12 matches found
CVE-2021-24684
The WordPress PDF Light Viewer Plugin WordPress plugin before 1.4.12 allows users with Author roles to execute arbitrary OS command on the server via OS Command Injection when invoking Ghostscript...
CVE-2021-24684
The WordPress PDF Light Viewer Plugin WordPress plugin before 1.4.12 allows users with Author roles to execute arbitrary OS command on the server via OS Command Injection when invoking Ghostscript...
CVE-2021-24684
The CVE applies to the WordPress PDF Light Viewer Plugin for WordPress, affected in versions prior to 1.4.12. The root cause is an OS Command Injection via Ghostscript, exploitable by users with Author roles, enabling arbitrary command execution on the server. Impact is high (remote execution, se...
WordPress 插件 操作系统命令注入漏洞
WordPress plugin is a WordPress open source application plugin . WordPress PDF Light Viewer plugin version 1.4.12 before the existence of operating system command injection vulnerability, an attacker can exploit the vulnerability in the call Ghostscript through the OS command injection on the...
PDF Light Viewer < 1.4.12 - Authenticated Command Injection
The plugin allows users with Author roles to execute arbitrary OS command on the server via OS Command Injection when invoking Ghostscript. PoC 1 Go to Import PDF. 2 Select PDF file. 3 Set compression as 60 | calc | echo 4 Toggle import the first checkbox 5 Publish or update 6 Command executes...
WordPress PDF Light Viewer plugin <= 1.4.11 - Authenticated Command Injection vulnerability
Authenticated Command Injection vulnerability discovered by apple502j in WordPress PDF Light Viewer plugin versions = 1.4.11. Solution Update the WordPress PDF Light Viewer plugin to the latest available version at least 1.4.12...
PDF Light Viewer < 1.4.12 - Authenticated Command Injection
The plugin allows users with Author roles to execute arbitrary OS command on the server via OS Command Injection when invoking Ghostscript. 1 Go to Import PDF. 2 Select PDF file. 3 Set compression as 60 | calc | echo 4 Toggle import the first checkbox 5 Publish or update 6 Command executes...
Binary Vulnerability in Shenzhen Xunlei.com Culture Co. Light and Shadow Viewing (CNVD-2020-58845)
Light Viewer is a photo viewing software for the photography and designer crowd, featuring fast viewing, accurate color reproduction of pictures in various color spaces, and so on. A binary vulnerability exists in Shenzhen Xunlei.com Culture Co. An attacker can exploit this vulnerability to cause...
Heap Overwrite Vulnerability (CNVD-2020-58856) exists in Shenzhen Xunlei.com Culture Co.'s Light and Shadow Viewing
Light Viewer is a professional image viewing software. A heap out-of-bounds write vulnerability exists in Shenzhen Xunlei.com Culture Co. An attacker can exploit this vulnerability to cause the software to crash...
Shenzhen Xunlei.com Culture Co., Ltd. light and shadow look at the existence of heap transgression write vulnerability
Light Viewer is a professional image viewing software. A heap out-of-bounds write vulnerability exists in Shenzhen Xunlei.com Culture Co. An attacker can exploit this vulnerability to cause the software to crash...
Heap Overwrite Vulnerability (CNVD-2020-58855) exists in Shenzhen Xunlei.com Culture Co. Light and Shadow Viewing
Light Viewer is a professional image viewing software. A heap out-of-bounds write vulnerability exists in Shenzhen Xunlei.com Culture Co. An attacker can exploit this vulnerability to cause the software to crash...
Heap Overwrite Vulnerability (CNVD-2020-58854) exists in Shenzhen Xunlei.com Culture Co.'s Light and Shadow Viewing
Light Viewer is a professional image viewing software. A heap out-of-bounds write vulnerability exists in Shenzhen Xunlei.com Culture Co. An attacker can exploit this vulnerability to cause the software to crash...