Astra Linux - уязвимость в poppler-22, poppler

In Poppler 22.07.0, the PDFDoc::savePageAs function in PDFDoc.c allows attackers to cause a denial-of-service attack the application crashes with SIGABRT by manipulating a PDF file in which the xref data structure is improperly handled during the getCatalog process. Note that this vulnerability i...

CVE-2026-33917

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 contais a SQL injection vulnerability in the ajaxsave CAMOS form that can be exploited by authenticated attackers. The vulnerability exists due to insufficient input...

CVE-2024-25182

Affected software: givanz VvvebJs 1.7.2. The CVE describes a file upload vulnerability via save.php, with a CVSS v3.1 base score of 9.8 (CRITICAL), attack vector NETWORK, no user interaction, and impact to confidentiality, integrity, and availability (H, H, H). Root cause is a file upload flaw in...

CVE-2023-53910

WBCE CMS 1.6.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by inserting script tags into page content through the WYSIWYG editor. Attackers can submit POST requests to /wbce/modules/wysiwyg/save.php with malicious script...

EUVD-2025-198230

WBCE CMS is a content management system. Prior to version 1.6.4, a low-privileged user in WBCE CMS can escalate their privileges to the Administrators group by manipulating the groups parameter in the /admin/users/save.php request. The UI restricts users to assigning only their existing group, bu...

Online Class and Exam Scheduling System teacher_save.php File SQL Injection Vulnerability

Online Class and Exam Scheduling System is an online class and exam scheduling system. Online Class and Exam Scheduling System has a SQL injection vulnerability that stems from a lack of sufficient input validation for the salut parameter in the file /pages/teachersave.php. No details of the...

itsourcecode Alton Management System SQL注入漏洞

itsourcecode Alton Management System is an online restaurant management system from itsourcecode. A SQL injection vulnerability exists in version 1.0 of itsourcecode Alton Management System, which is caused by an SQL injection vulnerability in the category function of the /admin/categorysave.php...

Mozilla: Use-after-free could occur when printing to PDF

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: When saving a page to PDF, certain font styles could have led to a potential use-after-free crash...

Mozilla: Use-after-free could occur when printing to PDF

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: When saving a page to PDF, certain font styles could have led to a potential use-after-free crash...

Freedesktop Poppler 安全漏洞

Freedesktop Poppler is a Freedesktop community C++ class library for generating PDFs, which is inherited from Xpdf PDF reader. A security vulnerability exists in Freedesktop Poppler version 22.07.0, which stems from a denial-of-service vulnerability in PDFDoc::savePageAs in PDFDoc.c. The...

SUSE CVE-2016-5166

The download implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly restrict saving a file:// URL that is referenced by an http:// URL, which makes it easier for user-assisted remote attackers to discover NetNTLM hashes and condu...

SUSE CVE-2018-12402

The internal WebBrowserPersist code does not use correct origin context for a resource being saved. This manifests when sub-resources are loaded as part of "Save Page As..." functionality. For example, a malicious page could recover a visitor's Windows username and NTLM hash by including resource...

CVE-2020-11508

An XSS vulnerability in the WP Lead Plus X plugin through 0.98 for WordPress allows logged-in users with minimal permissions to create or replace existing pages with a malicious page containing arbitrary JavaScript via the wpajaxcore37lpsavepage aka core37lpsavepage AJAX action...

PT-2020-12655 · WordPress · Wp Lead Plus X

Name of the Vulnerable Software and Affected Versions: WP Lead Plus X plugin versions through 0.98 Description: The issue allows logged-in users with minimal permissions to create or replace existing pages with a malicious page containing arbitrary JavaScript via the "wp ajax core37 lp save page"...

UliCMS 2020.1 Cross Site Scripting

Exploit Title: UliCMS 2020.1 - Persistent Cross-Site Scripting Google Dork: N/A Date: 2019-03-24 Exploit Author: SunCSR Vendor Homepage: https://en.ulicms.de Software Link: https://en.ulicms.de/currentversions.html Version: 2020.1 Tested on: Windows CVE : N/A Vulnerability : Stored Cross-Site...

UliCMS 2020.1 - Persistent Cross-Site Scripting Vulnerability

Exploit for hardware platform in category web applications Exploit Title: UliCMS 2020.1 - Persistent Cross-Site Scripting Exploit Author: SunCSR Vendor Homepage: https://en.ulicms.de Software Link: https://en.ulicms.de/currentversions.html Version: 2020.1 Tested on: Windows CVE : N/A Vulnerabilit...

CVE-2018-12402

The internal WebBrowserPersist code does not use correct origin context for a resource being saved. This manifests when sub-resources are loaded as part of "Save Page As..." functionality. For example, a malicious page could recover a visitor's Windows username and NTLM hash by including resource...

CVE-2018-12402

The internal WebBrowserPersist code does not use correct origin context for a resource being saved. This manifests when sub-resources are loaded as part of "Save Page As..." functionality. For example, a malicious page could recover a visitor's Windows username and NTLM hash by including resource...

Design/Logic Flaw

The internal WebBrowserPersist code does not use correct origin context for a resource being saved. This manifests when sub-resources are loaded as part of "Save Page As..." functionality. For example, a malicious page could recover a visitor's Windows username and NTLM hash by including resource...

CVE-2018-12402

The internal WebBrowserPersist code does not use correct origin context for a resource being saved. This manifests when sub-resources are loaded as part of "Save Page As..." functionality. For example, a malicious page could recover a visitor's Windows username and NTLM hash by including resource...