|
265531
|
7.8 |
HIGH
Local
|
foxitsoftware
|
foxit_reader
phantompdf
|
Use-after-free vulnerability in the XFA forms handling functionality in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to execute arbitrary code via a crafted remerge cal…
|
CWE-284
Improper Access Control
|
CVE-2016-4064
|
2024-11-21 11:51 |
2016-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265532
|
7.8 |
HIGH
Local
|
foxitsoftware
|
foxit_reader
phantompdf
|
Use-after-free vulnerability in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to execute arbitrary code via an object with a revision number of -1 in a PDF document.
|
NVD-CWE-Other
|
CVE-2016-4063
|
2024-11-21 11:51 |
2016-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265533
|
5.5 |
MEDIUM
Local
|
foxitsoftware
|
foxit_reader
phantompdf
|
Foxit Reader and PhantomPDF before 7.3.4 on Windows improperly report format errors recursively, which allows remote attackers to cause a denial of service (application hang) via a crafted PDF.
|
CWE-19
Data Processing Errors
|
CVE-2016-4062
|
2024-11-21 11:51 |
2016-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265534
|
7.5 |
HIGH
Network
|
foxitsoftware
|
foxit_reader
phantompdf
|
Foxit Reader and PhantomPDF before 7.3.4 on Windows allow remote attackers to cause a denial of service (application crash) via a crafted content stream.
|
CWE-20
Improper Input Validation
|
CVE-2016-4061
|
2024-11-21 11:51 |
2016-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265535
|
7.5 |
HIGH
Network
|
foxitsoftware
|
foxit_reader
phantompdf
|
Use-after-free vulnerability in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to cause a denial of service (application crash) via unspecified vectors.
|
NVD-CWE-noinfo
|
CVE-2016-4060
|
2024-11-21 11:51 |
2016-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265536
|
7.8 |
HIGH
Local
|
foxitsoftware
|
foxit_reader
phantompdf
|
Use-after-free vulnerability in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to execute arbitrary code via a crafted FlateDecode stream in a PDF document.
|
NVD-CWE-Other
|
CVE-2016-4059
|
2024-11-21 11:51 |
2016-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265537
|
5.5 |
MEDIUM
Local
|
opensuse
giflib_project
|
opensuse
giflib
|
Heap-based buffer overflow in util/gif2rgb.c in gif2rgb in giflib 5.1.2 allows remote attackers to cause a denial of service (application crash) via the background color index in a GIF file.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2016-3977
|
2024-11-21 11:51 |
2016-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265538
|
7.2 |
HIGH
Network
|
dotcms
|
dotcms
|
SQL injection vulnerability in the Workflow Screen in dotCMS before 3.3.2 allows remote administrators to execute arbitrary SQL commands via the orderby parameter.
|
CWE-89
SQL Injection
|
CVE-2016-4040
|
2024-11-21 11:51 |
2016-04-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265539
|
8.8 |
HIGH
Local
|
xen
fedoraproject
oracle
|
xen
fedora
vm_server
|
Integer overflow in the x86 shadow pagetable code in Xen allows local guest OS users to cause a denial of service (host crash) or possibly gain privileges by shadowing a superpage mapping.
|
CWE-264
NVD-CWE-Other
Permissions, Privileges, and Access Controls
|
CVE-2016-3960
|
2024-11-21 11:51 |
2016-04-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265540
|
2.7 |
LOW
Network
|
dotcms
|
dotcms
|
Directory traversal vulnerability in the dotTailLogServlet in dotCMS before 3.5.1 allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the fileName parameter.
|
CWE-22
Path Traversal
|
CVE-2016-3972
|
2024-11-21 11:51 |
2016-04-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
