7 matches found
CVE-2025-63917
PDFPatcher thru 1.1.3.4663 executable's XML bookmark import functionality does not restrict XML external entity XXE references. The application uses .NET's XmlDocument class without disabling external entity resolution, enabling attackers to: Read arbitrary files from the victim's filesystem,...
CVE-2025-63917
PDFPatcher thru 1.1.3.4663 executable's XML bookmark import functionality does not restrict XML external entity XXE references. The application uses .NET's XmlDocument class without disabling external entity resolution, enabling attackers to: Read arbitrary files from the victim's filesystem,...
CVE-2025-63918
PDFPatcher executable does not validate user-supplied file paths, allowing directory traversal attacks allowing attackers to upload arbitrary files to arbitrary locations...
CVE-2025-63917
PDFPatcher thru 1.1.3.4663 executable's XML bookmark import functionality does not restrict XML external entity XXE references. The application uses .NET's XmlDocument class without disabling external entity resolution, enabling attackers to: Read arbitrary files from the victim's filesystem,...
CVE-2025-63918
PDFPatcher executable does not validate user-supplied file paths, allowing directory traversal attacks allowing attackers to upload arbitrary files to arbitrary locations...
CVE-2025-63918
PDFPatcher executable does not validate user-supplied file paths, allowing directory traversal attacks allowing attackers to upload arbitrary files to arbitrary locations...
CVE-2025-63918
CVE-2025-63918 affects the PDFPatcher executable. The root cause is insufficient validation of user-supplied file paths, enabling directory traversal attacks that allow attackers to upload arbitrary files to arbitrary locations. The entry notes a local attack vector with low complexity and high i...