5893 matches found
Foxit Reader XFA boundItem Method Remote Code Execution Vulnerability
Foxit Reader is a small PDF document viewer and printing program. Foxit Reader has a security vulnerability in the XFA boundItem event of the Button element, which can be exploited by an attacker to execute arbitrary code in the context of the current process due to a lack of validation before...
Foxit Reader TextBox Format Remote Code Execution Vulnerability
Foxit Reader is a small PDF document viewer and printing program. A security vulnerability exists in Foxit Reader's handling of TextBox objects, which can be exploited by an attacker to execute arbitrary code in the current process due to a failure to validate the object before performing...
Foxit Reader addAnnot Remote Code Execution Vulnerability
Foxit Reader is a small PDF document viewer and printing program. Foxit Reader has a security vulnerability in the addAnnot method, which can be exploited to execute arbitrary code in the context of the current process, due to a lack of validation before performing operations on objects...
Foxit Reader XFA rlayout sheet remote code execution vulnerability
Foxit Reader is a small PDF document viewer and printing program. Foxit Reader has a security vulnerability in the layout sheet property, which can be exploited by an attacker to execute arbitrary code in the current process context due to a lack of proper validation of user-supplied data...
Foxit Reader Heap Buffer Overflow Vulnerability
Foxit Reader is a small PDF document viewer and printing program. Foxit Reader has a security vulnerability in BMP graphics parsing, which can be exploited by an attacker to execute arbitrary code in the context of the current process, due to a lack of proper validation of user-supplied data...
Foxit Reader XFA record remove remote code execution vulnerability
Foxit Reader is a small PDF document viewer and printing program. Foxit Reader has a security vulnerability in the XFA record remove method, which can be exploited by an attacker to execute arbitrary code in the current process context due to a lack of proper validation of user-supplied data...
Foxit Reader XFA subform remote code execution vulnerability
Foxit Reader is a small PDF document viewer and printing program. Foxit Reader has a security vulnerability in the XFA subform element, which can be exploited by an attacker to execute arbitrary code in the current process context due to a lack of proper validation of user-supplied data...
Blackboard Learn Open Redirect
CVE-2017-18262 Description Since at least the 17th of October 2017 Initial report date Blackboard Learn has allowed Unvalidated Redirects on any signed in user through its endpoints for handling Shibboleth logins. The vulnerable endpoint is:...
apr: Out-of-bounds array deref in apr_time_exp*() functions
An out-of-bounds array dereference was found in aprtimeexpget. An attacker could abuse an unvalidated usage of this function to cause a denial of service or potentially lead to data leak...
GHSA-JP4X-W63M-7WGM Prototype Pollution in hoek
Versions of hoek prior to 4.2.1 and 5.0.3 are vulnerable to prototype pollution. The merge function, and the applyToDefaults and applyToDefaultsWithShallow functions which leverage merge behind the scenes, are vulnerable to a prototype pollution attack when provided an unvalidated payload created...
AXIS M1033-W Code Execution Vulnerability (CNVD-2018-09671)
AXIS P1354 is a network camera product from Axis Sweden. AXIS P1354 with firmware version 5.90.1.1 has a security vulnerability that originates from uploading a web page without checking the file type. A remote attacker can exploit this vulnerability to upload a webshell and execute code...
LibreOffice Denial of Service Vulnerability (CNVD-2018-09031)
LibreOffice is a free and open source office software suite developed by The Document Foundation TDF. The suite consists of Writer text documents, Calc spreadsheets and Impress presentations and other applications. A security vulnerability exists in the 'SwCTBWrapper::Read' function in the...
WordPress Redirection Vulnerability
WordPress is a blogging platform developed using the PHP language by the WordPress Software Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in WordPress versions prior to 4.9.5, which is caused by the program failing ...
Red Hat OpenShift Enterprise HTML Injection Vulnerability
Red Hat OpenShift is a Platform-as-a-Service PaaS cloud computing platform from Red Hat, Inc. that builds, tests, deploys, and runs applications.OpenShift Enterprise is an open source version of the private cloud. An HTML injection vulnerability exists in Red Hat OpenShift Enterprise. The...
Drupal avatar_uploader arbitrary file download vulnerability
avataruploader is the module used to implement the function of uploading user images in a content management system maintained by the Drupal community. A security vulnerability exists in avataruploader version 7.x-1.0-beta8, which is caused by code in the view.php file that fails to validate user...
CVE-2018-6873
The Auth0 authentication service before 2017-10-15 allows privilege escalation because the JWT audience is not validated...
Systematic SitAware - NVG Denial of Service Exploit
Exploit for multiple platform in category dos / poc Exploit Title: SitAware NVG Denial of Service Date: 03/31/2018 Exploit Author: 2u53 Vendor Homepage: https://systematic.com/defence/products/c2/sitaware/ Version: 6.4 SP2 Tested on: Windows Server 2012 R2 CVE: CVE-2018-9115 Remarks: PoC needs...
CVE-2018-9049
In Windows Master aka Windows Optimization Master 7.99.13.604, the driver file WoptiHWDetect.SYS allows local users to cause a denial of service BSOD or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002833...
CVE-2018-9052
In Windows Master aka Windows Optimization Master 7.99.13.604, the driver file WoptiHWDetect.SYS allows local users to cause a denial of service BSOD or possibly have unspecified other impact because of not validating input values from IOCtl 0xf100283c...
CVE-2018-9040
In Advanced SystemCare Ultimate 11.0.1.58, the driver file Monitorwin10x64.sys allows local users to cause a denial of service BSOD or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060c4...