318 matches found
Dompdf 代ē é®é¢ę¼ę“
Dompdf is Dompdf open source an HTML to PDF converter . Dompdf has a code problem vulnerability , the vulnerability stems from the vulnerability to the use of deserialization of untrusted data...
Debian dla-3495 : php-dompdf - security update
The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3495 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3495-1 [email protected]...
Debian: Security Advisory (DLA-3495-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 3495-1] php-dompdf security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3495-1 [email protected] https://www.debian.org/lts/security/ Bastien RoucariĆĀØs July 13, 2023 https://wiki.debian.org/LTS -...
Exploit for Cross-site Scripting in Dompdf_Project Dompdf
CVE-2022-28368-handler This repository contains a python scrip...
Dompdf 1.2.1 Remote Code Execution
!/usr/bin/python3 Exploit Title: Dompdf 1.2.1 - Remote Code Execution RCE Date: 16 February 2023 Exploit Author: Ravindu Wickramasinghe @rvizx9 Vendor Homepage: https://dompdf.github.io/ Software Link: https://github.com/dompdf/dompdf Version: 1.2.1 Tested on: Kali linux CVE : CVE-2022-28368 Gith...
Dompdf 1.2.1 - Remote Code Execution (RCE)
!/usr/bin/python3 Exploit Title: Dompdf 1.2.1 - Remote Code Execution RCE Date: 16 February 2023 Exploit Author: Ravindu Wickramasinghe @rvizx9 Vendor Homepage: https://dompdf.github.io/ Software Link: https://github.com/dompdf/dompdf Version: 1.2.1 Tested on: Kali linux CVE : CVE-2022-28368 Gith...
Dompdf 1.2.1 - Remote Code Execution Exploit
!/usr/bin/python3 Exploit Title: Dompdf 1.2.1 - Remote Code Execution RCE Date: 16 February 2023 Exploit Author: Ravindu Wickramasinghe @rvizx9 Vendor Homepage: https://dompdf.github.io/ Software Link: https://github.com/dompdf/dompdf Version: 1.2.1 Tested on: Kali linux CVE : CVE-2022-28368 Gith...
Deserialization Of Untrusted Data
php-dompdf is vulnerable to Deserialization of Untrusted Data. The library is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the filegetcontents function. If an attacker can upload files of any type to the server, they can pass in the phar://...
XML External Entity (XXE)
php-dompdf is vulnerable to XML External Entity XXE attacks. SVG images are not processed through Dompdf's resource validation logic, allowing attackers to use remote resources, local filesystem paths, and vulnerable protocols without restriction...
K000132775: DOMPDF vulnerabilities CVE-2023-23924 and CVE-2023-24813
Security Advisory Description CVE-2023-23924 Dompdf is an HTML to PDF converter. The URI validation on dompdf 2.0.1 can be bypassed on SVG parsing by passing tags with uppercase letters. This may lead to arbitrary object unserialize on PHP 8, through the phar URL wrapper. An attacker can exploit...
Exploit for Files or Directories Accessible to External Parties in Dompdf_Project Dompdf
CVE-2022-41343 š Python Exploit for CVE-2022-41343 Staged Rev...
UBUNTU-CVE-2021-3838
DomPDF before version 2.0.0 is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the filegetcontents function. An attacker who can upload files of any type to the server can pass in the phar:// protocol to unserialize the uploaded file and...
Exploit for Cross-site Scripting in Dompdf_Project Dompdf
CVE-2022-28368 - Dompdf RCE Dompdf RCE PoC Exploit !alt text...
Arbitrary Code Execution
dompdf/dompdf is vulnerable to Arbitrary Code Execution. The vulnerability exists in Cache.php due to a lack of validations for SVG files in Dompdf and php-svg-lib, allowing an attacker to parse an arbitrary URL with arbitrary protocols, which can resulting in Arbitrary Code Execution...
CVE-2023-24813
Dompdf is an HTML to PDF converter written in php. Due to the difference in the attribute parser of Dompdf and php-svg-lib, an attacker can still call arbitrary URLs with arbitrary protocols. Dompdf parses the href attribute of image tags and respects xlink:href even if href is specified. However...
DEBIAN-CVE-2023-24813
Dompdf is an HTML to PDF converter written in php. Due to the difference in the attribute parser of Dompdf and php-svg-lib, an attacker can still call arbitrary URLs with arbitrary protocols. Dompdf parses the href attribute of image tags and respects xlink:href even if href is specified. However...
CVE-2023-24813
Dompdf is an HTML to PDF converter written in php. Due to the difference in the attribute parser of Dompdf and php-svg-lib, an attacker can still call arbitrary URLs with arbitrary protocols. Dompdf parses the href attribute of image tags and respects xlink:href even if href is specified. However...
Design/Logic Flaw
Dompdf is an HTML to PDF converter written in php. Due to the difference in the attribute parser of Dompdf and php-svg-lib, an attacker can still call arbitrary URLs with arbitrary protocols. Dompdf parses the href attribute of image tags and respects xlink:href even if href is specified. However...
URI validation failure on SVG parsing. Bypass of CVE-2023-23924
Summary Due to the difference in the attribute parser of Dompdf and php-svg-lib, an attacker can still call arbitrary URLs with arbitrary protocols. Details Dompdf parses the href attribute of image tags with the following code: src/Image/Cache.php line 135-150 php function $parser, $name,...