<![CDATA[ZDI: Published Advisories]]> http://www.zerodayinitiative.com/advisories/published/ Wed Jan 18 22:39:50 2017 +0000 zdi@hp.com (Author) Tippingpoint, all rights reserved ZDI Bird Feeder en http://blogs.law.harvard.edu/tech/rss <![CDATA[ZDI-17-043: Advantech WebAccess updateTemplate SQL Injection Information Disclosure Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/olD2Sk83d4M/ This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Advantech WebAccess. Authentication is required to exploit this vulnerability, but can be easily bypassed.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/olD2Sk83d4M" height="1" width="1" alt=""/> Thu, 12 Jan 2017 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-17-043/ <![CDATA[ZDI-17-042: Foxit PhantomPDF ConvertToPDF TIFF Parsing Memory Corruption Remote Code Execution Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/JMsSmiWuNJs/ This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/JMsSmiWuNJs" height="1" width="1" alt=""/> Wed, 11 Jan 2017 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-17-042/ <![CDATA[ZDI-17-041: Foxit Reader JPEG2000 Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/NpgllY8JAYc/ This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/NpgllY8JAYc" height="1" width="1" alt=""/> Wed, 11 Jan 2017 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-17-041/ <![CDATA[ZDI-17-040: Foxit Reader JPEG2000 Parsing Out-Of-Bounds Read Information Disclosure Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/phQhM3m9NO4/ This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/phQhM3m9NO4" height="1" width="1" alt=""/> Wed, 11 Jan 2017 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-17-040/ <![CDATA[ZDI-17-039: Foxit PhantomPDF ConvertToPDF JPEG Parsing Out-Of-Bounds Read Information Disclosure Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/aj_tCpPykNM/ This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/aj_tCpPykNM" height="1" width="1" alt=""/> Wed, 11 Jan 2017 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-17-039/ <![CDATA[ZDI-17-038: Foxit Reader setInterval Use-After-Free Remote Code Execution Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/Zb3ONDXcjsc/ This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/Zb3ONDXcjsc" height="1" width="1" alt=""/> Wed, 11 Jan 2017 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-17-038/ <![CDATA[ZDI-17-037: Foxit Reader Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/jeM4g6WLc0U/ This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/jeM4g6WLc0U" height="1" width="1" alt=""/> Wed, 11 Jan 2017 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-17-037/ <![CDATA[ZDI-17-036: Foxit Reader JPEG2000 Parsing Out-Of-Bounds Read Information Disclosure Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/G_ziWxRCtAo/ This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/G_ziWxRCtAo" height="1" width="1" alt=""/> Wed, 11 Jan 2017 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-17-036/ <![CDATA[ZDI-17-035: Foxit Reader JPEG2000 Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/sFHQpg6ADS4/ This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/sFHQpg6ADS4" height="1" width="1" alt=""/> Wed, 11 Jan 2017 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-17-035/ <![CDATA[ZDI-17-034: Foxit Reader alert Use-After-Free Remote Code Execution Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/Pyr8sXuq_nk/ This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/Pyr8sXuq_nk" height="1" width="1" alt=""/> Wed, 11 Jan 2017 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-17-034/