127 matches found
CVE-2021-37595
In FreeRDP before 2.4.0 on Windows, wfcliprdrserverfilecontentsrequest in client/Windows/wfcliprdr.c has missing input checks for a FILECONTENTSRANGE File Contents Request PDU...
Microsoft Print 3D PLY Code Execution Vulnerability
Microsoft Print 3D is a 3D modeling tool developed by Microsoft. The Microsoft Print 3D PLY code execution vulnerability is exploited by remote attackers to submit a special file request that induces the user to parse it, which can crash the application or execute arbitrary code in the applicatio...
CVE-2020-36321
Improper URL validation in development mode handler in com.vaadin:flow-server versions 2.0.0 through 2.4.1 Vaadin 14.0.0 through 14.4.2, and 3.0 prior to 5.0 Vaadin 15 prior to 18 allows attacker to request arbitrary files stored outside of intended frontend resources folder...
Foxit Reader Out-of-Bounds Write Vulnerability
Foxit Reader is a PDF document reader. Foxit Reader suffers from an out-of-bounds write vulnerability that can be exploited by a remote attacker to submit a special file request, which can be tricked into parsing, crashing the application or executing arbitrary code in the application context...
Foxit Reader Memory Misreference Vulnerability (CNVD-2021-26395)
Foxit Reader is a PDF document reader. A memory misreference vulnerability exists in Foxit Reader, which allows remote attackers to submit a special file request that can be exploited to trick the user into parsing it, which can crash the application or execute arbitrary code in the application...
Foxit Reader 资源管理错误漏洞
Foxit Reader is a PDF document reader. A memory misreference vulnerability exists in Foxit Reader, which allows remote attackers to submit a special file request that can be exploited to trick the user into parsing it, which can crash the application or execute arbitrary code in the application...
libyang yyparse() memory misreference vulnerability (CNVD-2020-10246)
libyang is a data modeling language library. A memory misreference vulnerability exists in libyang yyparse, which can be exploited by an attacker to submit a special file request and trick the user into parsing it, which can be used to conduct a denial of service attack or execute arbitrary code...
libyang lys_extension_instances_free() memory misreference vulnerability
libyang is a data modeling language library. A memory misreference vulnerability exists in libyang lysextensioninstancesfree, which can be exploited by an attacker to submit a special file request and trick the user into parsing it, which can be used in a denial of service attack...
Wecon PIStudio HSC File Parsing Out-of-Bounds Write Code Execution Vulnerability
Wecon PIStudio is an HMI software. An out-of-bounds write code execution vulnerability exists in Wecon PIStudio HSC file parsing, which allows remote attackers to exploit the vulnerability by submitting a special file request and tricking the user into parsing it, which can crash the application ...
Adobe Photoshop CC Remote Information Disclosure Vulnerability
Adobe Photoshop CC is the latest set of image processing and drawing software. A remote information disclosure vulnerability exists in Adobe Photoshop CC, which allows remote attackers to exploit the vulnerability by submitting a special file request and tricking the user into parsing it, which...
Adobe Flash Player Remote Information Disclosure Vulnerability
Adobe Flash Player is a cross-platform, browser-based multimedia player product. A remote information disclosure vulnerability exists in Adobe Flash Player, which allows remote attackers to exploit the vulnerability by submitting a special file request and tricking the user into parsing it, which...
Natus Xltek NeuroWorks Buffer Overflow Vulnerability (CNVD-2018-12133)
Natus Xltek NeuroWorks is a suite of versatile software platforms for EEG testing, long-term monitoring, ICU monitoring and sleep studies from Natus Medical, USA. A buffer overflow vulnerability exists in the RequestForPatientInfoEEGfile feature in Natus Xltek NeuroWorks version 8. A remote...
Vaultize Enterprise File Sharing Cross-Site Scripting Vulnerability
Vaultize Enterprise File Sharing is an enterprise file sharing solution from Vaultize Technologies, USA. The solution includes features such as data retention management, versioning, secure data handling, data backup and recovery. A cross-site scripting vulnerability exists in Vaultize Enterprise...
CVE-2018-10206
An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is Stored XSS via the optional message field of a file request...
CVE-2018-10206
An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is Stored XSS via the optional message field of a file request...
PT-2018-9752 · Vaultize · Vaultize Enterprise File Sharing
Name of the Vulnerable Software and Affected Versions: Vaultize Enterprise File Sharing version 17.05.31 Description: An issue was discovered that allows for Stored XSS via the optional message field of a file request. Recommendations: For Vaultize Enterprise File Sharing version 17.05.31, consid...
Monstra CMS Remote Code Execution Vulnerability
Monstra CMS is a lightweight PHP-based content management system CMS developed by Ukrainian software developer Sergey Romanenko. The system is easy to install and use, scalable and so on. A security vulnerability exists in Monstra CMS version 3.0.4. The vulnerability can be exploited by a remote...
Leptonica pixHtmlViewer prog/htmlviewer.c memory access vulnerability
Leptonica is an open source image processing and image analysis library. A security vulnerability in Leptonica pixHtmlViewer prog/htmlviewer.c allows remote attackers to exploit the vulnerability by submitting a special file request that induces the user to parse it, which can crash the applicati...
UBUNTU-CVE-2018-5712
An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file...
CVE-2017-17993
Biometric Shift Employee Management System has XSS via the amount parameter in an index.php?user=additiondeduction request...