44 matches found
Linux Distros Unpatched Vulnerability : CVE-2018-1000051
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Artifex Mupdf version 1.12.0 contains a Use After Free vulnerability in fzkeepkeystorable that can result in DOS / Possible code execution. This attack appear t...
Foxit PDF Editor < 2025.2 Multiple Vulnerabilities
According to its version, the Foxit PDF Editor application previously named Foxit PhantomPDF installed on the remote Windows host is prior to 2025.2. It is, therefore affected by multiple vulnerabilities: - A memory corruption vulnerability exists in Foxit Reader 2025.1.0.27937 due to the use of ...
CVE-2012-4142
Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, ignores some characters in HTML documents in unspecified circumstances, which makes it easier for remote attackers to conduct cross-site scripting XSS attacks via a crafted document...
SUSE CVE-2009-1492
The getAnnots Doc method in the JavaScript API in Adobe Reader and Acrobat 9.1, 8.1.4, 7.1.1, and earlier allows remote attackers to cause a denial of service memory corruption or execute arbitrary code via a PDF file that contains an annotation, and has an OpenAction entry with JavaScript code...
SUSE CVE-2011-0627
Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via crafted Flash content, as possibly exploited in the wild in May 2011 by a Microsoft...
Exploit for CVE-2022-30190
CVE-2022-30190 CVE-2022-30190 Follina POC Host exploit.html...
Exploit for Path Traversal in Microsoft
This repository is an exploit module for CVE-2021-40444, a remote code execution vulnerability in Microsoft Office Word. The exploit is a malicious docx generator that creates a document that, when opened, will execute a malicious DLL file. The exploit is based on some reverse engineering over a...
Cross-site Scripting (XSS) - Stored in siwapp/siwapp
Description Stored Cross-Site Scripting XSS vulnerability due to the lack of content validation and output encoding. This vulnerability can be exploited by uploading a crafted payload inside a document. Then, the vulnerability can be triggered when the user previews the document´s content. Proof ...
Nitro Pro Heap Memory Corruption Vulnerability (CNVD-2020-16096)
Nitro Pro is a desktop product with full PDF creation and editing capabilities. A heap memory corruption vulnerability exists in npdf.dll in versions prior to Nitro Pro 13.13.2.242. An attacker can exploit this vulnerability via a specially crafted PDF document to cause heap corruption to occur a...
CVE-2018-8584
creationtimestamp| type| source ---|---|--- 2018-11-14 17:39:01+00:00| seen| MISP/5bec5b59-b2b0-4506-9c63-32a40a021402 2019-01-09 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/46104...
DEBIAN-CVE-2018-18454
CCITTFaxStream::readRow in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service heap-based buffer over-read via a crafted pdf file, as demonstrated by pdftoppm...
Internet Explorer zero-day: browser is once again under attack
Update 2018-05-25: CVE-2018-8174 has been added to the RIG exploit kit MDNC. Update 2018-05-22: Security researcher Richard Warren mentioned that a fully working IE zero-day now patched with payload was uploaded to VirusTotal. We decided to test Malwarebytes against it, since last time we only ha...
CVE-2016-8382
An exploitable heap corruption vulnerability exists in the DocSetSummary functionality of AntennaHouse DMC HTMLFilter. A specially crafted doc file can cause a heap corruption resulting in arbitrary code execution. An attacker can send a malicious doc file to trigger this vulnerability...
CVE-2017-17629
creationtimestamp| type| source ---|---|--- 2017-12-11 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/43287...
Microsoft Graphics Component Information Disclosure (CVE-2017-0283)
An information disclosure vulnerability exists in Microsoft Graphics Component. The vulnerability is due to improper handling of objects in memory, allowing an attacker to retrieve information that could lead to an Address Space Layout Randomization ASLR bypass. An attacker could convince a user ...
Modified Zyklon and plugins from India
IntroductionStreams of malicious emails Talos inspects every day usually consist of active spamming campaigns for various ransomware families, phishing campaigns and the common malware family suspects such as banking Trojans and bots.. It is however often more interesting to analyze campaigns...
CVE-2016-0055
Microsoft Office 2007 SP3 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."...
DEBIAN-CVE-2011-0764
t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, uses an invalid pointer in conjunction with a dereference operation, which allows remote attackers to execute arbitrary code via a crafted Type 1 font in a PDF document, as demonstrated by testz.2184122398.pdf...
CVE-2010-4479
Unspecified vulnerability in pdf.c in libclamav in ClamAV before 0.96.5 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted PDF document, aka "bb 2380," a different vulnerability than CVE-2010-4260...
[Backports-security-announce] Security update for openoffice.org
Rene Engelhard uploaded new packages for openoffice.org which fixed the following security updates: CVE-2009-0200 Dyon Balding of Secunia Research has discovered a vulnerability, which can be exploited by opening a specially crafted Microsoft Word document. When reading a Microsoft Word document,...