Lucene search
+L

82 matches found

cvelist
cvelist
added 2021/08/12 8:40 p.m.21 views

CVE-2021-37599

The exporter/Login.aspx login form in the Exporter in Nuance Winscribe Dictation 4.1.0.99 is vulnerable to SQL injection that allows a remote, unauthenticated attacker to read the database and execute code in some situations via the txtPassword parameter...

9.9AI score0.03104EPSS
Exploits1References2
cve
cve
added 2021/08/12 8:40 p.m.64 views

CVE-2021-37599

The CVE-2021-37599 entry concerns Nuance Winscribe Dictation Exporter, specifically the Exporter/Login.aspx login form. The vulnerability is a SQL injection in the txtPassword parameter, affecting Winscribe Dictation 4.1.0.99, which could allow a remote, unauthenticated attacker to read the datab...

9.8CVSS9.7AI score0.03104EPSS
Exploits1References2Affected Software1
cnnvd
cnnvd
added 2021/08/12 12:0 a.m.4 views

Nuance Communications Nuance Winscribe Dictation SQL注入漏洞

Nuance Winscribe Dictation is an automated workflow solution from Nuance. Create and share high-quality documents and simplify complex workflows in a more efficient and flexible way. Nuance Winscribe Dictation 4.1.0.99 is vulnerable to SQL injection. The vulnerability stems from the fact that the...

9.8CVSS5.8AI score0.03104EPSS
Exploits1References2
github
github
added 2021/04/13 3:19 p.m.43 views

Command Injection in nuance-gulp-build-common

All versions of package nuance-gulp-build-common are vulnerable to Command Injection via the index.js file. PoC: js var a = require"nuance-gulp-build-common" a.run"touch JHU"...

6.8AI score
Exploits0References3Affected Software1
osv
osv
added 2021/04/13 3:19 p.m.1 views

GHSA-8695-FR6H-9FQ8 Command Injection in nuance-gulp-build-common

All versions of package nuance-gulp-build-common are vulnerable to Command Injection via the index.js file. PoC: js var a = require"nuance-gulp-build-common" a.run"touch JHU"...

9.8CVSS5.9AI score
Exploits0References2
veracode
veracode
added 2021/02/24 6:15 a.m.15 views

Arbitrary Command Execution

nuance-gulp-build-common is vulnerable to arbitrary command execution. The run function allows an attacker to execute arbitrary commands on the host OS...

4.2AI score
Exploits0References1Affected Software1
cnnvd
cnnvd
added 2021/02/23 12:0 a.m.7 views

nuance-gulp-build-common OS Command Injection Vulnerability

nuance-gulp-build-common is a package for npm. nuance-gulp-build-common suffers from an operating system command injection vulnerability that stems from vulnerability to command injection via the index.js file...

5.8AI score
Exploits0References2
nvd
nvd
added 2021/01/07 6:15 p.m.30 views

CVE-2018-18688

The Portable Document Format PDF specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, an Incremental Saving vulnerability exists in multiple products. When an attacker uses the Incremental Saving feature to add pages or...

5.3CVSS6.7AI score0.01133EPSS
Exploits0References4
prion
prion
added 2021/01/07 6:15 p.m.19 views

Design/Logic Flaw

The Portable Document Format PDF specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, an Incremental Saving vulnerability exists in multiple products. When an attacker uses the Incremental Saving feature to add pages or...

5CVSS5.7AI score0.01133EPSS
Exploits0References4Affected Software13
cve
cve
added 2021/01/07 5:38 p.m.82 views

CVE-2018-18688

The CVE-2018-18688 entry describes a signature-validation bypass in PDF processing that arises because the PDF specification lacks concrete validation procedures for incremental savings. Affected products include Foxit Reader (pre-9.4), Foxit PhantomPDF (pre-8.3.9 and pre-9.4 for 9.x), and other ...

5.3CVSS5.8AI score0.01133EPSS
Exploits0References4Affected Software13
cvelist
cvelist
added 2021/01/07 5:38 p.m.32 views

CVE-2018-18688

The Portable Document Format PDF specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, an Incremental Saving vulnerability exists in multiple products. When an attacker uses the Incremental Saving feature to add pages or...

5.9AI score0.01133EPSS
Exploits0References4
cnvd
cnvd
added 2020/03/30 12:0 a.m.3 views

Arbitrary File Deletion Vulnerability in LOGA Building System

LOGA that is named "Limit Of Good AsThis" is a multi-language, multi-platform building system developed by Nuance. LOGA website builder system has an arbitrary file deletion vulnerability, which can be exploited by an attacker to delete arbitrary files...

7AI score
Exploits0
openbugbounty
openbugbounty
added 2017/09/08 10:39 a.m.8 views

nuancescan.com XSS vulnerability

Vulnerable URL: http://www.nuancescan.com/redirect.php?url=%22/%3E%3CsvG/onLoad=alert/OPENBUGBOUNTY/%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 10.12.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 2961434 VIP website status:| ...

6.3AI score
Exploits0
malwarebytes
malwarebytes
added 2017/07/24 4:41 p.m.53 views

A week in security (July 17 – July 23)

Over the last week, we have covered Play Protect, android’s new security system and how the Dutch police ran Hansa Market after the take down of Alpha Bay, both major players on the Dark Web. We also provided some tips on how to stay cyber safe this summer. We also saw how the Terror exploit kit...

6.7AI score
Exploits0
openbugbounty
openbugbounty
added 2016/08/11 12:21 p.m.14 views

nuance-community.custhelp.com XSS vulnerability

Vulnerable URL: http://nuance-community.custhelp.com/app/error/errorid/404/url/%2522%253E%253Cimg%2520src%253D1%2520onerror%253Dprompt%2528'openbugbounty'%2529%253E Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank|...

6.3AI score
Exploits0
openbugbounty
openbugbounty
added 2016/08/11 12:21 p.m.12 views

nuance.custhelp.com XSS vulnerability

Vulnerable URL: http://nuance.custhelp.com/app/error/errorid/404/url/%2522%253E%253Cimg%2520src%253D1%2520onerror%253Dprompt%2528'openbugbounty'%2529%253E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly...

6.3AI score
Exploits0
cnvd
cnvd
added 2016/07/04 12:0 a.m.2 views

nuance pdf reader memory corruption vulnerability

nuance pdf reader is a PDF reading tool. The tool suffers from a memory corruption vulnerability in the handling of PDF files, which allows an attacker to crash the program by constructing malformed PDF files...

7AI score
Exploits0
patchstack
patchstack
added 2014/08/01 12:0 a.m.18 views

WordPress Nuance Theme - Shell Upload Exploit

WordPress Nuance theme is prone to a shell upload exploit via the valums uploader. Solution Update the theme...

2.7AI score
Exploits0References1Affected Software1
seebug
seebug
added 2014/07/01 12:0 a.m.24 views

Nuance PDF Reader 6.0 - Launch Stack Buffer Overflow

No description provided by source. $Id: nuancepdflaunchoverflow.rb 11516 2011-01-08 01:13:26Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and...

7.1AI score
Exploits0
openvas
openvas
added 2014/04/04 12:0 a.m.21 views

Nuance PDF Reader 'pdfcore8.dll' Buffer Overflow Vulnerability (Apr 2014)

Nuance PDF Reader is prone to a buffer overflow vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nuance:pdfreader";...

9.3CVSS7.2AI score0.05161EPSS
Exploits0References4
Rows per page
Query Builder