Friday, March 21, 2025

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library

Home
Security Creators Network
Webinars
Events
- Upcoming Events
- On-Demand Events
Sponsored Content
Chat
Library
Related Sites
Media Kit
About
Sponsor

Analytics
AppSec
CISO
Cloud
DevOps
GRC
Identity
Incident Response
IoT / ICS
Threats / Breaches
More
Humor

Sean Melia
Blog

SSRF and XXE Vulnerabilities in PDFreactor

SSRF and XXE Vulnerabilities in PDFreactor

Sean Melia | May 28, 2019

Aon’s Cyber Solutions recently discovered two vulnerabilities in RealObjects PDFreactior prior to version 10.1.10722 in the default configuration. The identified vulnerabilities allow attackers to perform Server-Side Request Forgery (SSRF) and XML External Entity Injection (XXE) attacks in cases where PDFreactor is used to process user-controllable HTML over a network. Exploitation ... Read More

Techstrong TV

Click full-screen to enable volume control

Watch latest episodes and shows

Networking Field Day

Upcoming Webinars

Optimizing Hybrid Cloud Resiliency and Security

Securing Open Source Software Supply Chains – The Next Frontier of Innovation

Full Content Inspection: The New Standard for Network Security

The 2025 Guide to Open Source Security and Risk

Podcast

Listen to all of our podcasts

Press Releases

GoPlus's Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

Zama Raises $73M in Series A Lead by Multicoin Capital and Protocol Labs to Commercialize Fully Homomorphic Encryption

Zama Raises $73M in Series A Lead by Multicoin Capital and Protocol Labs to Commercialize Fully Homomorphic Encryption

RSM US Deploys Stellar Cyber Open XDR Platform to Secure Clients

RSM US Deploys Stellar Cyber Open XDR Platform to Secure Clients

ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On

ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On

Subscribe to our Newsletters

Most Read on the Boulevard

New Akira Ransomware Decryptor Leans on Nvidia GPU Power

Trend Micro Open Sources Cybertron LLM for Cybersecurity

Microsoft Won’t Fix This Bad Zero Day (Despite Wide Abuse)

Bedrock Security Embraces Generative AI and Graph Technologies to Improve Data Security

“My Vas Pokhoronim!”

Windows File Explorer Spoofing Vulnerability (CVE-2025-24071)

Tackling Data Overload: Strategies for Effective Vulnerability Remediation

CIAM Basics: A Comprehensive Guide to Customer Identity and Access Management in 2025

News alert: Link11’s research shows DDoS attacks are more targeted — and doubled — year-over-year

My Take: Here’s why Google’s $32B Wiz grab is the latest Big Tech leap sure to further erode privacy

Industry Spotlight

Analytics & Intelligence Cybersecurity Data Security Endpoint Featured Governance, Risk & Compliance Humor Incident Response Industry Spotlight Malware Most Read This Week News Popular Post Security Awareness Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities

Microsoft Won’t Fix This Bad Zero Day (Despite Wide Abuse)

March 20, 2025 Richi Jennings | 1 day ago 0

Cloud Security Cybersecurity Data Privacy Data Security Featured Industry Spotlight Network Security News Security Awareness Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Spotlight Threat Intelligence Threats & Breaches

HP Intros Printers with Protection Against Quantum Cyberattacks

March 19, 2025 Jeffrey Burt | 2 days ago 0

Cloud Security Cybersecurity Data Security Featured Industry Spotlight Network Security News Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Social Engineering Spotlight Threat Intelligence Threats & Breaches

Symantec Uses OpenAI Operator to Show Rising Threat of AI Agents

March 14, 2025 Jeffrey Burt | Mar 14 0

Top Stories

Cloud Security Cybersecurity Data Privacy Data Security Featured Identity & Access Network Security News Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Spotlight

Ex-Michigan, Ravens Football Coach Charged with Hacking Athlete Accounts

March 21, 2025 Jeffrey Burt | Yesterday 0

Application Security Cybersecurity Featured News Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Spotlight

Report Surfaces Sharp Increase in Cyberattacks Aimed at Applications

March 21, 2025 Michael Vizard | Yesterday 0

Cybersecurity Featured News Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Spotlight

Report: More Attacks Aimed at Android Devices Configured with Root Access

March 20, 2025 Michael Vizard | 1 day ago 0

Download Free eBook

Managing the AppSec Toolstack

Join the Community

Add your blog to Security Creators Network
Write for Security Boulevard
Bloggers Meetup and Awards
Ask a Question
Email: [email protected]

Useful Links

About
Media Kit
Sponsor Info
Copyright
TOS
DMCA Compliance Statement
Privacy Policy

Related Sites

Techstrong Group
Cloud Native Now
DevOps.com
Digital CxO
Techstrong Research
Techstrong TV
Techstrong.tv Podcast
DevOps Chat
DevOps Dozen
DevOps TV

Powered by Techstrong Group

Copyright © 2025 Techstrong Group Inc. All rights reserved.