15 matches found
CVE-2023-44341
Adobe InDesign versions ID18.5 and earlier and ID17.4.2 and earlier are affected by a NULL Pointer Dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue...
Input validation
Acrobat Reader T5 MSFT Edge versions 120.0.2210.91 and earlier are affected by an Improper Input Validation vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue...
CVE-2023-47076 Adobe InDesign CC 2023 Memory Corruption Vulnerability IV.
Adobe InDesign versions 19.0 and earlier and 17.4.2 and earlier are affected by a NULL Pointer Dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requir...
CVE-2023-29299 Adobe Acrobat Reader Untrusted Search Path Application denial-of-service
Adobe Acrobat Reader versions 23.003.20244 and earlier and 20.005.30467 and earlier are affected by an Untrusted Search Path vulnerability that could lead to Application denial-of-service. An attacker could leverage this vulnerability if the default PowerShell Set-ExecutionPolicy is set to...
CVE-2021-42733
Adobe Bridge 11.1.1 (and earlier) is affected by a Null pointer dereference when parsing a specially crafted file, enabling an unauthenticated attacker to cause an application denial-of-service in the context of the current user. Exploitation requires user interaction (victim must open a maliciou...
CVE-2021-39852
CVE-2021-39852 affects Adobe Acrobat Reader DC (versions 2021.005.20060 and earlier, 2020.004.30006 and earlier, 2017.011.30199 and earlier). It is a Null pointer dereference vulnerability that can cause an application denial-of-service in the context of the current user. Exploitation requires us...
CVE-2021-22292
There is a denial of service DoS vulnerability in eCNS280 versions V100R005C00, V100R005C10. Due to a design defect, remote unauthorized attackers send a large number of specific messages to affected devices, causing system resource exhaustion and web application DoS...
Denial of service
There is a denial of service DoS vulnerability in eCNS280 versions V100R005C00, V100R005C10. Due to a design defect, remote unauthorized attackers send a large number of specific messages to affected devices, causing system resource exhaustion and web application DoS...
CVE-2021-22292
There is a denial of service DoS vulnerability in eCNS280 versions V100R005C00, V100R005C10. Due to a design defect, remote unauthorized attackers send a large number of specific messages to affected devices, causing system resource exhaustion and web application DoS...
CS Money: Pixel Flood Attack leads to Application level DoS
Summary: Hello Team, I had gone through your policy and I saw that DoS is out of scope but I am not sure about Application level DoS. The another reason to report this attack because it affects real customers who want to chat with your support team. I had tested this with two accounts 1. From...
Starbucks: CRLF injection on www.starbucks.com
The vulnerability allows setting arbitrary headers, and also enables response splitting which can then be exploited further. POC: curl -i 'https://www.starbucks.com/email-prospecttg9wh%0d%0aset-cookie:foo%0d%0a%0d%0a4t6uf?requesturl=/responsibility/global-report/policies' -d...
Application DoS via the /rendering/wiki endpoint - CVE-2019-20418
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to prevent users from accessing the instance via an Application Denial of Service vulnerability in the /rendering/wiki endpoint. Affected versions version 8.8.0 Fixed versions 8.8.0...
XML External Entities (XXE)
The Play Framework is vulnerable to XML external entities XXE injection. An attacker may use XML external entities to read files from the file system, internal network, or DoS the application...
Log1 CMS 2.0 - Multiple Vulnerabilities
+---------------------------------------+ | Log1 CMS 2.0 Multiple Vulnerabilities | +---------------------------------------+ Vulnerable Web-App : Log1 CMS 2.0 Vulnerability : Multiple Vulnerabilities. Author : Aodrulez. Atul Alex Cherian Email : [email protected] Google-Dork : "POWERED BY LOG...
Multiple vulnerabilities in TK8 Safe v.3.0.5
Multiple vulnerabilities in TK8 Safe v.3.0.5 July 3, 2006 ---- Summary: TK8 Safe www.tk8.com is a password management application, which stores authentication details and other sensitive data in encrypted local folders. A number of issues have been discovered in version 3.0.5 of the application...