205 matches found
CVE-2024-49576
A use-after-free vulnerability exists in the way Foxit Reader 2024.3.0.26795 handles a checkbox CBFWidget object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An...
Foxit Reader memory corruption vulnerability (CNVD-2025-0095609)
Foxit Reader is a Chinese Foxit Foxit company's a PDF document reader. A security vulnerability exists in Foxit Reader version 2024.3.0.26795, which originates from a post-release reuse vulnerability contained in the checkbox CBFWidget object. An attacker can exploit this vulnerability to cause...
CVE-2024-49576
A use-after-free vulnerability exists in the way Foxit Reader 2024.3.0.26795 handles a checkbox CBFWidget object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An...
CVE-2024-49576
A use-after-free vulnerability exists in the way Foxit Reader 2024.3.0.26795 handles a checkbox CBFWidget object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An...
CVE-2024-49576
Foxit Reader 2024.3.0.26795 contains a use-after-free in handling the checkbox CBF_Widget object. A crafted PDF with JavaScript can trigger memory corruption and arbitrary code execution. Exploitation requires user interaction (opening the malicious file or visiting a malicious site if the browse...
Foxit Reader 安全漏洞
Foxit Reader is a Chinese Foxit Foxit company's a PDF document reader. A security vulnerability exists in Foxit Reader version 2024.3.0.26795, which originates from a post-release reuse vulnerability contained in the checkbox CBFWidget object. An attacker can exploit this vulnerability to cause...
Fedora 37 : js-jquery-ui (2022-7291b78111)
The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-7291b78111 advisory. A flaw was found in the jquery-UI package. Affected versions of this package are vulnerable to Cross-site scripting XSS attack via the initializatio...
Foxit PDF Editor for Mac < 11.1.10 Multiple Vulnerabilities
According to its version, the Foxit PDF Editor for Mac application previously named Foxit PhantomPDF for Mac installed on the remote macOS host is prior to 11.1.10. It is, therefore affected by multiple vulnerabilities: - A use-after-free vulnerability exists in the way Foxit Reade 2024.1.0.23997...
CVE-2024-28888
A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a checkbox field object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker...
Foxit Reader checkbox Calculate use-after-free vulnerability
Talos Vulnerability Report TALOS-2024-1967 Foxit Reader checkbox Calculate use-after-free vulnerability October 2, 2024 CVE Number CVE-2024-28888 SUMMARY A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a checkbox field object. A specially crafted Javascript co...
PT-2024-22628 · Foxit · Foxit Reader
Name of the Vulnerable Software and Affected Versions: Foxit Reader version 2024.1.0.23997 Description: A use-after-free vulnerability exists in the way Foxit Reader handles a checkbox field object. A specially crafted JavaScript code inside a malicious PDF document can trigger this vulnerability...
Malicious code in smart-input-checkbox (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1d35a2894a65ccf5f422531f46846b2cc71d5e0e28a3e0d7b6e9ed1b0daa6a69 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-7798 Malicious code in smart-input-checkbox (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1d35a2894a65ccf5f422531f46846b2cc71d5e0e28a3e0d7b6e9ed1b0daa6a69 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in trip-component-platform-online-subscribe-checkbox (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f1b75c5dae9b8499101bc5b5b006cc02b0d3da7be0669d9c7b9aa2f3191a34f2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
PT-2024-40066 · Packagist · Silverstripe/Framework
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: The issue concerns lists of key/value pairs assigned to OptionsetField or CheckboxSetField that lack a default casting. This can lead to a potential XSS vulnerability when either th...
CVE-2024-3210
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'reg-single-checkbox' shortcode in all versions up to, and including, 4.15.5 due to...
CVE-2024-3210 Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.15.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'reg-single-checkbox'
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'reg-single-checkbox' shortcode in all versions up to, and including, 4.15.5 due to...
WordPress Plugin ProfilePress 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
CVE-2023-6012
An improper input validation vulnerability has been found in Lanaccess ONSAFE MonitorHM affecting version 3.7.0. This vulnerability could lead a remote attacker to exploit the checkbox element and perform remote code execution, compromising the entire infrastructure...
CVE-2023-6012
An improper input validation vulnerability has been found in Lanaccess ONSAFE MonitorHM affecting version 3.7.0. This vulnerability could lead a remote attacker to exploit the checkbox element and perform remote code execution, compromising the entire infrastructure...