This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or...
This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or...
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or...
SuiteCRM through 7.11.10 allows SQL Injection via the SOAP API, the EmailUIAjax interface, or the MailMerge module. Date published : 2020-02-13 http://packetstormsecurity.com/files/156331/SuiteCRM-7.11.10-SQL-Injection.html http://seclists.org/fulldisclosure/2020/Feb/7
SuiteCRM through 7.11.11 allows Directory Traversal to include arbitrary .php files within the webroot via add_to_prospect_list. Date published : 2020-02-13 http://packetstormsecurity.com/files/156329/SuiteCRM-7.11.11-Broken-Access-Control-Local-File-Inclusion.html http://seclists.org/fulldisclosure/2020/Feb/6
SuiteCRM through 7.11.11 has Incorrect Access Control via action_saveHTMLField Bean Manipulation. Date published : 2020-02-13 http://packetstormsecurity.com/files/156327/SuiteCRM-7.11.11-Bean-Manipulation.html http://seclists.org/fulldisclosure/2020/Feb/5
SuiteCRM through 7.11.11 allows PHAR Deserialization. Date published : 2020-02-13 http://packetstormsecurity.com/files/156324/SuiteCRM-7.11.11-Phar-Deserialization.html http://seclists.org/fulldisclosure/2020/Feb/4
SuiteCRM through 7.11.11 allows EmailsControllerActionGetFromFields PHP Object Injection. Date published : 2020-02-13 http://packetstormsecurity.com/files/156321/SuiteCRM-7.11.11-Second-Order-PHP-Object-Injection.html https://seclists.org/fulldisclosure/2020/Feb/3
An issue was discovered on Askey AP4000W TDC_V1.01.003 devices. An attacker can perform Remote Code Execution (RCE) by sending a specially crafted network packer to the bd_svr service listening on TCP port 54188. Date...
Codologic Codoforum through 4.8.4 allows stored XSS in the login area. This is relevant in conjunction with CVE-2020-5842 because session cookies lack the HttpOnly flag. The impact is account takeover. Date published : 2020-02-13...
Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have a privilege escalation vulnerability. Successful exploitation could lead to arbitrary file system write. Date published...
Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have a privilege escalation vulnerability. Successful exploitation could lead to arbitrary file system write. Date published...
Adobe Digital Editions versions 4.5.10 and below have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution. Date published : 2020-02-13 https://helpx.adobe.com/security/products/Digital-Editions/apsb20-07.html
Adobe Digital Editions versions 4.5.10 and below have a buffer errors vulnerability. Successful exploitation could lead to information disclosure. Date published : 2020-02-13 https://helpx.adobe.com/security/products/Digital-Editions/apsb20-07.html