8435 matches found
Design/Logic Flaw
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Design/Logic Flaw
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
CVE-2018-9959
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
CVE-2018-1174
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...
Design/Logic Flaw
Services/Feeds/classes/class.ilExternalFeedItem.php in ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 has XSS via a link attribute...
CVE-2018-11117
Services/Feeds/classes/class.ilExternalFeedItem.php in ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 has XSS via a link attribute...
CVE-2018-11117
Services/Feeds/classes/class.ilExternalFeedItem.php in ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 has XSS via a link attribute...
CVE-2018-11117
CVE-2018-11117 affects ILIAS 5.1.x, 5.2.x, and 5.3.x, where a cross-site scripting (XSS) flaw is introduced via a link attribute in the file Services/Feeds/classes/class.ilExternalFeedItem.php. The issue is exploitable due to insufficient sanitization of link attributes, with impact described as ...
Security update for librsvg (moderate)
This update for librsvg fixes the following issues: - CVE-2018-1000041: Input validation issue could lead to credentials leak. bsc1083232 Update to version 2.40.20: + Except for emergencies, this will be the LAST RELEASE of the librsvg-2.40.x series. We are moving to 2.41, which is vastly improve...
Adobe Acrobat Pro DC XFA use Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handlin...
PrestaShop Attribute Wizard addon code execution vulnerability
PrestaShop is an open source e-commerce solution from PrestaShop. The program provides a variety of payment methods , SMS alerts and product image scaling and other features . Attribute Wizard addon is one of the product attribute add module . A security vulnerability exists in the...
Cross-Site Scripting (XSS)
TinyMCE is vulnerable to cross-siste scripting XSS. The vulnerability is possible because it does not filter xlink:href attributes...
Design/Logic Flaw
modules/attributewizardpro/fileupload.php in the Attribute Wizard addon 1.6.9 for PrestaShop 1.4.0.1 through 1.6.1.18 allows remote attackers to execute arbitrary code by uploading a .phtml file...
CVE-2018-10942
modules/attributewizardpro/fileupload.php in the Attribute Wizard addon 1.6.9 for PrestaShop 1.4.0.1 through 1.6.1.18 allows remote attackers to execute arbitrary code by uploading a .phtml file...
CVE-2018-10942
modules/attributewizardpro/fileupload.php in the Attribute Wizard addon 1.6.9 for PrestaShop 1.4.0.1 through 1.6.1.18 allows remote attackers to execute arbitrary code by uploading a .phtml file...
CVE-2018-10942
modules/attributewizardpro/fileupload.php in the Attribute Wizard addon 1.6.9 for PrestaShop 1.4.0.1 through 1.6.1.18 allows remote attackers to execute arbitrary code by uploading a .phtml file...
CVE-2018-10942
CVE-2018-10942 affects the PrestaShop Attribute Wizard addon 1.6.9 (modules/attributewizardpro/file_upload.php) and PrestaShop 1.4.0.1–1.6.1.18. The vulnerability allows remote attackers to execute arbitrary code by uploading a .phtml file. Data from connected documents confirms the attack vector...
DEBIAN-CVE-2017-2591
389-ds-base before version 1.3.6 is vulnerable to an improperly NULL terminated array in the uniquenessentrytoconfig function in the "attribute uniqueness" plugin of 389 Directory Server. An authenticated, or possibly unauthenticated, attacker could use this flaw to force an out-of-bound heap...
Foxit Reader Field rect Remote Code Execution Vulnerability
Foxit Reader is a small PDF document viewer and printing program. Foxit Reader has a security vulnerability in the parsing of the Field rect attribute, which can be exploited to execute arbitrary code in the context of the current process due to a lack of validation before performing an operation...
Integer overflow
An exploitable integer overflow exists in the upgrade of a legacy Mesh attribute of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the applicatio...