CVSS: 5.3EPSS: 0%CPEs: 42EXPL: 0CVE-2018-18689
https://notcve.org/view.php?id=CVE-2018-18689
07 Jan 2021 — The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, a Signature Wrapping vulnerability exists in multiple products. An attacker can use /ByteRange and xref manipulations that are not detected by the signature-validation logic. This affects Foxit Reader before 9.4 and PhantomPDF before 8.3.9 and 9.x before 9.4. It also affects eXpert PDF 12 Ultimate, Expert PDF Reader, Nitro Pro, Nitro Reader, PDF Arch... • https://pdf-insecurity.org/signature/evaluation_2018.html • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 2CVE-2008-6496 – Visagesoft eXPert PDF EditorX - 'VSPDFEditorX.ocx' Insecure Method
https://notcve.org/view.php?id=CVE-2008-6496
20 Mar 2009 — Insecure method vulnerability in the VSPDFEditorX.VSPDFEdit ActiveX control in VSPDFEditorX.ocx 1.0.200.0 in VISAGESOFT eXPert PDF EditorX allows remote attackers to create or overwrite arbitrary files via the first argument to the extractPagesToFile method. Vulnerabilidad de método inseguro en el control ActiveX VSPDFEditorX.VSPDFEdit en VSPDFEditorX.ocx v1.0.200.0 en VISAGESOFT eXPert PDF EditorX permite a atacantes remotos crear o sobre escribir ficheros de su elección a través de un primer argumento del... • https://www.exploit-db.com/exploits/7358 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 2CVE-2008-4919 – Visagesoft eXPert PDF ViewerX - 'VSPDFViewerX.ocx' File Overwrite
https://notcve.org/view.php?id=CVE-2008-4919
04 Nov 2008 — Insecure method vulnerability in VISAGESOFT eXPert PDF Viewer X ActiveX control (VSPDFViewerX.ocx) 3.0.990.0 allows remote attackers to overwrite arbitrary files via a full pathname to the savePageAsBitmap method. Vulnerabilidad de método no seguro en el control ActiveX de VISAGESOFT eXPert PDF Viewer X (VSPDFViewerX.ocx) v3.0.990.0; permite a atacantes remotos sobrescribir ficheros de su elección a través de un nombre de ruta completo al método savePageAsBitmap. • https://www.exploit-db.com/exploits/6875 • CWE-20: Improper Input Validation •