CVE-2020-6313

SAP NetWeaver Application Server JAVAXML Forms versions 7.30, 7.31, 7.40, 7.50 does not sufficiently encode user controlled inputs, which allows an authenticated User with special roles to store malicious content, that when accessed by a victim, can perform malicious actions by executing...

CVE-2020-6313

CVE-2020-6313 affects SAP NetWeaver Application Server Java (XML Forms) on versions 7.30, 7.31, 7.40, 7.50. The root cause is insufficient encoding of user-controlled inputs, enabling an authenticated user with special roles to store content that, when accessed by a victim, can execute JavaScript...

CVE-2018-17671

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

SAP NetWeaver Knowledge Management (XMLForms) XML External Entity Injection Vulnerability

SAP NetWeaver is an integrated, service-oriented application platform that provides a development and runtime environment for SAP applications. An XML external entity injection vulnerability exists in Knowledge Management XMLForms in SAP NetWeaver, which can be exploited by an attacker to gain...

Foxit Reader JavaScript XFA Use After Free (CVE-2018-3850)

A use after free vulnerability exists in Foxit Reader. This vulnerability is due to improper handling of freed JavaScript XML Forms Architecture objects...

Foxit Reader Arbitrary File Write Remote Code Execution Vulnerability (CNVD-2018-15093)

Foxit Reader old name: Foxit PDF Reader is a set of software used to read PDF format files, by Fujian Foxit Software developed by Foxit Reader is a set of free to use the software, the operating system is mainly based on Microsoft Windows, and as long as there is a Win32 implementation of the...

Foxit Reader XFA subform remote code execution vulnerability

Foxit Reader is a small PDF document viewer and printing program. Foxit Reader has a security vulnerability in the XFA subform element, which can be exploited by an attacker to execute arbitrary code in the current process context due to a lack of proper validation of user-supplied data...

Foxit Reader XFA Button Remote Code Execution Vulnerability (CNVD-2018-09950)

Foxit Reader is a small PDF document viewer and printing program. Foxit Reader has a security vulnerability in the handling of the XFA Button element, which can be exploited by an attacker to execute arbitrary code in the context of the current process due to a failure to validate an object befor...

The vulnerability of the XFA program visualization mechanism in Adobe Reader and Document Cloud, as well as the Adobe Acrobat programs for editing PDF files in Document Cloud, allows a perpetrator to execute arbitrary code.

The vulnerability of the XFA program visualization mechanism in Adobe Reader, Document Cloud, and Adobe Acrobat Document Cloud PDF file editing programs is related to the use of memory after it is released. Exploiting this vulnerability can allow a malicious actor to execute arbitrary code remote...

CVE-2017-11223

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the core of the XFA engine. Successful exploitation could lead to arbitrary code execution...

The vulnerabilities of programs for viewing and editing PDF files such as Adobe Reader, Adobe Acrobat, Adobe Acrobat Document Cloud, and Adobe Reader Document Cloud allow attackers to execute arbitrary code.

The vulnerability of the XFA module for programs that read and edit PDF files, such as Adobe Reader, Adobe Acrobat, Adobe Acrobat Document Cloud, and Adobe Reader Document Cloud, is related to the use of memory after it is freed. Exploiting this vulnerability can allow a malicious actor to execut...

Adobe Acrobat and Reader Integer Overflow (APSB17-11: CVE-2017-3034)

An integer overflow vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to a parsing error in XML Forms Architecture XFA engine in Adobe Reader and Acrobat. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted PDF file...

CVE-2017-3035

Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability in the XML Forms Architecture XFA engine. Successful exploitation could lead to arbitrary code execution...

CVE-2017-3035

Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability in the XML Forms Architecture XFA engine. Successful exploitation could lead to arbitrary code execution...

CVE-2017-3034

Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable integer overflow vulnerability in the XML Forms Architecture XFA engine, related to layout functionality. Successful exploitation could lead to arbitrary code execution...

CVE-2017-3014

Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability in XML Forms Architecture XFA related to reset form functionality. Successful exploitation could lead to arbitrary code execution...

Design/Logic Flaw

Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability in the XML Forms Architecture XFA engine. Successful exploitation could lead to arbitrary code execution...

CVE-2017-3014

Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability in XML Forms Architecture XFA related to reset form functionality. Successful exploitation could lead to arbitrary code execution...

CVE-2017-3035

Adobe Acrobat Reader (affected: 11.0.19 and earlier; 15.006.30280 and earlier; 15.023.20070 and earlier) contains a use-after-free vulnerability in the XML Forms Architecture (XFA) engine (CVE-2017-3035). Exploitation could lead to arbitrary code execution. The connected documents acknowledge CVE...

CVE-2017-3014

Adobe Acrobat Reader from 11.0.19 and earlier, 15.006.30280 and earlier, and 15.023.20070 and earlier is affected by a use-after-free in the XML Forms Architecture (XFA) related to reset form functionality. The vulnerability can lead to arbitrary code execution when exploited locally via crafted ...