Lucene search
K

5893 matches found

CNVD
CNVD
added 2018/04/28 12:0 a.m.4 views

Foxit Reader XFA boundItem Method Remote Code Execution Vulnerability

Foxit Reader is a small PDF document viewer and printing program. Foxit Reader has a security vulnerability in the XFA boundItem event of the Button element, which can be exploited by an attacker to execute arbitrary code in the context of the current process due to a lack of validation before...

8.8CVSS7.7AI score0.03226EPSS
Exploits0References1
CNVD
CNVD
added 2018/04/28 12:0 a.m.4 views

Foxit Reader TextBox Format Remote Code Execution Vulnerability

Foxit Reader is a small PDF document viewer and printing program. A security vulnerability exists in Foxit Reader's handling of TextBox objects, which can be exploited by an attacker to execute arbitrary code in the current process due to a failure to validate the object before performing...

8.8CVSS7.7AI score0.03226EPSS
Exploits0References1
CNVD
CNVD
added 2018/04/28 12:0 a.m.3 views

Foxit Reader addAnnot Remote Code Execution Vulnerability

Foxit Reader is a small PDF document viewer and printing program. Foxit Reader has a security vulnerability in the addAnnot method, which can be exploited to execute arbitrary code in the context of the current process, due to a lack of validation before performing operations on objects...

8.8CVSS7.8AI score0.02773EPSS
Exploits0References1
CNVD
CNVD
added 2018/04/28 12:0 a.m.2 views

Foxit Reader XFA rlayout sheet remote code execution vulnerability

Foxit Reader is a small PDF document viewer and printing program. Foxit Reader has a security vulnerability in the layout sheet property, which can be exploited by an attacker to execute arbitrary code in the current process context due to a lack of proper validation of user-supplied data...

8.8CVSS7.7AI score0.03226EPSS
Exploits0References1
CNVD
CNVD
added 2018/04/28 12:0 a.m.3 views

Foxit Reader Heap Buffer Overflow Vulnerability

Foxit Reader is a small PDF document viewer and printing program. Foxit Reader has a security vulnerability in BMP graphics parsing, which can be exploited by an attacker to execute arbitrary code in the context of the current process, due to a lack of proper validation of user-supplied data...

8.8CVSS7.7AI score0.03226EPSS
Exploits0References1
CNVD
CNVD
added 2018/04/28 12:0 a.m.4 views

Foxit Reader XFA record remove remote code execution vulnerability

Foxit Reader is a small PDF document viewer and printing program. Foxit Reader has a security vulnerability in the XFA record remove method, which can be exploited by an attacker to execute arbitrary code in the current process context due to a lack of proper validation of user-supplied data...

8.8CVSS7.7AI score0.03226EPSS
Exploits0References1
CNVD
CNVD
added 2018/04/28 12:0 a.m.7 views

Foxit Reader XFA subform remote code execution vulnerability

Foxit Reader is a small PDF document viewer and printing program. Foxit Reader has a security vulnerability in the XFA subform element, which can be exploited by an attacker to execute arbitrary code in the current process context due to a lack of proper validation of user-supplied data...

8.8CVSS7.7AI score0.03226EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2018/04/27 12:0 a.m.35 views

Blackboard Learn Open Redirect

CVE-2017-18262 Description Since at least the 17th of October 2017 Initial report date Blackboard Learn has allowed Unvalidated Redirects on any signed in user through its endpoints for handling Shibboleth logins. The vulnerable endpoint is:...

6.4AI score0.01469EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2018/04/26 9:3 p.m.5 views

apr: Out-of-bounds array deref in apr_time_exp*() functions

An out-of-bounds array dereference was found in aprtimeexpget. An attacker could abuse an unvalidated usage of this function to cause a denial of service or potentially lead to data leak...

7.1CVSS7.3AI score0.01749EPSS
Exploits0References5
OSV
OSV
added 2018/04/26 3:25 p.m.3 views

GHSA-JP4X-W63M-7WGM Prototype Pollution in hoek

Versions of hoek prior to 4.2.1 and 5.0.3 are vulnerable to prototype pollution. The merge function, and the applyToDefaults and applyToDefaultsWithShallow functions which leverage merge behind the scenes, are vulnerable to a prototype pollution attack when provided an unvalidated payload created...

8.8CVSS7.2AI score0.04307EPSS
Exploits1References9
CNVD
CNVD
added 2018/04/20 12:0 a.m.3 views

AXIS M1033-W Code Execution Vulnerability (CNVD-2018-09671)

AXIS P1354 is a network camera product from Axis Sweden. AXIS P1354 with firmware version 5.90.1.1 has a security vulnerability that originates from uploading a web page without checking the file type. A remote attacker can exploit this vulnerability to upload a webshell and execute code...

7.6CVSS7.3AI score0.03944EPSS
Exploits1References1
CNVD
CNVD
added 2018/04/16 12:0 a.m.4 views

LibreOffice Denial of Service Vulnerability (CNVD-2018-09031)

LibreOffice is a free and open source office software suite developed by The Document Foundation TDF. The suite consists of Writer text documents, Calc spreadsheets and Impress presentations and other applications. A security vulnerability exists in the 'SwCTBWrapper::Read' function in the...

7.8CVSS6.9AI score0.02134EPSS
Exploits0References1
CNVD
CNVD
added 2018/04/13 12:0 a.m.6 views

WordPress Redirection Vulnerability

WordPress is a blogging platform developed using the PHP language by the WordPress Software Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in WordPress versions prior to 4.9.5, which is caused by the program failing ...

6.1CVSS6.6AI score0.03398EPSS
Exploits0References1
CNVD
CNVD
added 2018/04/12 12:0 a.m.4 views

Red Hat OpenShift Enterprise HTML Injection Vulnerability

Red Hat OpenShift is a Platform-as-a-Service PaaS cloud computing platform from Red Hat, Inc. that builds, tests, deploys, and runs applications.OpenShift Enterprise is an open source version of the private cloud. An HTML injection vulnerability exists in Red Hat OpenShift Enterprise. The...

5.4CVSS6.5AI score0.00555EPSS
Exploits0References1
CNVD
CNVD
added 2018/04/09 12:0 a.m.5 views

Drupal avatar_uploader arbitrary file download vulnerability

avataruploader is the module used to implement the function of uploading user images in a content management system maintained by the Drupal community. A security vulnerability exists in avataruploader version 7.x-1.0-beta8, which is caused by code in the view.php file that fails to validate user...

7.5CVSS7.1AI score0.56924EPSS
Exploits6References1
Cvelist
Cvelist
added 2018/04/04 5:0 p.m.16 views

CVE-2018-6873

The Auth0 authentication service before 2017-10-15 allows privilege escalation because the JWT audience is not validated...

9.9AI score0.02335EPSS
Exploits0References2
0day.today
0day.today
added 2018/03/31 12:0 a.m.45 views

Systematic SitAware - NVG Denial of Service Exploit

Exploit for multiple platform in category dos / poc Exploit Title: SitAware NVG Denial of Service Date: 03/31/2018 Exploit Author: 2u53 Vendor Homepage: https://systematic.com/defence/products/c2/sitaware/ Version: 6.4 SP2 Tested on: Windows Server 2012 R2 CVE: CVE-2018-9115 Remarks: PoC needs...

5.4AI score0.06024EPSS
Exploits5
OSV
OSV
added 2018/03/27 3:29 a.m.3 views

CVE-2018-9049

In Windows Master aka Windows Optimization Master 7.99.13.604, the driver file WoptiHWDetect.SYS allows local users to cause a denial of service BSOD or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002833...

7.8CVSS5.8AI score
Exploits0References1
OSV
OSV
added 2018/03/27 3:29 a.m.4 views

CVE-2018-9052

In Windows Master aka Windows Optimization Master 7.99.13.604, the driver file WoptiHWDetect.SYS allows local users to cause a denial of service BSOD or possibly have unspecified other impact because of not validating input values from IOCtl 0xf100283c...

7.8CVSS5.8AI score0.00413EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2018/03/27 3:29 a.m.4 views

CVE-2018-9040

In Advanced SystemCare Ultimate 11.0.1.58, the driver file Monitorwin10x64.sys allows local users to cause a denial of service BSOD or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060c4...

7.8CVSS5.8AI score0.00413EPSS
Exploits1References2
Rows per page
Query Builder