Adobe Acrobat and Reader Use After Free (APSB17-36: CVE-2017-16388)

A use after free vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an error in the way Adobe Acrobat and Reader handles objects in memory. A remote attacker can exploit this vulnerability by enticing the user to open a specially crafted PDF file...

Foxit Reader Link setAction Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the setAction metho...

mozilla -- multiple vulnerabilities

Mozilla Foundation reports: CVE-2017-7828: Use-after-free of PressShell while restyling layout CVE-2017-7830: Cross-origin URL information leak through Resource Timing API CVE-2017-7831: Information disclosure of exposed properties on JavaScript proxy objects CVE-2017-7832: Domain spoofing throug...

eGroupWare: Remote code execution

Background eGroupWare is a suite of web-based group applications including calendar, address book, messenger and email. Description It was found that eGroupWare contains multiple code injection vulnerabilities in multiple parameters and routes because of improper input sanitization. Impact A remo...

Microsoft Edge browser’s vulnerability, related to improper processing of JavaScript object instances in memory, allows attackers to execute arbitrary code.

The vulnerability of Microsoft Edge relates to the improper handling of JavaScript objects in memory by the kernel. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the context of the current user, using a specially crafted web page...

The vulnerability of the Microsoft JET Database Engine database driver on the Windows operating system allows a hacker to gain control over the system.

The vulnerability of the Microsoft JET Database Engine database driver for the Windows operating system is related to improper handling of objects in memory, resulting in operations going beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a malicious actor to gain...

Microsoft Edge browser’s vulnerability, related to improper processing of JavaScript object instances in memory, allows attackers to execute arbitrary code.

The vulnerability of Microsoft Edge relates to the improper handling of JavaScript objects in memory by the kernel. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the context of the current user, using a specially crafted web page...

DEBIAN-CVE-2015-7501

Red Hat JBoss A-MQ 6.x; BPM Suite BPMS 6.x; BRMS 6.x and 5.x; Data Grid JDG 6.x; Data Virtualization JDV 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works FSW 6.x; Operations Network JBoss ON 3.x; Portal 6.x; SOA Platform SOA-P 5.x; Web Server JWS 3.x;...

Solr: Code execution via entity expansion

It was found that Apache Lucene would accept an object from an unauthenticated user that could be manipulated through subsequent post requests. An attacker could use this flaw to assemble an object that could permit execution of arbitrary code if the server enabled Apache Solr's Config API...

Catalyst Mahara Cross-Site Scripting Vulnerability

Catalyst Mahara is a social networking system from Catalyst IT in New Zealand. The system includes a blog, resume builder, file manager, and more. A cross-site scripting vulnerability exists in Catalyst Mahara versions 1.10 before 1.10.9, 15.04 before 15.04.6, and 15.10 before 15.10.2. A remote...

WordPress ultimate-form-builder-lite plugin SQL injection vulnerability

WordPress is the WordPress Software Foundation a set of blogging platform developed using the PHP language , the platform supports PHP and MySQL server set up a personal blog site . ultimate-form-builder-lite plugin is one of the contact form builder plugin . A SQL injection vulnerability exists ...

The vulnerability of the Document Sciences xPression enterprise automation system arises from incorrect restrictions on XML references to external objects. This allows attackers to gain access to system files, perform SRF attacks, or cause service failures.

The vulnerability of the Document Sciences xPression enterprise automation system arises from an incorrect limitation on XML references to external objects /xFramework/services/QuickDoc.QuickDocHttpSoap11Endpoint/. Exploiting this vulnerability could allow a malicious actor to gain access to syst...

KLA11162 Multiple vulnerabilities in Foxit Reader

Multiple serious vulnerabilities have been found in Foxit Reader. Malicious users can exploit these vulnerabilities to obtain sensitive information and execute arbitrary code. Below is a complete list of vulnerabilities: 1. An out-of-bounds read vulnerability in the tile index member of SOT marke...

Design/Logic Flaw

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

CVE-2017-10944

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

CVE-2017-10944

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

CVE-2017-7411

An issue was discovered in Enalean Tuleap 9.6 and prior versions. The vulnerability exists because the User::getRecentElements method is using the unserialize function with a preference value that can be arbitrarily manipulated by malicious users through the REST API interface, and this can be...

ILIAS Media Objects Component Cross-Site Scripting Vulnerability

ILIAS is a Web-based learning management system developed by the ILIAS team. The system contains modules for course management, file sharing, live chat, etc. Media Objects component is one of the media object components. A cross-site scripting vulnerability exists in the Media Objects component i...

UBUNTU-CVE-2017-15938

dwarf2.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.29, miscalculates DWFORMrefaddr die refs in the case of a relocatable object file, which allows remote attackers to cause a denial of service findabstractinstancename invalid memory read, segmentation...

Type confusion

Type confusion in PDFium in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to potentially maliciously modify objects via a crafted PDF file...