Lucene search
K

251 matches found

CVE
CVE
added 2024/01/16 9:41 p.m.50 views

CVE-2024-20930

Oracle Outside In Technology in Oracle Fusion Middleware (Content Access SDK, Image Export SDK, PDF Export SDK, HTML Export SDK) is affected in version 8.5.6. The vulnerability is remotely exploitable over HTTP by a low-privileged attacker, enabling unauthorized update, insert/delete, and read ac...

6.3CVSS5.9AI score0.00366EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/01/16 12:0 a.m.6 views

PT-2024-1221 · Oracle · Oracle Outside In Technology

Name of the Vulnerable Software and Affected Versions: Oracle Outside In Technology versions 8.5.6 Description: The issue exists due to insufficient input validation in the Content Access SDK, Image Export SDK, PDF Export SDK, and HTML Export SDK components of Oracle Outside In Technology. This...

6.5CVSS6.1AI score0.00366EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2023/11/07 10:15 p.m.8 views

CVE-2023-42361

Local File Inclusion vulnerability in Midori-global Better PDF Exporter for Jira Server and Jira Data Center v.10.3.0 and before allows an attacker to view arbitrary files and cause other impacts via use of crafted image during PDF export...

7.8CVSS5.9AI score0.00928EPSS
Exploits0References4
OSV
OSV
added 2023/11/07 10:15 p.m.4 views

CVE-2023-42361

Local File Inclusion vulnerability in Midori-global Better PDF Exporter for Jira Server and Jira Data Center v.10.3.0 and before allows an attacker to view arbitrary files and cause other impacts via use of crafted image during PDF export...

7.8CVSS5.9AI score0.00928EPSS
Exploits0References3
NVD
NVD
added 2023/11/07 10:15 p.m.18 views

CVE-2023-42361

Local File Inclusion vulnerability in Midori-global Better PDF Exporter for Jira Server and Jira Data Center v.10.3.0 and before allows an attacker to view arbitrary files and cause other impacts via use of crafted image during PDF export...

7.8CVSS0.00928EPSS
Exploits0References3
Prion
Prion
added 2023/11/07 10:15 p.m.15 views

Remote file inclusion

Local File Inclusion vulnerability in Midori-global Better PDF Exporter for Jira Server and Jira Data Center v.10.3.0 and before allows an attacker to view arbitrary files and cause other impacts via use of crafted image during PDF export...

4.4CVSS7.1AI score0.00928EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2023/11/07 12:0 a.m.20 views

CVE-2023-42361

Local File Inclusion vulnerability in Midori-global Better PDF Exporter for Jira Server and Jira Data Center v.10.3.0 and before allows an attacker to view arbitrary files and cause other impacts via use of crafted image during PDF export...

7.8AI score0.00928EPSS
Exploits0References3
CVE
CVE
added 2023/11/07 12:0 a.m.55 views

CVE-2023-42361

CVE-2023-42361 affects the Midori-global Better PDF Exporter for Jira Server/Data Center (versions 10.3.0 and earlier). The root cause is an insufficient validation pathway in the PDF export flow that can be exploited via a crafted image during export, enabling a Local File Inclusion and potentia...

7.8CVSS7.5AI score0.00928EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/11/07 12:0 a.m.14 views

CVE-2023-42361

Local File Inclusion vulnerability in Midori-global Better PDF Exporter for Jira Server and Jira Data Center v.10.3.0 and before allows an attacker to view arbitrary files and cause other impacts via use of crafted image during PDF export...

7AI score0.00928EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2023/10/24 12:0 a.m.4 views

The vulnerabilities of the Content Access SDK, Image Export SDK, PDF Export SDK, and HTML Export SDK components of Oracle Outside In Technology’s software development kit (SDK) allow attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerabilities of the Content Access SDK, Image Export SDK, PDF Export SDK, and HTML Export SDK components of Oracle Outside In Technology’s software development kit SDK exist due to insufficient testing of input data. Exploiting these vulnerabilities can allow attackers to compromise the...

6.5CVSS6.6AI score0.00367EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/10/17 10:15 p.m.4 views

CVE-2023-22127

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware component: Content Access SDK, Image Export SDK, PDF Export SDK, HTML Export SDK. The supported version that is affected is 8.5.6. Easily exploitable vulnerability allows low privileged attacker with network...

6.3CVSS5.8AI score0.00367EPSS
Exploits0References1
CVE
CVE
added 2023/10/17 9:3 p.m.58 views

CVE-2023-22127

CVE-2023-22127 affects Oracle Outside In Technology (Content Access SDK, Image Export SDK, PDF Export SDK, and HTML Export SDK) in Oracle Fusion Middleware, specifically version 8.5.6. The vulnerability allows a low-privileged, network-accessible attacker over HTTP to read data, perform unauthori...

6.3CVSS5.9AI score0.00367EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/10/10 3:15 a.m.3 views

CVE-2020-18336

Cross Site Scripting XSS vulnerability found in Typora v.0.9.65 allows a remote attacker to obtain sensitive information via the PDF file exporting function...

7.4CVSS5.8AI score0.00573EPSS
Exploits1References1
CVE
CVE
added 2023/10/10 12:0 a.m.45 views

CVE-2020-18336

CVE-2020-18336 is an XSS vulnerability in Typora v0.9.65, allowing a remote attacker to obtain sensitive information via the PDF export function. The NVD entry assigns CVSS v3.1: AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N (base score 7.4). Connected documents consistently describe Typora 0.9.65 as vulne...

7.4CVSS6.7AI score0.00573EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2023/10/10 12:0 a.m.23 views

CVE-2020-18336

Cross Site Scripting XSS vulnerability found in Typora v.0.9.65 allows a remote attacker to obtain sensitive information via the PDF file exporting function...

6.8AI score0.00573EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/09/21 12:0 a.m.5 views

PT-2024-24333 · Xwiki · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions 3.0.1 through 4.10.19 XWiki Platform versions 14.10.19 and earlier XWiki Platform versions 15.5.3 and earlier XWiki Platform versions prior to 15.10-rc-1 Description: XWiki Platform is a generic wiki platform. Remote...

9.9CVSS7.8AI score0.01447EPSS
Exploits1References15
Hacker One
Hacker One
added 2023/08/24 3:19 p.m.30 views

HackerOne: Names not completely redacted despite "Redact the names of the involved users" is selected

An edge case was discovered in the Export PDF function where names ending with a . were not properly redacted despite selecting the "Redact the names of the involved users" option. The vulnerability allowed for the disclosure of sensitive information...

6.9AI score
Exploits0
Atlassian
Atlassian
added 2023/03/01 6:16 a.m.31 views

While performing the custom PDF export for Page/s, breaks page titles with umlaut letters.

h3. Issue Summary While performing the custom PDF export for Page/s, breaks page titles with umlaut letters. Issue is reproducible on Latest LTS 7.19.4 and Latest release 8.1.0 This is reproducible on Data Center: yes h3. Steps to Reproduce Setup the Confluence DC setup. sandbox as separate proce...

1.2AI score
Exploits0
Github Security Blog
Github Security Blog
added 2023/02/02 7:26 p.m.28 views

wallabag contains Improper Authorization via export feature

Description The export feature lets a user export a single entry or a set of entries in a given format e.g. PDF, MOBI, TXT. For example, https://yourinstance.wallabag.org/export/45.pdf will export the entry with id 45 in PDF format. Since wallabag 2.0.0-alpha.1, this feature is vulnerable to an...

6.5CVSS4.7AI score0.00637EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2022/11/30 2:15 p.m.2 views

CVE-2022-38802

Zkteco BioTime 8.5.3 Build:20200816.447 is vulnerable to Incorrect Access Control via resign, private message, manual log, time interval, attshift, and holiday. An authenticated administrator can read local files by exploiting XSS into a pdf generator when exporting data as a PDF...

6.2CVSS5.8AI score0.00639EPSS
Exploits1References2
Rows per page
Query Builder