Astra Linux - уязвимость в poppler-22, poppler

In Poppler 22.07.0, the PDFDoc::savePageAs function in PDFDoc.c allows attackers to cause a denial-of-service attack the application crashes with SIGABRT by manipulating a PDF file in which the xref data structure is improperly handled during the getCatalog process. Note that this vulnerability i...

CVE-2026-33917

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 contais a SQL injection vulnerability in the ajaxsave CAMOS form that can be exploited by authenticated attackers. The vulnerability exists due to insufficient input...

CVE-2024-25182

Affected software: givanz VvvebJs 1.7.2. The CVE describes a file upload vulnerability via save.php, with a CVSS v3.1 base score of 9.8 (CRITICAL), attack vector NETWORK, no user interaction, and impact to confidentiality, integrity, and availability (H, H, H). Root cause is a file upload flaw in...

CVE-2023-53910

WBCE CMS 1.6.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by inserting script tags into page content through the WYSIWYG editor. Attackers can submit POST requests to /wbce/modules/wysiwyg/save.php with malicious script...

EUVD-2025-198230

WBCE CMS is a content management system. Prior to version 1.6.4, a low-privileged user in WBCE CMS can escalate their privileges to the Administrators group by manipulating the groups parameter in the /admin/users/save.php request. The UI restricts users to assigning only their existing group, bu...

Online Class and Exam Scheduling System teacher_save.php File SQL Injection Vulnerability

Online Class and Exam Scheduling System is an online class and exam scheduling system. Online Class and Exam Scheduling System has a SQL injection vulnerability that stems from a lack of sufficient input validation for the salut parameter in the file /pages/teachersave.php. No details of the...

itsourcecode Alton Management System SQL注入漏洞

itsourcecode Alton Management System is an online restaurant management system from itsourcecode. A SQL injection vulnerability exists in version 1.0 of itsourcecode Alton Management System, which is caused by an SQL injection vulnerability in the category function of the /admin/categorysave.php...

Mozilla: Use-after-free could occur when printing to PDF

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: When saving a page to PDF, certain font styles could have led to a potential use-after-free crash...

Mozilla: Use-after-free could occur when printing to PDF

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: When saving a page to PDF, certain font styles could have led to a potential use-after-free crash...

Freedesktop Poppler 安全漏洞

Freedesktop Poppler is a Freedesktop community C++ class library for generating PDFs, which is inherited from Xpdf PDF reader. A security vulnerability exists in Freedesktop Poppler version 22.07.0, which stems from a denial-of-service vulnerability in PDFDoc::savePageAs in PDFDoc.c. The...

SUSE CVE-2016-5166

The download implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly restrict saving a file:// URL that is referenced by an http:// URL, which makes it easier for user-assisted remote attackers to discover NetNTLM hashes and condu...

SUSE CVE-2018-12402

The internal WebBrowserPersist code does not use correct origin context for a resource being saved. This manifests when sub-resources are loaded as part of "Save Page As..." functionality. For example, a malicious page could recover a visitor's Windows username and NTLM hash by including resource...

CVE-2020-11508

An XSS vulnerability in the WP Lead Plus X plugin through 0.98 for WordPress allows logged-in users with minimal permissions to create or replace existing pages with a malicious page containing arbitrary JavaScript via the wpajaxcore37lpsavepage aka core37lpsavepage AJAX action...

PT-2020-12655 · WordPress · Wp Lead Plus X

Name of the Vulnerable Software and Affected Versions: WP Lead Plus X plugin versions through 0.98 Description: The issue allows logged-in users with minimal permissions to create or replace existing pages with a malicious page containing arbitrary JavaScript via the "wp ajax core37 lp save page"...

UliCMS 2020.1 - Persistent Cross-Site Scripting Vulnerability

Exploit for hardware platform in category web applications Exploit Title: UliCMS 2020.1 - Persistent Cross-Site Scripting Exploit Author: SunCSR Vendor Homepage: https://en.ulicms.de Software Link: https://en.ulicms.de/currentversions.html Version: 2020.1 Tested on: Windows CVE : N/A Vulnerabilit...

UliCMS 2020.1 Cross Site Scripting

Exploit Title: UliCMS 2020.1 - Persistent Cross-Site Scripting Google Dork: N/A Date: 2019-03-24 Exploit Author: SunCSR Vendor Homepage: https://en.ulicms.de Software Link: https://en.ulicms.de/currentversions.html Version: 2020.1 Tested on: Windows CVE : N/A Vulnerability : Stored Cross-Site...

The vulnerability of the WebBrowserPersist component in the Firefox browser allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the WebBrowserPersist component in the Firefox browser is related to errors that occur when executing the “Save Page As…” function. Exploiting this vulnerability can allow an unauthorized attacker to gain unauthorized access to protected information...

CVE-2018-12402

The internal WebBrowserPersist code does not use correct origin context for a resource being saved. This manifests when sub-resources are loaded as part of "Save Page As..." functionality. For example, a malicious page could recover a visitor's Windows username and NTLM hash by including resource...

CVE-2018-12402

The internal WebBrowserPersist code does not use correct origin context for a resource being saved. This manifests when sub-resources are loaded as part of "Save Page As..." functionality. For example, a malicious page could recover a visitor's Windows username and NTLM hash by including resource...

Design/Logic Flaw

The internal WebBrowserPersist code does not use correct origin context for a resource being saved. This manifests when sub-resources are loaded as part of "Save Page As..." functionality. For example, a malicious page could recover a visitor's Windows username and NTLM hash by including resource...