EUVD-2019-7851

Malware in sbrugna...

SUSE CVE-2007-0047

CRLF injection vulnerability in Adobe Acrobat Reader Plugin before 8.0.0, when used with the Microsoft.XMLHTTP ActiveX object in Internet Explorer, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the javascript: URI in the...

SUSE CVE-2007-1452

The FDF support ext/fdf in PHP 5.2.0 and earlier does not implement the input filtering hooks for ext/filter, which allows remote attackers to bypass web site filters via an application/vnd.fdf formatted POST...

SUSE CVE-2009-3956

The default configuration of Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, does not enable the Enhanced Security feature, which has unspecified impact and attack vectors, related to a "script injection vulnerability," as demonstrated by Acrobat Forms Data...

PT-2019-15171 · Pdf Xchange · Pdf-Xchange Editor

Name of the Vulnerable Software and Affected Versions: PDF-XChange Editor versions prior to 8.0.330.0 Description: The issue allows for NTLM SSO hash theft using crafted FDF or XFDF files. This can occur when a link to a file, such as '192.168.0.2C$file.pdf', is accessed without user interaction,...

CVE-2018-14280

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2018-14264

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2018-14247

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Adobe Acrobat and Reader Security Bypass (APSB17-36: CVE-2017-16361)

A Security Bypass vulnerability exists in Adobe Reader and Acrobat. The vulnerability is due to an error in Adobe Reader and Acrobat while parsing a corrupted FDF/XFDF file. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted file...

CVE-2017-11229

Technical details for CVE-2017-11229 are not provided in the supplied connected documents; information about affected products, exploitability, or remediation is not available here. Monitor for updates.

Adobe Acrobat and Reader Security Bypass (APSB17-24: CVE-2017-11229)

A code injection vulnerability exists in Adobe Reader and Acrobat. The vulnerability is due to the FDF component of Adobe Reader and Acrobat. A remote attacker might exploit this issue by convincing a victim to open a specially crafted PDF file...

CVE-2017-2947

CVE-2017-2947 affects Adobe Acrobat Reader versions earlier than 15.020.20042, 15.006.30244, and 11.0.18. The vulnerability is a security bypass in which manipulation of the Form Data Format (FDF) is exploited to bypass protections. The connected documents confirm the affected versions and descri...

CVE-2007-1452

The FDF support ext/fdf in PHP 5.2.0 and earlier does not implement the input filtering hooks for ext/filter, which allows remote attackers to bypass web site filters via an application/vnd.fdf formatted POST...

CVE-2009-3956

CVE-2009-3956 refers to a script injection vulnerability in Adobe Reader/Acrobat (8.x/9.x on Windows and macOS) where the Enhanced Security feature was not enabled by default in affected versions prior to 9.3/8.2. The issue, demonstrated via Acrobat Forms Data Format (FDF) behavior, enables cross...

FDF Files Containing Timed JavaScript (CVE-2009-3956)

FDF is a file format used for representing form data and annotations that are contained in a PDF form. A remote attacker may exploit this issue to inject JavaScript into a PDF file from any domain on the internet. When Acrobat loads an FDF file, there is no check to ensure that the target file,...

CVE-2007-1452

The FDF support ext/fdf in PHP 5.2.0 and earlier does not implement the input filtering hooks for ext/filter, which allows remote attackers to bypass web site filters via an application/vnd.fdf formatted POST...

CVE-2007-1452

The FDF support ext/fdf in PHP 5.2.0 and earlier does not implement the input filtering hooks for ext/filter, which allows remote attackers to bypass web site filters via an application/vnd.fdf formatted POST...

CVE-2007-1452

The FDF support ext/fdf in PHP 5.2.0 and earlier does not implement the input filtering hooks for ext/filter, which allows remote attackers to bypass web site filters via an application/vnd.fdf formatted POST...

EUVD-2007-1446

The FDF support ext/fdf in PHP 5.2.0 and earlier does not implement the input filtering hooks for ext/filter, which allows remote attackers to bypass web site filters via an application/vnd.fdf formatted POST...

PHP ext/filter FDF Post数据过滤绕过漏洞

PHP是广泛使用的通用目的脚本语言，特别适合于Web开发，可嵌入到HTML中。 PHP新实现的ext/filter FDF扩展实现上存在漏洞，远程攻击者可能利用此绕过用户数据过滤，从而在服务器上执行各种注入攻击。 根据设计，PHP的内容过滤钩子会在所有解析用户输入并注册为变量的地方添加对输入过滤器的调用，以确定如何处理这些变量，但添加对其他POST内容类型支持的所有扩展也需要实现钩子，否则数据就会绕过过滤。如果安装了ext/fdf的话PHP就会捆绑一个对FDF POST数据格式的扩展，但没有调用输入过滤器，因此攻击者就可能绕过所强制的过滤机制，获得非授权访问。 PHP = 5.2.0...