82 matches found
CVE-2021-37599
The exporter/Login.aspx login form in the Exporter in Nuance Winscribe Dictation 4.1.0.99 is vulnerable to SQL injection that allows a remote, unauthenticated attacker to read the database and execute code in some situations via the txtPassword parameter...
CVE-2021-37599
The CVE-2021-37599 entry concerns Nuance Winscribe Dictation Exporter, specifically the Exporter/Login.aspx login form. The vulnerability is a SQL injection in the txtPassword parameter, affecting Winscribe Dictation 4.1.0.99, which could allow a remote, unauthenticated attacker to read the datab...
Nuance Communications Nuance Winscribe Dictation SQL注入漏洞
Nuance Winscribe Dictation is an automated workflow solution from Nuance. Create and share high-quality documents and simplify complex workflows in a more efficient and flexible way. Nuance Winscribe Dictation 4.1.0.99 is vulnerable to SQL injection. The vulnerability stems from the fact that the...
Command Injection in nuance-gulp-build-common
All versions of package nuance-gulp-build-common are vulnerable to Command Injection via the index.js file. PoC: js var a = require"nuance-gulp-build-common" a.run"touch JHU"...
GHSA-8695-FR6H-9FQ8 Command Injection in nuance-gulp-build-common
All versions of package nuance-gulp-build-common are vulnerable to Command Injection via the index.js file. PoC: js var a = require"nuance-gulp-build-common" a.run"touch JHU"...
Arbitrary Command Execution
nuance-gulp-build-common is vulnerable to arbitrary command execution. The run function allows an attacker to execute arbitrary commands on the host OS...
nuance-gulp-build-common OS Command Injection Vulnerability
nuance-gulp-build-common is a package for npm. nuance-gulp-build-common suffers from an operating system command injection vulnerability that stems from vulnerability to command injection via the index.js file...
CVE-2018-18688
The Portable Document Format PDF specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, an Incremental Saving vulnerability exists in multiple products. When an attacker uses the Incremental Saving feature to add pages or...
Design/Logic Flaw
The Portable Document Format PDF specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, an Incremental Saving vulnerability exists in multiple products. When an attacker uses the Incremental Saving feature to add pages or...
CVE-2018-18688
The CVE-2018-18688 entry describes a signature-validation bypass in PDF processing that arises because the PDF specification lacks concrete validation procedures for incremental savings. Affected products include Foxit Reader (pre-9.4), Foxit PhantomPDF (pre-8.3.9 and pre-9.4 for 9.x), and other ...
CVE-2018-18688
The Portable Document Format PDF specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, an Incremental Saving vulnerability exists in multiple products. When an attacker uses the Incremental Saving feature to add pages or...
Arbitrary File Deletion Vulnerability in LOGA Building System
LOGA that is named "Limit Of Good AsThis" is a multi-language, multi-platform building system developed by Nuance. LOGA website builder system has an arbitrary file deletion vulnerability, which can be exploited by an attacker to delete arbitrary files...
nuancescan.com XSS vulnerability
Vulnerable URL: http://www.nuancescan.com/redirect.php?url=%22/%3E%3CsvG/onLoad=alert/OPENBUGBOUNTY/%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 10.12.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 2961434 VIP website status:| ...
A week in security (July 17 – July 23)
Over the last week, we have covered Play Protect, android’s new security system and how the Dutch police ran Hansa Market after the take down of Alpha Bay, both major players on the Dark Web. We also provided some tips on how to stay cyber safe this summer. We also saw how the Terror exploit kit...
nuance-community.custhelp.com XSS vulnerability
Vulnerable URL: http://nuance-community.custhelp.com/app/error/errorid/404/url/%2522%253E%253Cimg%2520src%253D1%2520onerror%253Dprompt%2528'openbugbounty'%2529%253E Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank|...
nuance.custhelp.com XSS vulnerability
Vulnerable URL: http://nuance.custhelp.com/app/error/errorid/404/url/%2522%253E%253Cimg%2520src%253D1%2520onerror%253Dprompt%2528'openbugbounty'%2529%253E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly...
nuance pdf reader memory corruption vulnerability
nuance pdf reader is a PDF reading tool. The tool suffers from a memory corruption vulnerability in the handling of PDF files, which allows an attacker to crash the program by constructing malformed PDF files...
WordPress Nuance Theme - Shell Upload Exploit
WordPress Nuance theme is prone to a shell upload exploit via the valums uploader. Solution Update the theme...
Nuance PDF Reader 6.0 - Launch Stack Buffer Overflow
No description provided by source. $Id: nuancepdflaunchoverflow.rb 11516 2011-01-08 01:13:26Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and...
Nuance PDF Reader 'pdfcore8.dll' Buffer Overflow Vulnerability (Apr 2014)
Nuance PDF Reader is prone to a buffer overflow vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nuance:pdfreader";...