|
224191
|
9.8 |
CRITICAL
Network
|
arox
|
school-erp
|
AROX School-ERP Pro has a command execution vulnerability. import_stud.php and upload_fille.php do not have session control. Therefore an unauthenticated user can execute a command on the system.
|
CWE-287
CWE-434
Improper Authentication
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-13294
|
2024-11-21 13:24 |
2019-07-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224192
|
9.8 |
CRITICAL
Network
|
weberp
|
weberp
|
A SQL Injection issue was discovered in webERP 4.15. Payments.php accepts payment data in base64 format. After this is decoded, it is deserialized. Then, this deserialized data goes directly into a S…
|
CWE-89
SQL Injection
|
CVE-2019-13292
|
2024-11-21 13:24 |
2019-07-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224193
|
5.5 |
MEDIUM
Local
|
glyphandcog
|
xpdfreader
|
In Xpdf 4.01.01, there is a heap-based buffer over-read in the function DCTStream::readScan() located at Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftops …
|
CWE-125
Out-of-bounds Read
|
CVE-2019-13291
|
2024-11-21 13:24 |
2019-07-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224194
|
7.8 |
HIGH
Local
|
artifex
|
mupdf
|
Artifex MuPDF 1.15.0 has a heap-based buffer overflow in fz_append_display_node located at fitz/list-device.c, allowing remote attackers to execute arbitrary code via a crafted PDF file. This occurs …
|
CWE-787
Out-of-bounds Write
|
CVE-2019-13290
|
2024-11-21 13:24 |
2019-07-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224195
|
7.8 |
HIGH
Local
|
glyphandcog
|
xpdfreader
|
In Xpdf 4.01.01, there is a use-after-free vulnerability in the function JBIG2Stream::close() located at JBIG2Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdf…
|
CWE-416
Use After Free
|
CVE-2019-13289
|
2024-11-21 13:24 |
2019-07-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224196
|
5.5 |
MEDIUM
Local
|
glyphandcog
|
xpdfreader
|
In Xpdf 4.01.01, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack. This is similar to CVE-2018-16646.
|
CWE-674
Uncontrolled Recursion
|
CVE-2019-13288
|
2024-11-21 13:24 |
2019-07-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224197
|
5.5 |
MEDIUM
Local
|
glyphandcog
|
xpdfreader
|
In Xpdf 4.01.01, there is an out-of-bounds read vulnerability in the function SplashXPath::strokeAdjust() located at splash/SplashXPath.cc. It can, for example, be triggered by sending a crafted PDF …
|
CWE-125
Out-of-bounds Read
|
CVE-2019-13287
|
2024-11-21 13:24 |
2019-07-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224198
|
5.5 |
MEDIUM
Local
|
glyphandcog
fedoraproject
|
xpdfreader
fedora
|
In Xpdf 4.01.01, there is a heap-based buffer over-read in the function JBIG2Stream::readTextRegionSeg() located at JBIG2Stream.cc. It can, for example, be triggered by sending a crafted PDF document…
|
CWE-125
Out-of-bounds Read
|
CVE-2019-13286
|
2024-11-21 13:24 |
2019-07-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224199
|
7.8 |
HIGH
Local
|
glyphandcog
fedoraproject
|
xpdfreader
fedora
|
In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in SampledFunction::transform in Function.cc when using a large index for samples. It can, for example, be triggered by sending a cra…
|
CWE-125
Out-of-bounds Read
|
CVE-2019-13282
|
2024-11-21 13:24 |
2019-07-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224200
|
7.8 |
HIGH
Local
|
glyphandcog
fedoraproject
|
xpdfreader
fedora
|
In Xpdf 4.01.01, a heap-based buffer overflow could be triggered in DCTStream::decodeImage() in Stream.cc when writing to frameBuf memory. It can, for example, be triggered by sending a crafted PDF d…
|
CWE-787
Out-of-bounds Write
|
CVE-2019-13281
|
2024-11-21 13:24 |
2019-07-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
