Security Bulletin 19 Oct 2022 – Cyber Security Agency of Singapore

Security Bulletin 19 Oct 2022 – Cyber Security Agency of Singapore

Security Bulletin 19 Oct 2022 – Cyber Security Agency of Singapore
CVE Number Description Base Score Reference CVE-2019-5924 Cross-site request forgery (CSRF) vulnerability in Smart Forms 2.6.15 and earlier allows remote attackers to hijack the authentication of administrators via a specially crafted page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2019-5924 CVE-2019-6727 This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the XFA remerge method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of…
Source link

About coldfusion

Check Also

Ransomware actor exploits unsupported ColdFusion servers — but comes away empty-handed

Servers are always a point of interest for threat actors as they are one of …

Leave a Reply

Your email address will not be published. Required fields are marked *