156 matches found
Generate PDF using Contact Form 7 < 3.6 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. 1 - Install and activate "Generate PDF using Contact Form 7 Version 3.5" 2 - Click on "Contact - Add new...
U.S. Dept Of Defense: SSRF in Functional Administrative Support Tool pdf generator (████) [HtUS]
Summary: I found that it is possible to inject a javascript payload during the PDF form creation process, which is then executed by the checklist application server. Vulnerable Software: Functional Administrative Support Tool FAST v1.0 Intro: ██████████ Administrative clerks create a dynamic acti...
CVE-2022-1067
Navigating to a specific URL with a patient ID number will result in the server generating a PDF of a lab report without authentication and rate limiting...
Authentication flaw
Navigating to a specific URL with a patient ID number will result in the server generating a PDF of a lab report without authentication and rate limiting...
CVE-2022-1067
The CVE-2022-1067 issue affects LifePoint Informatics Patient Portal (Product: LifePoint Informatics Patient Portal; Affected Version: LPI 3.5.12.P30). It is an Authentication Bypass using an alternate path or channel (CWE-288) where navigating to a URL with a patient ID causes the server to gene...
CVE-2022-1067 ICSMA-22-095-01 LifePoint Informatics Patient Portal
Navigating to a specific URL with a patient ID number will result in the server generating a PDF of a lab report without authentication and rate limiting...
CVE-2021-42560
An issue was discovered in CALDERA 2.9.0. The Debrief plugin receives base64 encoded "SVG" parameters when generating a PDF document. These SVG documents are parsed in an unsafe manner and can be leveraged for XXE attacks e.g., File Exfiltration, Server Side Request Forgery, Out of Band...
Caldera 代码问题漏洞
Caldera is a suite of software from the French company Caldera that provides color management, imaging and processing solutions for printer devices. A code issue exists in Caldera where the Debrief plug-in receives base64-encoded "SVG" parameters that are parsed incorrectly when the product...
CVE-2020-24815
A Server-Side Request Forgery SSRF affecting the PDF generation in MicroStrategy 10.4, 2019 before Update 6, and 2020 before Update 2 allows authenticated users to access the content of internal network resources or leak files from the local system via HTML containers embedded in a...
Server side request forgery (ssrf)
A Server-Side Request Forgery SSRF affecting the PDF generation in MicroStrategy 10.4, 2019 before Update 6, and 2020 before Update 2 allows authenticated users to access the content of internal network resources or leak files from the local system via HTML containers embedded in a...
CVE-2020-24815
A Server-Side Request Forgery SSRF affecting the PDF generation in MicroStrategy 10.4, 2019 before Update 6, and 2020 before Update 2 allows authenticated users to access the content of internal network resources or leak files from the local system via HTML containers embedded in a...
CVE-2020-24815
CVE-2020-24815 describes a Server-Side Request Forgery (SSRF) in MicroStrategy’s PDF generation. Affected products are MicroStrategy 10.4, 2019 before Update 6, and 2020 before Update 2. The vulnerability allows an authenticated user to access internal network resources or leak files from the loc...
PT-2020-15840
Name of the Vulnerable Software and Affected Versions MicroStrategy versions 10.4, 2019 before Update 6, and 2020 before Update 2 Description A Server-Side Request Forgery SSRF issue affects the PDF generation, allowing authenticated users to access internal network resources or leak local system...
CVE-2020-8509
Zoho ManageEngine Desktop Central before 10.0.483 allows unauthenticated users to access PDFGenerationServlet, leading to sensitive information disclosure...
python security update
CentOS Errata and Security Advisory CESA-2020:0195 An update for python-reportlab is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...
Important: Red Hat Security Advisory: python-reportlab security update
An update for python-reportlab is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity ratin...
h1-ctf: [h1-415 2020] H1-415 CTF Writeup by W--
H1-415 CTF Writeup Intro HackerOne kicked off this year's H1-415 CTF with the following tweet: F692033 Loading the target challenge website shows that the website is called My Docz Converter. A quick look at the challenge website shows that it allows users to register an account and then upload a...
h1-ctf: [h1-415 2020] finally
add or chars behind Joberts email, which leaks on the login page 2. register a new account using that email 3. sign out and use the recover feature with the just generated qr code. this will get you into Joberts account 3. head to /support and submit a blind XSS payload which extracts the...
U.S. Dept Of Defense: Unprotected ██████ and Test site API Exposes Documents, Credentials, and Emails in ██████████ Proposal System
Summary: The test/integration API of the █████ web services is publicly exposed: disclosing documents, emails, and credentials to what appears to be the Seaport Bid proposal system. Because I did not attempt any exploitation outside of that necessary to deem this a reportable issue, it is not cle...
CVE-2019-1000031
A disk space or quota exhaustion issue exists in article2pdfgetfile.php in the article2pdf Wordpress plugin 0.24, 0.25, 0.26, 0.27. Visiting PDF generation link but not following the redirect will leave behind a PDF file on disk which will never be deleted by the plug-in...