CVE-2018-13308

Cross-site scripting in noticegen.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript by modifying the "User phrases button" field...

CVE-2018-13308

Cross-site scripting in noticegen.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript by modifying the "User phrases button" field...

Design/Logic Flaw

GreenCMS v2.3.0603 allows remote authenticated administrators to delete arbitrary files by modifying a base64-encoded pathname in an m=admin&c=media&a=delfilehandle&id= call, related to the m=admin&c=media&a=restorefile delete button...

Foxit Reader and Foxit PhantomPDF for Windows Memory Misreference Vulnerability (CNVD-2018-22406)

Foxit Reader for Windows is a Windows-based PDF document reader from China's Foxit Foxit Software Corporation.Foxit PhantomPDF for Windows is its commercial version. A memory misreference vulnerability exists in the handling of the exportValues property of the radio button in Foxit Reader...

Foxit Reader and Foxit PhantomPDF for Windows Memory Misreference Vulnerability (CNVD-2018-23730)

Foxit Reader for Windows is a Windows-based PDF document reader from China's Foxit Foxit Software Corporation.Foxit PhantomPDF for Windows is its commercial version. A memory misreference vulnerability exists in the handling of the fillColor property of the radio button in Foxit Reader 9.2.0.9297...

Foxit PhantomPDF exportValues Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...

Foxit Reader richValue Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the...

Foxit PhantomPDF fillColor Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...

CVE-2018-17866

Multiple cross-site scripting XSS vulnerabilities in includes/core/um-actions-login.php in the "Ultimate Member - User Profile & Membership" plugin before 2.0.28 for WordPress allow remote attackers to inject arbitrary web script or HTML via the "Primary button Text" or "Second button text" field...

July 12, 2016 — KB3172985 (OS Build 10586.494)

July 12, 2016 — KB3172985 OS Build 10586.494 This update includes quality improvements and security fixes. No new operating system features are being introduced in this update. Key changes include: Improved reliability of Windows Media Player, Internet Explorer 11, Windows Explorer, Miracast, and...

CVE-2018-14398

An issue was discovered in Creme CRM 1.6.12. The value of the cancel button uses the content of the HTTP Referer header, and could be used to trick a user into visiting a fake login page in order to steal credentials...

CVE-2018-15478

CVE-2018-15478 affects myStrom WiFi Switch and related devices (V1 < 2.66, V2 < 3.80, EU < 3.80, Bulb < 2.58, LED Strip < 3.80, Button < 2.73, Button Plus

CVE-2018-15476

CVE-2018-15476 affects myStrom WiFi Switch family (V1 before 2.66, V2 before 3.80, EU before 3.80; related WiFi Bulb/LED Strip/Button versions). Root cause: the SSL/TLS server certificate used in device-to-cloud communication is not verified, enabling MITM attackers on the device network path to ...

CVE-2018-15528

Reflected Cross-Site Scripting exists in the Java System Solutions SSO plugin 4.0.13.1 for BMC MyIT. A remote attacker can abuse this issue to inject client-side scripts into the "selectsso" function. The payload is triggered when the victim opens a prepared /ux/jss-sso/arslogin?XSS link and then...

Cross site scripting

Reflected Cross-Site Scripting exists in the Java System Solutions SSO plugin 4.0.13.1 for BMC MyIT. A remote attacker can abuse this issue to inject client-side scripts into the "selectsso" function. The payload is triggered when the victim opens a prepared /ux/jss-sso/arslogin?XSS link and then...

CVE-2018-14306

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Design/Logic Flaw

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2018-14306

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Foxit Reader Memory Misreference Vulnerability (CNVD-2018-14149)

Foxit Reader for Windows is China's Foxit Foxit Software Corporation, a Windows-based platform for PDF document reader. A memory misreference exists in the handling of button objects in Foxit Reader 9.1.0.5096 and earlier versions for Windows. A remote attacker can exploit this vulnerability by...

Foxit Reader Button buttonSetIcon Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of...