CVSS: 5.3EPSS: 0%CPEs: 42EXPL: 0CVE-2018-18689
https://notcve.org/view.php?id=CVE-2018-18689
The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, a Signature Wrapping vulnerability exists in multiple products. An attacker can use /ByteRange and xref manipulations that are not detected by the signature-validation logic. This affects Foxit Reader before 9.4 and PhantomPDF before 8.3.9 and 9.x before 9.4. It also affects eXpert PDF 12 Ultimate, Expert PDF Reader, Nitro Pro, Nitro Reader, PDF Architect 6, PDF Editor 6 Pro, PDF Experte 9 Ultimate, PDFelement6 Pro, PDF Studio Viewer 2018, PDF Studio Pro, PDF-XChange Editor and Viewer, Perfect PDF 10 Premium, Perfect PDF Reader, Soda PDF, and Soda PDF Desktop. • https://pdf-insecurity.org/signature/evaluation_2018.html https://pdf-insecurity.org/signature/signature.html https://www.foxitsoftware.com/support/security-bulletins.php https://www.pdfa.org/recently-identified-pdf-digital-signature-vulnerabilities • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2008-6496 – Visagesoft eXPert PDF EditorX - 'VSPDFEditorX.ocx' Insecure Method
https://notcve.org/view.php?id=CVE-2008-6496
Insecure method vulnerability in the VSPDFEditorX.VSPDFEdit ActiveX control in VSPDFEditorX.ocx 1.0.200.0 in VISAGESOFT eXPert PDF EditorX allows remote attackers to create or overwrite arbitrary files via the first argument to the extractPagesToFile method. Vulnerabilidad de método inseguro en el control ActiveX VSPDFEditorX.VSPDFEdit en VSPDFEditorX.ocx v1.0.200.0 en VISAGESOFT eXPert PDF EditorX permite a atacantes remotos crear o sobre escribir ficheros de su elección a través de un primer argumento del método extractPagesToFile. • https://www.exploit-db.com/exploits/7358 http://secunia.com/advisories/32990 http://www.securityfocus.com/bid/32664 https://exchange.xforce.ibmcloud.com/vulnerabilities/47166 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 14%CPEs: 1EXPL: 2CVE-2008-4919 – Visagesoft eXPert PDF ViewerX - 'VSPDFViewerX.ocx' File Overwrite
https://notcve.org/view.php?id=CVE-2008-4919
Insecure method vulnerability in VISAGESOFT eXPert PDF Viewer X ActiveX control (VSPDFViewerX.ocx) 3.0.990.0 allows remote attackers to overwrite arbitrary files via a full pathname to the savePageAsBitmap method. Vulnerabilidad de método no seguro en el control ActiveX de VISAGESOFT eXPert PDF Viewer X (VSPDFViewerX.ocx) v3.0.990.0; permite a atacantes remotos sobrescribir ficheros de su elección a través de un nombre de ruta completo al método savePageAsBitmap. • https://www.exploit-db.com/exploits/6875 http://secunia.com/advisories/32426 http://securityreason.com/securityalert/4558 http://www.securityfocus.com/bid/31984 https://exchange.xforce.ibmcloud.com/vulnerabilities/46218 • CWE-20: Improper Input Validation •