{"vulnerability": "cve-2021-4072", "sightings": [{"uuid": "4d17bb9a-485a-40c2-af35-e9ef09957e21", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40724", "type": "published-proof-of-concept", "source": "Telegram/Y8KZH4iKLZNDV3OzlQacoZkHsOa4lWcU2LYqypPFXeeVEl4", "content": "", "creation_timestamp": "2025-06-15T21:00:05.000000Z"}, {"uuid": "adbb05b7-37fa-430b-8c57-89ffb4bca5c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40726", "type": "seen", "source": "https://t.me/cibsecurity/30185", "content": "\u203c CVE-2021-40726 \u203c\n\nAcrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability when processing AcroForm field that could result in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-07T20:34:07.000000Z"}, {"uuid": "2af3eda8-815c-41f3-9c3e-32cc86a765ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40723", "type": "seen", "source": "https://t.me/cibsecurity/70063", "content": "\u203c CVE-2021-40723 \u203c\n\nAcrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-07T16:18:48.000000Z"}, {"uuid": "078fd624-ba0f-4b7d-b778-1c6562430682", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40722", "type": "seen", "source": "https://t.me/cibsecurity/35461", "content": "\u203c CVE-2021-40722 \u203c\n\nAEM Forms Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by an XML External Entity (XXE) injection vulnerability that could be abused by an attacker to achieve RCE.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-14T00:23:57.000000Z"}, {"uuid": "605cef8d-0fc1-49e3-90c4-54019a884293", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-4072", "type": "seen", "source": "https://t.me/cibsecurity/34604", "content": "\u203c CVE-2021-4072 \u203c\n\nelgg is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-24T16:20:28.000000Z"}, {"uuid": "dc41ffb2-92e2-41a6-b41e-cd34ac7e97d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40724", "type": "published-proof-of-concept", "source": "https://t.me/cKure/8594", "content": "\u25a0\u25a0\u25a0\u25a0\u25a1 RCE in Adobe Acrobat Reader For Android (CVE-2021-40724).\n\nhttps://hulkvision.github.io/blog/post1/", "creation_timestamp": "2022-01-16T07:02:54.000000Z"}, {"uuid": "4082e9ac-2ed0-472d-80bb-8bc4aaa64dc1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40721", "type": "seen", "source": "https://t.me/cibsecurity/30629", "content": "\u203c CVE-2021-40721 \u203c\n\nAdobe Connect version 11.2.2 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-15T18:28:40.000000Z"}, {"uuid": "76162942-b62e-4a8b-85f5-82795a0d7717", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40725", "type": "seen", "source": "https://t.me/cibsecurity/30180", "content": "\u203c CVE-2021-40725 \u203c\n\nAcrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability when processing AcroForm listbox that could result in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-07T20:34:02.000000Z"}, {"uuid": "22e275b8-0a71-4890-bf0f-9d5b009d6379", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40724", "type": "published-proof-of-concept", "source": "https://t.me/androidMalware/1421", "content": "RCE in Adobe Acrobat Reader for Android (CVE-2021-40724)\nanalysis: https://hulkvision.github.io/blog/post1/", "creation_timestamp": "2022-02-18T10:41:39.000000Z"}, {"uuid": "ba40f523-86ae-4735-a1ad-1067dcb0063e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40724", "type": "seen", "source": "https://t.me/cibsecurity/30644", "content": "\u203c CVE-2021-40724 \u203c\n\nAcrobat Reader for Android versions 21.8.0 (and earlier) are affected by a Path traversal vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-15T18:28:57.000000Z"}, {"uuid": "6633b72e-3e5b-410b-984c-3d9aa369a352", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40724", "type": "published-proof-of-concept", "source": "https://t.me/androidMalware/1422", "content": "Here is exploitation flow of RCE in Adobe Acrobat Reader for Android (CVE-2021-40724)", "creation_timestamp": "2022-09-09T04:38:57.000000Z"}, {"uuid": "7384e44b-9073-415f-ad06-c432e3aee60a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40724", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/5215", "content": "#exploit\n1. CVE-2021-40724:\nRCE in Adobe Acrobat Reader for Android\nhttps://hulkvision.github.io/blog/post1\n\n2. CVE-2021-32648:\nOctoberCMS < 1.0.472 - Auth Bypass\nhttps://github.com/Immersive-Labs-Sec/CVE-2021-32648", "creation_timestamp": "2022-01-21T06:24:19.000000Z"}, {"uuid": "16ce3375-050c-416b-8f7c-76b690ac523d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40729", "type": "seen", "source": "Telegram/37Ze_ovLf-VknqNlNPEe0e3Srs6lUr5z6iWE1Clknu6xvTRF", "content": "", "creation_timestamp": "2022-01-31T18:03:57.000000Z"}]}