Tag
### Impact Since version 61.0, there's a vulnerability which allows attaching content of arbitrary files and URLs to a generated PDF document, even if `url_fetcher` is configured to prevent access to files and URLs. ### Patches Fixed by 734ee8e that’s included in 61.2 ### Workarounds - Check that no PDF attachment is defined in source HTML. - Launch WeasyPrint in a sandbox that prevents access to the filesystem and the network.
By Uzair Amir Stay up to date on the ever-changing trends and enhance your internet security with traditional VPNs. Not only do they provide an extra layer of protection, but they also come with plenty of entertainment credentials! This is a post from HackRead.com Read the original post: VPN Evolution: Security and Entertainment Essentials Amid Rising Digital Risks
Analysis of the traffic between networked devices has always been of interest since devices could even communicate with one another. As the complexity of networks grew, the more useful dedicated traffic analysis tools became. Major advancements have been made over the years with tools like Snort or Wireshark, but
By Deeba Ahmed The CHAVECLOAK banking Trojan employs PDFs, ZIP downloads, DLL sideloading, and deceptive pop-ups to target Brazil's unsuspecting banking users financial sector. This is a post from HackRead.com Read the original post: New CHAVECLOAK Banking Trojan Targets Brazilians via Malicious PDFs
SumatraPDF version 3.5.2 suffers from a DLL hijacking vulnerability using CRYPTBASE.DLL. DLL hijacking in this version was already discovered by Ravishanka Silva in February of 2024 but the findings did not include this DLL.
A-PDF All to MP3 Converter version 2.0.0 overflow exploit with DEP Bypass with HeapCreate + HeapAlloc + some_memory_copy_function ROP chain.
A Cross-Site Scripting vulnerability in Cockpit CMS affecting version 2.7.0. This vulnerability could allow an authenticated user to upload an infected PDF file and store a malicious JavaScript payload to be executed when the file is uploaded.
A previously undocumented threat actor dubbed SPIKEDWINE has been observed targeting officials in European countries with Indian diplomatic missions using a new backdoor called WINELOADER. The adversary, according to a report from Zscaler ThreatLabz, used a PDF file in emails that purported to come from the Ambassador of India, inviting diplomatic staff to a wine-tasting
Other potential code execution vulnerabilities are also present in Weston Embedded µC/HTTP-server, a web server component in Weston Embedded's in-house operating system and an open-source library that processes several types of potentially sensitive medical tests.
By Deeba Ahmed Russian hackers, part of Russia’s Main Intelligence Directorate of the General Staff, are using compromised Ubiquiti EdgeRouters to… This is a post from HackRead.com Read the original post: FBI Alert: Russian Hackers Target Ubiquiti Routers for Data, Botnet Creation