PDF Light Viewer < 1.4.12 - Authenticated Command Injection

The plugin allows users with Author roles to execute arbitrary OS command on the server via OS Command Injection when invoking Ghostscript. 1 Go to Import PDF. 2 Select PDF file. 3 Set compression as 60 | calc | echo 4 Toggle import the first checkbox 5 Publish or update 6 Command executes...

Description of the security update for SharePoint Server 2019: June 8, 2021 (KB5001944)

Description of the security update for SharePoint Server 2019: June 8, 2021 KB5001944 Summary This security update resolves a Microsoft SharePoint remote code execution vulnerability, SharePoint spoofing vulnerability, SharePoint Server remote code execution vulnerability, and SharePoint Server...

Fedora: Security Advisory for lightsoff (FEDORA-2021-303f6623fa)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

feature-toggle-manager (>=0.0.1 <=0.0.2), hazard-feed (>=0.2.0 <=0.2.5) potentially affected by CVE-2020-35681 via channels (>=3.0.0 <=3.0.2)

channels PYPI version =3.0.0, =0.0.1, =0.2.0, =0.2.5 Source cves: CVE-2020-35681 Source advisory: OSV:GHSA-V542-8Q9X-CFFC...

feature-toggle-manager (>=0.0.1 <=0.0.2), hazard-feed (>=0.2.0 <=0.2.5) potentially affected by CVE-2020-35681 via channels (>=3.0.0 <=3.0.2)

channels PYPI version =3.0.0, =0.0.1, =0.2.0, =0.2.5 Source cves: CVE-2020-35681 Source advisory: OSV:PYSEC-2021-113...

How NOT to fail at PDF redaction

The heated spat between Europe and AstraZeneca over a contract has segued into an unexpected blunder that left many of us chuckling and surprised at the same time. Perhaps even feeling a bit awkward. Recently, the European Commission published a PDF version of the contract it had with AstraZeneca...

Mozilla: Software keyboards may have remembered typed passwords

Some websites have a feature "Show Password" where clicking a button will change a password field into a textbook field, revealing the typed password. If, when using a software keyboard that remembers user input, a user typed their password and used that feature, the type of the password field wa...

Linux kernel memory leak vulnerability (CNVD-2019-41709)

Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A memory disclosure vulnerability exists in the 'i2400moprfkillswtoggle' function in the drivers/net/wimax/i2400m/op-rfkill.c file in versions of Linux kernel prior to...

CVE-2019-19051

A memory leak in the i2400moprfkillswtoggle function in drivers/net/wimax/i2400m/op-rfkill.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service memory consumption, aka CID-6f3ef5c25cc7...

October 2, 2018, update for Office 2016 (KB4011669)

October 2, 2018, update for Office 2016 KB4011669 This article describes update 4011669 for Microsoft Office 2016 that was released on October 2, 2018. This update has a prerequisite.Be aware that the update on the Microsoft Download Center applies to the Microsoft Installer .msi-based edition of...

PT-2019-4097 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.3.11 Description: A memory leak in the i2400m op rfkill sw toggle function in the Linux kernel allows attackers to cause a denial of service memory consumption. This issue is related to uncontrolled resource...

CVE-2019-14795

The toggle-the-title aka Toggle The Title plugin 1.4 for WordPress has XSS via the wp-admin/admin-ajax.php?action=updatetitleoptions isAutoSaveValveChecked or isDisableAllPagesValveChecked parameter...

CVE-2017-18399

cPanel before 68.0.15 allows attackers to read root's crontab file during a short time interval upon enabling or disabling sqloptimizer SEC-332...

PT-2019-18323 · Foxit · Foxit Reader

Name of the Vulnerable Software and Affected Versions: Foxit Reader version 9.4.1.16828 Description: This issue allows remote attackers to execute arbitrary code on vulnerable installations. User interaction is required, where the target must visit a malicious page or open a malicious file. The...

August 9, 2016 — KB3176495 (OS Build 14393.51)

August 9, 2016 — KB3176495 OS Build 14393.51 This update includes quality improvements and security fixes. No new operating system features are being introduced in this update. Key changes include: Improved reliability for Internet Explorer 11. Addressed issue to keep pen click settings after...

Open-Xchange App Suite Cross-Site Scripting Vulnerability

Open-Xchange OX App Suite is a set of Web-based cloud desktop environments from Open-Xchange USA. The environment allows users to more intuitively manage email, tasks, files, etc. mail compose is one of the mail editing components. A cross-site scripting vulnerability exists in the mail compose...

CVE-2018-5165

In 32-bit versions of Firefox, the Adobe Flash plugin setting for "Enable Adobe Flash protected mode" is unchecked by default even though the Adobe Flash sandbox is actually enabled. The displayed state is the reverse of the true setting, resulting in user confusion. This could cause users to...

CVE-2018-5110

If cursor visibility is toggled by script using from 'none' to an image and back through script, the cursor will be rendered temporarily invisible within Firefox. Note: This vulnerability only affects OS X. Other operating systems are not affected. This vulnerability affects Firefox 58...

Zomato: [www.zomato.com] Privilege Escalation - /php/restaurant_menus_handler.php

Introduction In the following ██████████ the endpoint /php/restaurantmenushandler.php was found. This endpoint is meant solely to be accessible for admins, however due to insufficient protections normal users can access this endpoint too. This results in any Zomato user being able to edit and...

polarkoru.fi XSS vulnerability

Vulnerable URL: http://www.polarkoru.fi/itemdetail.php?n=PKR-20335=Fresh Water Pearl Bracelet. Toggle catch 925 Sterling Silver.=item/20110425231349/www.PolarKoru 20335.jpg"';-- Details: Description| Value ---|--- Patched:| No Latest check for patch:| 21.11.2017 Vulnerability type:| XSS...