This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 3.3. The following CVEs are assigned: CVE-2024-8834.
Category Archives: Advisories
ZDI-24-1256: PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-8833.
ZDI-24-1255: PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 3.3. The following CVEs are assigned: CVE-2024-8832.
ZDI-24-1254: PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-8831.
ZDI-24-1253: PDF-XChange Editor XPS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-8830.
SEC Consult blog :: Microsoft Windows MSI Installer – Repair to SYSTEM – A detailed journey (CVE-2024-38014) + msiscan tool release
Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Sep 16
The SEC Consult Vulnerability Lab published a new blog post titled:
“Microsoft Windows MSI Installer – Repair to SYSTEM – A detailed journey”
covering the recent Microsoft September 2024 patch for CVE-2024-38014.
Blog URL:
———
https://r.sec-consult.com/msi
Author:
——-
Michael Baer, SEC Consult Vulnerability Lab
Abstract:
———
This article by our researcher Michael Baer for the SEC Consult Vulnerability Lab
will explain…
Stored XSS to Account Takeover – htmlyv2.9.9
Posted by Andrey Stoykov on Sep 16
# Exploit Title: Stored XSS to Account Takeover – htmlyv2.9.9
# Date: 9/2024
# Exploit Author: Andrey Stoykov
# Version: 2.9.9
# Tested on: Ubuntu 22.04
# Blog:
https://msecureltd.blogspot.com/2024/08/friday-fun-pentest-series-9-stored-xss.html
Description:
– It was found that the application suffers from stored XSS
– Low level user having an “author” role can takeover admin account and
change their password via posting a malicious…
APPLE-SA-09-16-2024-10 macOS Ventura 13.7
Posted by Apple Product Security via Fulldisclosure on Sep 16
APPLE-SA-09-16-2024-10 macOS Ventura 13.7
macOS Ventura 13.7 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/121234.
Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.
Accounts
Available for: macOS Ventura
Impact: An app may be able to leak sensitive user information
Description: The…
APPLE-SA-09-16-2024-9 macOS Sonoma 14.7
Posted by Apple Product Security via Fulldisclosure on Sep 16
APPLE-SA-09-16-2024-9 macOS Sonoma 14.7
macOS Sonoma 14.7 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/121247.
Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.
Accounts
Available for: macOS Sonoma
Impact: An app may be able to access user-sensitive data
Description: The issue was…
APPLE-SA-09-16-2024-8 iOS 17.7 and iPadOS 17.7
Posted by Apple Product Security via Fulldisclosure on Sep 16
APPLE-SA-09-16-2024-8 iOS 17.7 and iPadOS 17.7
iOS 17.7 and iPadOS 17.7 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/121246.
Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.
Accessibility
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
2nd generation and…