1058 matches found
CVE-2018-13419
CVE-2018-13419 affects the Libsndfile library version 1.0.28, with a reported memory leak in the function psf_allocate in common.c (as shown by sndfile-convert). The issue has been repeatedly noted as difficult to reproduce by maintainers, and several sources indicate the issue was closed or disp...
CVE-2018-13419
An issue has been found in libsndfile 1.0.28. There is a memory leak in psfallocate in common.c, as demonstrated by sndfile-convert. NOTE: The maintainer and third parties were unable to reproduce and closed the issue...
CVE-2018-9974
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...
CVE-2018-10365
An XSS issue was discovered in the Threads to Link plugin 1.3 for MyBB. When editing a thread, the user is given the option to convert the thread to a link. The thread link input box is not properly sanitized...
Foxit Reader ConvertToPDF_x86 jpg Parsing Out-of-Bounds Read Information Disclosure Vulnerability (CNVD-2018-09958)
Foxit Reader is a small PDF document viewer and printing program. Foxit Reader has a security vulnerability in the handling of interactive properties of the PrintParams object, due to a lack of proper memory initialization before accessing memory, which can be exploited by an attacker to obtain...
Foxit Reader ConvertToPDF_x86 BMP Parsing Remote Code Execution Vulnerability
Foxit Reader is a small PDF document viewer and printing program. Foxit Reader has a security vulnerability in the ConvertToPDFx86.dll implementation that can be exploited by an attacker to execute arbitrary code in the current process context due to a lack of proper validation of the length of...
Foxit Reader ConvertToPDF_x86 jpg Parsing Out-of-Bounds Read Information Disclosure Vulnerability
Foxit Reader is a small PDF document viewer and printing program. Foxit Reader has a security vulnerability in ConvertToPDFx86.dll, which can be exploited by attackers to obtain sensitive information or even execute arbitrary code due to a lack of proper validation of user-supplied data...
MyBB Threads to Link Plugin 1.3 - Cross-Site Scripting
Exploit Title: MyBB Threads to Link Plugin v1.3 - Persistent XSS Date: 3/15/2018 Author: 0xB9 Contact: luxorforums.com/User-0xB9 or 0xB9atprotonmail.com Software Link: https://community.mybb.com/mods.php?action=view&pid=1065 Version: v1.3 Tested on: Ubuntu 17.10 CVE: CVE-2018-10365 1. Description...
Convert Forms CSV Injection Vulnerability in Joomla!
Joomla! is the United States Open Source Matters team developed a set of open source content management system CMS. A CSV injection vulnerability exists in Joomla! Convert Forms 2.0.3 and earlier versions. When a user with elevated privileges exports form data in CSV format, an attacker can explo...
Joomla Convert Forms version 2.0.3 - Formula Injection (CSV Injection) Vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla Extension Convert Forms version 2.0.3 - Formula Injection CSV Injection Google Dork: N/A Exploit Author: Jetty Sairam Software Link:...
CVE-2018-10063
The Convert Forms extension before 2.0.4 for Joomla! is vulnerable to Remote Command Execution using CSV Injection that is mishandled when exporting a Leads file...
CVE-2018-10063
The Convert Forms extension before 2.0.4 for Joomla! is vulnerable to Remote Command Execution using CSV Injection that is mishandled when exporting a Leads file...
CVE-2018-10063
CVE-2018-10063 affects Joomla! Convert Forms extension prior to 2.0.4. The vulnerability is a CSV injection that enables remote command execution when exporting leads/form data, due to how CSV fields are handled during export. Documented impact includes potential arbitrary command execution with ...
CVE-2018-10063
The Convert Forms extension before 2.0.4 for Joomla! is vulnerable to Remote Command Execution using CSV Injection that is mishandled when exporting a Leads file...
Joomla Convert Forms version 2.0.3 - Formula Injection (CSV Injection)
Joomla Convert Forms version 2.0.3 - Formula Injection CSV Injection Exploit Title: Joomla Extension Convert Forms version 2.0.3 is vulnerable to Formula Injection CSV Injection Google Dork: N/A Date: 12-04-2018 Exploit Author: Jetty Sairam Software Link:...
Joomla Convert Forms 2.0.3 CSV Injection
Exploit Title: Joomla Extension Convert Forms version 2.0.3 - Formula Injection CSV Injection Google Dork: N/A Date: 12-04-2018 Exploit Author: Jetty Sairam Software Link: https://extensions.joomla.org/extensions/extension/contacts-and-feedback/forms/convert-forms/ Affected Version: 2.03 and befo...
Joomla! Convert Forms version 2.0.3 - Formula Injection (CSV Injection)
Exploit Title: Joomla Extension Convert Forms version 2.0.3 is vulnerable to Formula Injection CSV Injection Google Dork: N/A Date: 12-04-2018 Exploit Author: Jetty Sairam Software Link: https://extensions.joomla.org/extensions/extension/contacts-and-feedback/forms/convert-forms/ Affected Version...
Convert Forms, 2.0.3, CSV Injection
Convert Forms by Tassos.gr, versions 2.0.3 and previous, CSV Injection resolution: update to 2.0.4 update notice: https://www.tassos.gr/blog/convert-forms-2-0-4-security-release...
Xxe
In mxGraphViewImageReader.java in mxGraph before 3.7.6, the SAXParserFactory instance in convert is missing flags to prevent XML External Entity XXE attacks, as demonstrated by /ServerView...
CVE-2017-18197
In mxGraphViewImageReader.java in mxGraph before 3.7.6, the SAXParserFactory instance in convert is missing flags to prevent XML External Entity XXE attacks, as demonstrated by /ServerView...