CVE-2018-17702

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2018-17687

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2018-17689

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2018-17687

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2018-17689

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Design/Logic Flaw

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Design/Logic Flaw

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Design/Logic Flaw

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2018-17689

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2018-17687

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2018-16084

The default selected dialog button in CustomHandlers in Google Chrome prior to 69.0.3497.81 allowed a remote attacker who convinced the user to perform certain operations to open external programs via a crafted HTML page...

Rockstar Games: Race condition vulnerability on "This Rocks" button.

In this report, the researcher brought to our attention a misbehavior in the "This Rocks" button that we use on the Social Club site. Using curl and a proxy tool such as Burp Suite, an attacker could invoke the "This Rocks" API call multiple times rapidly, and the system would accept multiple...

CVE-2018-19616

An issue was discovered in Rockwell Automation Allen-Bradley PowerMonitor 1000. An unauthenticated user can add/edit/remove administrators because access control is implemented on the client side via a disabled attribute for a BUTTON element...

Bolt CMS 3.6.2 - Cross-Site Scripting

Bolt CMS 3.6.2 - Cross-Site Scripting Exploit Title: Bolt CMS https://github.com/rdincel1/Bolt-CMS-3.6.2---Cross-Site-Scripting/raw/master/bolt-v3.6.2.zip Affected Version: alert"Raif" Description Bolt CMS 3.6.2 allows XSS via text input click preview button as demonstrated by the Title field of ...

CVE-2018-19933

Bolt CMS before 3.6.2 is vulnerable to cross-site scripting via the text input click preview button, demonstrated by the Title field of a configured or new entry. Related advisories (GHSA-2G23-QMMP-FVMR, OSV entries) link this XSS to Bolt 3.6.4 and earlier references, including a public exploit/d...

UBUNTU-CVE-2018-19877

login.php in Adiscon LogAnalyzer before 4.1.7 has XSS via the Login Button Referer field...

CVE-2018-19877

login.php in Adiscon LogAnalyzer before 4.1.7 has XSS via the Login Button Referer field...

TOTOLINK A3002RU Cross-Site Scripting Vulnerability (CNVD-2018-24107)

TOTOLINK A3002RU is a wireless router product from Gion Electronics TOTOLINK. A cross-site scripting vulnerability exists in the noticegen.htm page of the TOTOLINK A3002RU version 1.0.8. A remote attacker can exploit this vulnerability by modifying the "User phrases button" field to execute...

CVE-2018-13308

Cross-site scripting in noticegen.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript by modifying the "User phrases button" field...

CVE-2018-13308

Cross-site scripting in noticegen.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript by modifying the "User phrases button" field...