Software, Inc. The product can display Postscript files as well as print Postscript files on non-Postscrip...
CVE-2023-37290 InfoDoc Document On-line Submission and Approval System - Server-Side Request Forgery (SSRF)
InfoDoc Document On-line Submission and Approval System lacks sufficient restrictions on the available tags within its HTML to PDF conversion function, and allowing an unauthenticated attackers to load remote or local resources through HTML tags such as iframe. This vulnerability allows...
InfoDoc Document On-line Submission and Approval System 代码问题漏洞
The InfoDoc Document On-line Submission and Approval System is an online submission and approval system for documents from InfoDoc, Inc. The InfoDoc Document On-line Submission and Approval System is vulnerable to a code issue that originates from a Server Request Forgery SSRF vulnerability in th...
Orangescrum cross-site scripting vulnerability (CNVD-2026-02680)
Orangescrum is a project and task management software tool that also provides productivity tools for work organization and team collaboration. Orangescrum cross-site scripting vulnerability, the vulnerability stems from the application does not properly validate the HTML content to be converted t...
CVE-2023-1783
OrangeScrum version 2.0.11 allows an external attacker to remotely obtain AWS instance credentials. This is possible because the application does not properly validate the HTML content to be converted to PDF...
CVE-2023-1783
OrangeScrum 2.0.11 is vulnerable to a flaw in HTML-to-PDF rendering that allows an external attacker to remotely obtain AWS instance credentials. The root cause is improper validation of HTML content during PDF conversion, leading to credentials leakage (impacting confidentiality). The most expli...
PT-2023-17241 · Unknown · Orangescrum
Name of the Vulnerable Software and Affected Versions: OrangeScrum version 2.0.11 Description: The issue allows an external attacker to remotely obtain AWS instance credentials. This is possible because the application does not properly validate the HTML content to be converted to PDF...
Out-of-bounds read vulnerability in multiple Adobe products (CNVD-2022-43383)
Adobe Acrobat is a set of tools for editing and converting PDF files.Adobe Acrobat Reader is a PDF viewer. The software is used to print, sign and annotate PDFs. Multiple Adobe products have out-of-bounds read vulnerabilities that can be exploited by an attacker to execute arbitrary code in the...
Antenna House Office Server Document Converter 代码问题漏洞
Antenna House Office Server Document Converter Osdc is an office server document converter from Antenna House USA. It is used to batch convert Word, Excel and Powerpoint into high quality Pdf or image formats that are easy to share and look accurate on any screen. A code issue vulnerability exist...
CVE-2020-14161
It is possible to inject HTML and/or JavaScript in the HTML to PDF conversion in Gotenberg through 6.2.1 via the /convert/html endpoint...
CVE-2020-14161
It is possible to inject HTML and/or JavaScript in the HTML to PDF conversion in Gotenberg through 6.2.1 via the /convert/html endpoint...
CVE-2020-14160
An SSRF vulnerability in Gotenberg through 6.2.1 exists in the remote URL to PDF conversion, which results in a remote attacker being able to read local files or fetch intranet resources...
Server side request forgery (ssrf)
An SSRF vulnerability in Gotenberg through 6.2.1 exists in the remote URL to PDF conversion, which results in a remote attacker being able to read local files or fetch intranet resources...