CVE-2021-31453

Foxit Reader 10.1.1.37576 is affected by CVE-2021-31453 due to improper validation of an object in XFA Forms handling, enabling remote code execution. The flaw allows an attacker to run arbitrary code in the context of the current process after user interaction (e.g., opening a malicious file or ...

CVE-2021-31453

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2021-31452

Foxit Reader 10.1.1.37576 and earlier is affected by a remote code execution vulnerability in the handling of XFA forms. The issue stems from insufficient validation of user-supplied data, leading to a write past the end of an allocated data structure and enabling code execution in the attacker’s...

CVE-2021-31452

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2021-31450

CVE-2021-31450 affects Foxit Reader 10.1.1.37576 (and related versions) where a fault in handling XFA forms permits remote code execution after tricking a user into opening a malicious page or file. The root cause is a failure to validate the existence of an object before performing operations on...

CVE-2021-31450

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2021-26123

LivingLogic XIST4C before 0.107.8 allows XSS via login.htm, login.wihtm, or login-form.htm...

Foxit Reader 缓冲区错误漏洞

Foxit Reader old name: Foxit PDF Reader is a set of software used to read PDF format files, by Fujian Foxit Software developed by Foxit Reader is a set of free to use the software, the operating system is mainly based on Microsoft Windows, and as long as there is a Win32 implementation of the...

Foxit Reader XFA Form Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XFA...

Foxit Reader XFA Form Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XFA...

Foxit Reader XFA relayout Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XFA...

Foxit Reader XFA Form Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XFA...

Foxit Reader 资源管理错误漏洞

Foxit Reader is a Chinese Foxit Foxit company's a PDF document reader. A security vulnerability exists in Foxit Reader XFA Forms. The vulnerability stems from the failure to verify the existence of an object before performing an operation on it. An attacker can exploit this vulnerability by...

Foxit Reader XFA Form Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XFA...

Foxit Reader for Windows 资源管理错误漏洞

Foxit Reader for Windows is a Windows-based PDF document reader from the Chinese company Foxit. Foxit Reader for Windows suffers from a resource management error vulnerability that originates from an error when handling certain XFA forms or annotation objects. A remote attacker could exploit the...

GHSA-QGP4-5QX6-548G Cross-site scripting (XSS) from unsanitized uploaded SVG files in Kirby

Impact An editor with write access to the Kirby Panel can upload an SVG or XML file that contains harmful content like tags. The direct link to that file can be sent to other users or visitors of the site. If the victim opens that link in a browser where they are logged in to Kirby, the script wi...

CVE-2021-29460

Kirby is an open source CMS. An editor with write access to the Kirby Panel can upload an SVG file that contains harmful content like tags. The direct link to that file can be sent to other users or visitors of the site. If the victim opens that link in a browser where they are logged in to Kirby...

CVE-2021-29460

Kirby is an open source CMS. An editor with write access to the Kirby Panel can upload an SVG file that contains harmful content like tags. The direct link to that file can be sent to other users or visitors of the site. If the victim opens that link in a browser where they are logged in to Kirby...

Design/Logic Flaw

Kirby is an open source CMS. An editor with write access to the Kirby Panel can upload an SVG file that contains harmful content like tags. The direct link to that file can be sent to other users or visitors of the site. If the victim opens that link in a browser where they are logged in to Kirby...

UPchieve: Zero click account Takeover due to Api misconfiguration 🏂🎩

Hacker reported that full account takeover was possible through exploitation of one our forms. Hacker provided sufficient information to prove capability and how to remediate. Our team remediated the issue so that the takeover is no longer possible. i was able to take over any account without any...