Save as PDF < 3.2.0 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. On the "Settings Save as PDF Basic...

UBUNTU-CVE-2023-2662

In Xpdf 4.04 and earlier, a bad color space object in the input PDF file can cause a divide-by-zero...

Send PDF for Contact Form 7 < 0.9.9.2 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Exploit...

DEBIAN-CVE-2022-3198

Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Chromium security severity: High...

Design/Logic Flaw

Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Chromium security severity: High...

Exploit for Out-of-bounds Write in Adobe Acrobat

CVE-2021-21086 Exploit This exploit allows to execute a shellc...

Mozilla Firefox Information Disclosure Vulnerability (CNVD-2021-15498)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. An information disclosure vulnerability exists in Mozilla Firefox. The vulnerability stems from the fact that if a user clicks on a specially crafted PDF, it may obfuscate the leak of cross-domain...

Adobe Acrobat Reader Silent PDF Exploit 0day

0day PDF Exploit. All Chrome, Edge, Opera, Firefox, Microsoft Internet Explorer, Yandex, tested. Running smoothly Latest version. Adobe Acrobat Reader Works Seamlessly with All Versions of DC Latest version. Windows 7, Windows 8, Windows 8.1, Windows 10 Tested Works in the latest versions. All Ma...

DEBIAN-CVE-2020-6513

Heap buffer overflow in PDFium in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file...

Adobe Issues Emergency Patches for Two Critical Flaws in Acrobat and Reader

I hope you had biggest, happiest and craziest New Year celebration, but now it's time to come back at work and immediately update your systems to patch new security flaws that could exploit your computer just by opening a PDF file. Adobe has issued an out-of-band security update to patch two...

Two Zero-Day Exploits Found After Someone Uploaded 'Unarmed' PoC to VirusTotal

Security researchers at Microsoft have unveiled details of two critical and important zero-day vulnerabilities that had recently been discovered after someone uploaded a malicious PDF file to VirusTotal, and get patched before being used in the wild. In late March, researchers at ESET found a...

Taking apart a double zero-day sample discovered in joint hunt with ESET

In late March 2018, I analyzed an interesting PDF sample found by ESET senior malware researcherAnton Cherepanov. The sample was initially reported to Microsoft as a potential exploit for an unknown Windows kernel vulnerability. During my investigation in parallel with ESET researchers, I was...

CVE-2018-8103

The JBIG2Stream::readGenericBitmap function in JBIG2Stream.cc in xpdf 4.00 allows attackers to launch denial of service heap-based buffer over-read and application crash via a specific pdf file, as demonstrated by pdftohtml...

DEBIAN-CVE-2018-1000051

Artifex Mupdf version 1.12.0 contains a Use After Free vulnerability in fzkeepkeystorable that can result in DOS / Possible code execution. This attack appear to be exploitable via Victim opens a specially crafted PDF...

Artifex MuPDF heap buffer overflow vulnerability (CNVD-2018-03220)

Artifex MuPDF is a free, lightweight PDF reader from Artifex Software. A heap buffer overflow vulnerability exists in the 'dopdfsavedocument' function in the pdf/pdf-write.c file in Artifex MuPDF version 1.12.0. A remote attacker can exploit this vulnerability to cause a denial of service with th...

PDF-XChange Viewer 2.5 Build 314.0 - Code Execution

Exploit Title: PDF-XChange Viewer 2.5 Build 314.0 Javascript API Remote Code Execution Exploit Powershell PDF Exploit Creation Date: 21-08-2017 Software Link 32bit: http://pdf-xchange-viewer.it.uptodown.com/windows Exploit Author: Daniele Votta Contact: [email protected] Website:...

CVE-2017-2404

An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Quick Look" component. It allows remote attackers to trigger telephone calls to arbitrary numbers via a tel: URL in a PDF document, as exploited in the wild in October 2016...

Google Patches High Severity Browser PDF Exploit

A high-severity vulnerability in Google’s Chrome browser that allows attackers to execute code on targeted systems via a PDF exploit has been patched by Google. Researchers at Cisco said users were at risk if they were enticed to view a specially crafted PDF document with an embedded jpeg2000 ima...

Apple iOS FontParser Memory Corruption Vulnerability

iOS is an operating system developed by Apple for mobile devices, and supported devices include iPhone, iPod touch, iPad, and Apple TV. The previous version of iOS 9.3 had a security vulnerability in the implementation of FontParser that allowed an attacker to utilize the building to maliciously...

Adobe Acrobat/Reader Memory Misreference Vulnerability (CNVD-2015-06698)

Adobe Reader/Acrobat is a popular application for working with PDF files. A memory misreference vulnerability exists in Adobe Reader/Acrobat. This allows an attacker to construct a malicious PDF file and trick the user into parsing it, which could crash the application or execute arbitrary code...