Foxit Reader Forms Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within PDF Forms. A...

orion.extfeedbackform Bitrix Module SQL Injection Vulnerability

An SQL injection vulnerability exists in the orion.extfeedbackform Bitrix module. Due to insufficient filtering of input passed to the "/bitrix/admin/orion.extfeedbackformefbfforms.php" script via the "order" and "by" HTTP GET parameters, an attacker can exploit the vulnerability to execute SQL...

TYPO3 MK Forms扩展任意代码执行漏洞

No description provided by source...

TYPO3 MK Forms Extension Arbitrary Code Execution Vulnerability

TYPO3 is a free and open source content management system framework CMS/CMF maintained by the TYPO3 Association in Switzerland.MK Forms is one of the extensions plug-in for producing HTML forms. An arbitrary code execution vulnerability exists in TYPO3 MK Forms extension version 1.0.23 and earlie...

MyWebSQL 3.6 Cross Site Request Forgery Vulnerability

MyWebSQL version 3.6 suffers from a cross site request forgery vulnerability. 1. Introduction Affected Product: MyWebSQL 3.6 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://mywebsql.net/ Vulnerability Type: CSRF Remote Exploitable: Yes Reported to vendor: 09/01/2015 Disclosed t...

Adobe Acrobat Reader DC Remote Code Execution Vulnerability

Adobe Acrobat Reader DC is the United States of America Odooby Adobe company's set of tools for viewing, printing and annotating PDF. A remote code execution vulnerability exists in Adobe Acrobat Reader DC, which stems from the program failing to properly parse CMAP forms. A remote attacker could...

Foxit PhantomPDF < 7.2 Multiple Vulnerabilities

According to its version, the Foxit PhantomPDF application formally known as Phantom installed on the remote Windows host is affected by multiple vulnerabilities : - A memory overflow condition exists in the PDF creator plugin ConvertToPDFx86.dll when converting a PNG file to a PDF file due to an...

Foxit Reader < 7.2 Multiple Vulnerabilities

The version of Foxit Reader installed on the remote Windows host is prior to 7.2. It is, therefore, affected by multiple vulnerabilities : - A memory overflow condition exists in the PDF creator plugin ConvertToPDFx86.dll when converting a PNG file to a PDF file due to an error that occurs when...

Foxit Reader Forms Out-of-Bounds Remote Code Execution Vulnerability

Foxit Reader is a compact PDF reader. A security vulnerability exists in Foxit Reader's PDF Forms, which allows an attacker to exploit a constructed PDF file to trick the user into parsing it, reading memory outside of the allocated object, and executing arbitrary code...

The vulnerability of the Microsoft SharePoint Server corporate application allows a hacker to read arbitrary files.

The vulnerability of the InfoPath Forms Services component of the Microsoft SharePoint Server corporate application suite is related to deficiencies in access control mechanisms. Exploiting this vulnerability could allow an attacker, operating remotely, to read arbitrary files using a specially...

Foxit Reader Forms Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within PDF Forms. A...

Foxit Reader Forms Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within PDF Forms. A...

Microsoft SharePoint Server Information Leakage Vulnerability

Microsoft SharePoint Server is the United States Microsoft Microsoft company's set of enterprise business collaboration platform. An information leakage vulnerability exists in the InfoPath Forms Services component of Microsoft SharePoint Server versions 2007 SP3 and 2010 SP2. A remote attacker...

CVE-2015-2556

The InfoPath Forms Services component in Microsoft SharePoint Server 2007 SP3 and 2010 SP2 misparses DTDs, which allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity...

Information disclosure

The InfoPath Forms Services component in Microsoft SharePoint Server 2007 SP3 and 2010 SP2 misparses DTDs, which allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity...

CVE-2015-2556

CVE-2015-2556 is an information-disclosure vulnerability affecting Microsoft SharePoint Server 2007 SP3 and 2010 SP2, arising from how the InfoPath Forms Services component parses DTDs. The root cause is improper handling of XML External Entities (XXE), allowing a remote attacker to read arbitrar...

CVE-2015-2556

The InfoPath Forms Services component in Microsoft SharePoint Server 2007 SP3 and 2010 SP2 misparses DTDs, which allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity...

Microsoft SharePoint Server and Foundation Multiple Vulnerabilities (3096440)

This host is missing an important security update according to Microsoft Bulletin MS15-110. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

FTGate 7 - Cross-Site Request Forgery

Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-FTGATE-V7-CSRF.txt Vendor: ================================ www.ftgate.com www.ftgate.com/ftgate-update-7-0-300 Product: ================================ FTGate v7 Vulnerability Type:...

Arbitrary Code Execution in extension "MK Forms" (mkforms)

It has been discovered that the extension "MK Forms" mkforms is susceptible to Arbitrary Code Execution Release Date: September 30, 2015 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 1.0.23 and below Vulnerability...