Advisories - Exodus Intelligence

SolarWinds Serv-u File Server Command Injection Vulnerability

September 27, 2021 No Comments

EIP-d3400c52 The Serv-U File Server supports site specific commands which may not be universally supported by all FTP clients. Among these is the SITE EXEC command which allows a user to execute programs and scripts remotely, if the execute permission is present on

McAfee DLP Agent Stack Buffer Overflow Remote Code Execution Vulnerability

September 17, 2021 No Comments

EIP-035220ca The vulnerability affects both Data Loss Prevention (DLP) Endpoint for Windows and the DLP Discover products from McAfee. The vulnerability is present within the included lasr.dll module, which is part of the Keyview SDK3 , and is responsible for parsing Ami Pro

Adobe Acrobat Reader Base URI Unicode String Heap Buffer Overflow Vulnerability

September 17, 2021 No Comments

EIP-47ea5148 A heap buffer overflow vulnerability exists in the IA32.api module of Adobe Acrobat and Acrobat Reader DC. Upon parsing a specially crafted PDF document containing URI entries with URI dictionaries and a specially crafted base URL defined with raw Unicode strings

Foxit PhantomPDF ConvertToPDF Arbitrary File Write Remote Code Execution Vulnerability

August 24, 2021 No Comments

EIP-884255a1 The vulnerability exists within an RPC interface listening on TCP port 6000, exposed by Foxit PhantomPDF. The ConvertToPDF method of the Creator object does not properly validate the bstrDestPathName argument, allowing arbitrary files to be written under the context of the

Foxit PhantomPDF CombineFiles Arbitrary File Write Remote Code Execution Vulnerability

August 24, 2021 No Comments

EIP-adf3136a The vulnerability exists within an RPC interface listening on TCP port 6000, exposed by Foxit PhantomPDF. The CombineFiles method of the Creator object does not properly validate the DestPDFFile argument, allowing arbitrary files to be written under the context of the

Foxit PhantomPDF ConnectedPDF DocSearch_Locator_Table SQL Injection Remote Code Execution Vulnerability

August 24, 2021 No Comments

EIP-68b878c6 The vulnerability exists within the ConnectedPDF service, implemented by the FoxitPhantomConnectedPDFService.exe binary. The service listens for connections on TCP port 44440 on localhost and fails to sanitize input data before using it to construct SQL queries. This allows arbitrary files to

Foxit PhantomPDF ConnectedPDF ConnectedPDF_DRM_Table SQL Injection Remote Code Execution Vulnerability

August 24, 2021 No Comments

EIP-962d432f The vulnerability exists within the ConnectedPDF service, implemented by the FoxitPhantomConnectedPDFService.exe binary. The service listens for connections on TCP port 44440 on localhost and fails to sanitize input data before using it to construct SQL queries. This allows arbitrary files to

Foxit PhantomPDF ConnectedPDF DocUpdate_Notify_Table SQL Injection Remote Code Execution Vulnerability

August 24, 2021 No Comments

EIP-6eceec3d The vulnerability exists within the ConnectedPDF service, implemented by the FoxitPhantomConnectedPDFService.exe binary. The service listens for connections on TCP port 44440 on localhost and fails to sanitize input data before using it to construct SQL queries. This allows arbitrary files to

Foxit PhantomPDF extractPages Arbitrary File Write Remote Code Execution Vulnerability

August 24, 2021 No Comments

EIP-a5cba843 The vulnerability exists within the JavaScript PDF API exposed by Foxit PhantomPDF. The extractPages method of the Document object does not properly validate the export path argument, allowing arbitrary files to be written under the context of the user running PhantomPDF.

Foxit PhantomPDF loadHtmlView Context Level Bypass Vulnerability

August 23, 2021 No Comments

EIP-617871b4 The vulnerability exists within the JavaScript PDF API exposed by Foxit PhantomPDF. The loadHtmlView method of the app object invokes attacker-controlled JavaScript code in a privileged context. An attacker can create a specially crafted PDF file that will abuse this vulnerability

← Previous 1 … 6 7