Hackers Exploiting PDF24 App to Deploy Stealthy PDFSIDER Backdoor

Resecurity has identified PDFSIDER malware that exploits the legitimate PDF24 App to covertly steal data and allow remote access. Learn how this APT-level campaign targets corporate networks through spear-phishing and encrypted communications...

EUVD-2022-25103

Malicious code in bioql PyPI...

CVE-2023-49147

An issue was discovered in PDF24 Creator 11.14.0. The configuration of the msi installer file was found to produce a visible cmd.exe window when using the repair function of msiexec.exe. This allows an unprivileged local attacker to use a chain of actions e.g., an oplock on faxPrnInst.log to open...

CVE-2022-1828

The PDF24 Articles To PDF WordPress plugin through 4.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2023-49147

An issue was discovered in PDF24 Creator 11.14.0. The configuration of the msi installer file was found to produce a visible cmd.exe window when using the repair function of msiexec.exe. This allows an unprivileged local attacker to use a chain of actions e.g., an oplock on faxPrnInst.log to open...

CVE-2023-49147

An issue was discovered in PDF24 Creator 11.14.0. The configuration of the msi installer file was found to produce a visible cmd.exe window when using the repair function of msiexec.exe. This allows an unprivileged local attacker to use a chain of actions e.g., an oplock on faxPrnInst.log to open...

CVE-2023-49147

An issue was discovered in PDF24 Creator 11.14.0. The configuration of the msi installer file was found to produce a visible cmd.exe window when using the repair function of msiexec.exe. This allows an unprivileged local attacker to use a chain of actions e.g., an oplock on faxPrnInst.log to open...

Code injection

An issue was discovered in PDF24 Creator 11.14.0. The configuration of the msi installer file was found to produce a visible cmd.exe window when using the repair function of msiexec.exe. This allows an unprivileged local attacker to use a chain of actions e.g., an oplock on faxPrnInst.log to open...

CVE-2023-49147

An issue was discovered in PDF24 Creator 11.14.0. The configuration of the msi installer file was found to produce a visible cmd.exe window when using the repair function of msiexec.exe. This allows an unprivileged local attacker to use a chain of actions e.g., an oplock on faxPrnInst.log to open...

PT-2023-31066 · Pdf24 · Pdf24 Creator

Name of the Vulnerable Software and Affected Versions: PDF24 Creator version 11.14.0 Description: An issue was discovered in the configuration of the msi installer file of PDF24 Creator, which produces a visible cmd.exe window when using the repair function of msiexec.exe. This allows an...

PDF24 Creator Security Vulnerability

PDF24 Creator is a completely free and useful PDF toolkit from PDF24 Open Source that makes it easy to create, edit and convert PDF files. A security vulnerability exists in PDF24 Creator version 11.14.0, which stems from the discovery that the configuration of the msi installer file generates a...

CVE-2023-49147

PDF24 Creator 11.14.0 contains a misconfigured MSI installer that shows a visible cmd.exe during the msiexec repair function, enabling a local unprivileged attacker to escalate to SYSTEM via actions like an oplock on faxPrnInst.log. The issue is publicly discussed by Red Hat and PT-Security, with...

PDF24 Creator 11.15.1 Local Privilege Escalation

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Local Privilege Escalation via MSI installer product: PDF24 Creator geek Software GmbH vulnerable version: =11.15.1 fixed version: 11.15.2 CVE number: CVE-2023-49147...

WordPress PDF24 Articles To PDF Cross-site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress plugin PDF24 Articles To PDF 4.2.2 and earlier versions are vulnerable to cross-site reques...

WordPress PDF24 Articles To PDF plugin跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress PDF24 Articles To PDF plugin 4.2.2 and earlier versions have a cross-site request forgery...

CVE-2022-1828

The PDF24 Articles To PDF WordPress plugin through 4.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2022-1828

The PDF24 Articles To PDF WordPress plugin through 4.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2022-1827

The PDF24 Article To PDF WordPress plugin through 4.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

Cross site request forgery (csrf)

The PDF24 Articles To PDF WordPress plugin through 4.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

Cross site request forgery (csrf)

The PDF24 Article To PDF WordPress plugin through 4.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...