DEBIAN-CVE-2018-20551

A reachable Object::getString assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to construction of invalid rich media annotation assets in the AnnotRichMedia class in Annot.c...

UBUNTU-CVE-2018-20551

A reachable Object::getString assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to construction of invalid rich media annotation assets in the AnnotRichMedia class in Annot.c...

Python-Nubia - A Command-Line And Interactive Shell Framework

Nubia is a lightweight framework for building command-line applications with Python. It was originally designed for the “logdevice interactive shell aka. ldshell” at Facebook. Since then it was factored out to be a reusable component and several internal Facebook projects now rely on it as a quic...

tomcat: Late application of security constraints can lead to resource exposure for unauthorised users

Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that...

GHSA-JX6H-3FJX-CGV5 Apache Tomcat information exposure vulnerability

Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that...

Foxit Reader and Foxit PhantomPDF for Windows Memory Misreference Vulnerability (CNVD-2018-23726)

Foxit Reader for Windows is a Windows-based PDF document reader from China's Foxit Foxit Software Corporation.Foxit PhantomPDF for Windows is its commercial version. A memory misreference vulnerability exists in the handling of the attachIcon attribute of the Annotation object in Foxit Reader...

Foxit Reader Annotations highlight Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the...

[SECURITY] Fedora 28 Update: php-tcpdf-6.2.25-1.fc28

PHP class for generating PDF documents. no external libraries are required for the basic functions; all standard page formats, custom page formats, custom margins and units of measure; UTF-8 Unicode and Right-To-Left languages; TrueTypeUnicode, OpenTypeUnicode, TrueType, OpenType, Type1 and CID-0...

[SECURITY] Fedora 29 Update: php-tcpdf-6.2.25-1.fc29

PHP class for generating PDF documents. no external libraries are required for the basic functions; all standard page formats, custom page formats, custom margins and units of measure; UTF-8 Unicode and Right-To-Left languages; TrueTypeUnicode, OpenTypeUnicode, TrueType, OpenType, Type1 and CID-0...

IDA-minsc Wins Second Place in Hex-Rays Plugins Contest

Introduction Ali Rizvi-Santiago of Cisco Talos recently tied for second place in the IDA plugin contest with a plugin named "IDA-minsc." IDA is a multi-processor disassembler and debugger created by the company Hex-Rays and this year there were a total of four winners with nine submissions total...

Foxit PDF Reader 9.0.1.1049 - Pointer Overwrite Use-After-Free (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Foxit PDF Reader Pointer Overwrite UAF', 'Description' = %q Foxit PDF Reader v9.0.1.1049 has a Use-After-Free vulnerability in the Text Annotatio...

Foxit PDF Reader 9.0.1.1049 Pointer Overwrite Use-After-Free Exploit

Foxit PDF Reader version 9.0.1.1049 has a use-after-free vulnerability in the Text Annotations component and the TypedArray's use uninitialized pointers. The vulnerabilities can be combined to leak a vtable memory address, which can be adjusted to point to the base address of the executable. A RO...

Foxit PDF Reader 9.0.1.1049 Pointer Overwrite Use-After-Free

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Foxit PDF Reader Pointer Overwrite UAF', 'Description' = %q Foxit PDF Reader v9.0.1.1049 has a Use-After-Free vulnerability in the Text Annotatio...

Foxit PDF Reader Pointer Overwrite UAF

Foxit PDF Reader v9.0.1.1049 has a Use-After-Free vulnerability in the Text Annotations component and the TypedArray's use uninitialized pointers. The vulnerabilities can be combined to leak a vtable memory address, which can be adjusted to point to the base address of the executable. A ROP chain...

Foxit Reader Remote Code Execution Vulnerability (CNVD-2018-14566)

Foxit Reader for Windows is China's Foxit Foxit Software Corporation, a Windows-based platform for PDF document reader. A post-release reuse vulnerability exists in the handling of Ink annotations in Foxit Reader 9.1.0.5096 and earlier versions for Windows. A remote attacker can exploit this...

Foxit Reader Remote Code Execution Vulnerability (CNVD-2018-14567)

Foxit Reader for Windows is China's Foxit Foxit Software Corporation, a Windows-based platform for PDF document reader. A post-release reuse vulnerability exists in the handling of FreeText annotations in Foxit Reader 9.1.0.5096 and earlier versions for Windows. A remote attacker can exploit this...

Foxit Reader Remote Code Execution Vulnerability (CNVD-2018-14452)

Foxit Reader for Windows is China's Foxit Foxit Software Corporation, a Windows-based platform for PDF document reader. A post-release reuse vulnerability exists in the handling of Circle annotations in Foxit Reader 9.1.0.5096 and earlier versions for Windows. A remote attacker can exploit this...

Foxit Reader Remote Code Execution Vulnerability (CNVD-2018-14563)

Foxit Reader for Windows is China's Foxit Foxit Software Corporation, a Windows-based platform for PDF document reader. A post-release reuse vulnerability exists in the handling of Sound annotations in Foxit Reader 9.1.0.5096 and earlier versions for Windows. A remote attacker can exploit this...

Foxit Reader Remote Code Execution Vulnerability (CNVD-2018-14562)

Foxit Reader for Windows is China's Foxit Foxit Software Corporation, a Windows-based platform for PDF document reader. A post-release reuse vulnerability exists in the handling of Square annotations in Foxit Reader 9.1.0.5096 and earlier versions for Windows. A remote attacker can exploit this...

Foxit Reader Remote Code Execution Vulnerability (CNVD-2018-14564)

Foxit Reader for Windows is China's Foxit Foxit Software Corporation, a Windows-based platform for PDF document reader. A post-release reuse vulnerability exists in the handling of Polygon annotations in Foxit Reader 9.1.0.5096 and earlier versions for Windows. A remote attacker can exploit this...