75 matches found
Fedora 36 : rubygem-pdfkit (2022-3ec8272e72)
The remote Fedora 36 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-3ec8272e72 advisory. Update to 0.8.7. This new release fixes CVE-2022-25765. Tenable has extracted the preceding description block directly from the Fedora security advisory. Not...
Fedora 35 : rubygem-pdfkit (2022-6da143f1a2)
The remote Fedora 35 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-6da143f1a2 advisory. Update to 0.8.7. This new release fixes CVE-2022-25765. Tenable has extracted the preceding description block directly from the Fedora security advisory. Not...
Exploit for CVE-2022-25765
CVE-2022-25765...
Exploit for CVE-2022-25765
CVE-2022-25765-pdfkit-Exploit-Reverse-Shell pdfkit 0.8.6 c...
[SECURITY] Fedora 37 Update: rubygem-pdfkit-0.8.7.2-1.fc37
Create PDFs using plain old HTML+CSS. Uses wkhtmltopdf on the back-end which renders HTML using Webkit...
Fedora: Security Advisory for rubygem-pdfkit (FEDORA-2022-6da143f1a2)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
GHSA-RHWX-HJX2-X4QR PDFKit vulnerable to Command Injection
The package pdfkit is vulnerable to Command Injection where the URL is not properly sanitized. Note: This issue was patched in 0.8.7.2, but the patch was discovered to be ineffective. The updated patch version is 0.8.7.2...
PDFKit vulnerable to Command Injection
The package pdfkit is vulnerable to Command Injection where the URL is not properly sanitized. Note: This issue was patched in 0.8.7.2, but the patch was discovered to be ineffective. The updated patch version is 0.8.7.2...
PDFKit vulnerable to Command Injection
The package pdfkit from version 0.0.0 through version 0.8.6 is vulnerable to Command Injection where the URL is not properly sanitized...
CVE-2022-25765
The package pdfkit from 0.0.0 are vulnerable to Command Injection where the URL is not properly sanitized...
CVE-2022-25765
The package pdfkit from 0.0.0 are vulnerable to Command Injection where the URL is not properly sanitized...
CVE-2022-25765 Command Injection
The package pdfkit from 0.0.0 are vulnerable to Command Injection where the URL is not properly sanitized...
CVE-2022-25765
CVE-2022-25765 affects pdfkit (Ruby gem) with command injection in which pdfkit passes the user-supplied URL straight to wkhtmltopdf, allowing shell interpretation via backticks. Exploitation details show RCE via crafted URLs (e.g., http://example.comcmd), with multiple public PoCs/exploits and a...
CVE-2022-25765
The package pdfkit from 0.0.0 are vulnerable to Command Injection where the URL is not properly sanitized...
Apple PDFKit 安全漏洞
Apple PDFKit is one of Apple's Apple PDF document generation components. A security vulnerability exists in Apple PDFKit, which can be exploited by attackers to execute illegal commands...
Command Injection
Overview Affected versions of this package are vulnerable to Command Injection where the URL is not properly sanitized. NOTE: This issue was originally addressed in 0.8.7, but the fix was not complete. A complete fix was released in 0.8.7.2. PoC: An application could be vulnerable if it tries to...
GHSA-39V7-XPQ4-8884 PDFKit Improper Input Validation vulnerability
Ruby PDFKit gem prior to 0.5.3 has a Code Execution Vulnerability...
PDFKit Improper Input Validation vulnerability
Ruby PDFKit gem prior to 0.5.3 has a Code Execution Vulnerability...
CVE-2013-1607
Ruby PDFKit gem prior to 0.5.3 has a Code Execution Vulnerability...
Remote code execution
Ruby PDFKit gem prior to 0.5.3 has a Code Execution Vulnerability...