Lucene search
K

61 matches found

OSV
OSV
added 2024/11/26 12:0 a.m.6 views

CVE-2024-51058

Local File Inclusion LFI vulnerability has been discovered in TCPDF 6.7.5. This vulnerability enables a user to read arbitrary files from the server's file system through src tag, potentially exposing sensitive information...

6.2CVSS6.6AI score0.00816EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/11/26 12:0 a.m.4 views

PT-2024-34506 · Tcpdf +1 · Tcpdf +1

Name of the Vulnerable Software and Affected Versions: TCPDF version 6.7.5 Description: A Local File Inclusion LFI issue has been discovered, allowing a user to read arbitrary files from the server's file system through the src tag in an img element, potentially exposing sensitive information...

7.5CVSS6.9AI score0.01325EPSS
Exploits3References25
Tenable Nessus
Tenable Nessus
added 2024/11/14 12:0 a.m.11 views

Fedora 41 : php-tcpdf (2024-b00678c08a)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-b00678c08a advisory. Version 6.7.7 2024-10-26 - Update regular expression to avoid ReDoS CVE-2024-22641 - PHP 8.4 Fix: Curl CURLOPTBINARYTRANSFER deprecated 675 - SVG detection f...

7.5CVSS7.4AI score0.01113EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/05/28 8:17 p.m.17 views

CVE-2024-22641

TCPDF version 6.6.5 and before is vulnerable to ReDoS Regular Expression Denial of Service if parsing an untrusted SVG file...

7.1AI score0.01113EPSS
Exploits1References1
EUVD
EUVD
added 2024/05/28 8:17 p.m.5 views

EUVD-2024-20174

TCPDF version 6.6.5 and before is vulnerable to ReDoS Regular Expression Denial of Service if parsing an untrusted SVG file...

7.5CVSS7.3AI score0.01113EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/05/28 12:0 a.m.7 views

PT-2024-19517 · Tcpdf +1 · Tcpdf +1

Name of the Vulnerable Software and Affected Versions: TCPDF versions 6.6.5 and earlier Description: The issue arises when parsing an untrusted SVG file, leading to a ReDoS Regular Expression Denial of Service condition. This occurs due to the inefficient handling of regular expressions within th...

7.5CVSS6.8AI score0.01325EPSS
Exploits3References27
OSV
OSV
added 2024/04/19 12:0 a.m.10 views

CVE-2024-22640

TCPDF version =6.6.5 is vulnerable to ReDoS Regular Expression Denial of Service if parsing an untrusted HTML page with a crafted color...

7.5CVSS7.3AI score0.01325EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2024/04/19 12:0 a.m.6 views

PT-2024-19516 · Tcpdf +1 · Tcpdf +1

Name of the Vulnerable Software and Affected Versions: TCPDF versions = 6.6.5 Description: The issue concerns a ReDoS Regular Expression Denial of Service vulnerability that occurs when parsing an untrusted HTML page with a crafted color. This can lead to a denial of service. Recommendations: For...

7.5CVSS6.8AI score0.01325EPSS
Exploits3References30
UbuntuCve
UbuntuCve
added 2024/04/15 6:15 a.m.44 views

CVE-2024-32489

TCPDF before 6.7.4 mishandles calls that use HTML syntax...

6.1CVSS6.3AI score0.00582EPSS
Exploits0References4
OSV
OSV
added 2024/04/15 12:0 a.m.6 views

CVE-2024-32489

TCPDF before 6.7.4 mishandles calls that use HTML syntax...

6.1CVSS6.2AI score0.00582EPSS
Exploits0References6
Cvelist
Cvelist
added 2024/04/15 12:0 a.m.24 views

CVE-2024-32489

TCPDF before 6.7.4 mishandles calls that use HTML syntax...

6.6AI score0.00582EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/04/14 12:0 a.m.5 views

PT-2024-24611 · Tcpdf +1 · Tcpdf +1

Name of the Vulnerable Software and Affected Versions: TCPDF versions prior to 6.7.4 Description: The issue is related to how TCPDF handles calls that use HTML syntax. This mishandling can potentially lead to security issues. Recommendations: For versions prior to 6.7.4, update to version 6.7.4 o...

7.5CVSS6.8AI score0.01325EPSS
Exploits3References27
OSV
OSV
added 2023/03/30 4:15 p.m.4 views

CVE-2022-30351

PDFZorro PDFZorro Online r20220428 using TCPDF 6.2.5, despite having workflows claiming to correctly remove redacted information from a supplied PDF file, does not properly sanitize this information in all cases, causing redacted information, including images and text embedded in the PDF file, to...

7.5CVSS5.8AI score0.00565EPSS
Exploits0References2
0day.today
0day.today
added 2019/03/25 12:0 a.m.139 views

TCPDF 6.2.19 Deserialization / Remote Code Execution Exploit

TCPDF versions 6.2.19 and below suffer from a deserialization vulnerability that can allow for remote code execution. CVE-2018-17057: phar deserialization in TCPDF might lead to RCE --------------------------------------------------------------- Affected products ================= TCPDF While it ...

7.5CVSS0.7AI score0.26172EPSS
Exploits7
OSV
OSV
added 2018/09/14 8:29 p.m.18 views

CVE-2018-17057

An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper...

9.8CVSS6.8AI score0.26172EPSS
Exploits7References7
Prion
Prion
added 2018/09/14 8:29 p.m.12 views

Deserialization of untrusted data

An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper...

7.5CVSS9.3AI score0.26172EPSS
Exploits7References7Affected Software2
NVD
NVD
added 2018/09/14 8:29 p.m.9 views

CVE-2018-17057

An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper...

9.8CVSS9.6AI score0.26172EPSS
Exploits7References7
Cvelist
Cvelist
added 2018/09/14 8:0 p.m.37 views

CVE-2018-17057

An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper...

9.2AI score0.26172EPSS
Exploits7References7
OSV
OSV
added 2017/02/26 10:2 p.m.20 views

MGASA-2017-0067 Updated php-tcpdf packages fix security vulnerability

A local file inclusion vulnerability in TCPDF allows to upload files from the server generating PDF files to an external FTP server CVE-2017-6100. The updated php-tcpdf-6.0.098-1.1.mga5 package fixes this issue by setting KTCPDFCALLSINHTML configuration parameter to false by default...

7.5CVSS7.4AI score0.0146EPSS
Exploits0References2
CNVD
CNVD
added 2017/02/24 12:0 a.m.5 views

TCPDF Local File Inclusion Vulnerability

TCPDF is an open source for generating PDF documents of PHP classes . A local file inclusion vulnerability exists in versions of TCPDF prior to 6.2.0, which stems from the program failing to adequately filter user-submitted input. An attacker could exploit this vulnerability to obtain sensitive...

7.5CVSS7AI score0.0146EPSS
Exploits0References1
Rows per page
Query Builder