CVE-2024-25938

A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a Barcode widget. A specially crafted JavaScript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. An...

CVE-2024-25575

A type confusion vulnerability vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a Lock object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An...

CVE-2024-25575

A type confusion vulnerability vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a Lock object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An...

CVE-2024-25938

A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a Barcode widget. A specially crafted JavaScript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. An...

CVE-2024-25938

CVE-2024-25938 affects Foxit Reader 2024.1.0.23997 and is a use-after-free vulnerability in the Barcode widget. According to Talos, a specially crafted JavaScript in a malicious PDF can trigger reuse of a freed object, leading to memory corruption and potentially arbitrary code execution. Exploit...

CVE-2024-25648

A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a ComboBox widget. A specially crafted JavaScript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. A...

CVE-2024-25648

Foxit Reader 2024.1.0.23997 is affected by a use-after-free in the ComboBox handling that can be triggered when processing JavaScript in a malicious PDF or when visiting a crafted site with the browser plugin enabled. Talos provides concrete details on the vulnerable path: a ComboBox object is fr...

Cross-site Scripting (XSS)

ajenti is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper filename sanitization within the File Manager, which allows an attacker to inject malicious JavaScript...

Foxit Reader Lock object fields property type confusion vulnerability

Talos Vulnerability Report TALOS-2024-1963 Foxit Reader Lock object fields property type confusion vulnerability April 30, 2024 CVE Number CVE-2024-25575 SUMMARY A type confusion vulnerability vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a Lock object. A specially crafted...

Foxit Reader ComboBox widget Format event use-after-free vulnerability

Talos Vulnerability Report TALOS-2024-1959 Foxit Reader ComboBox widget Format event use-after-free vulnerability April 30, 2024 CVE Number CVE-2024-25648 SUMMARY A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a ComboBox widget. A specially crafted JavaScript...

CVE-2024-4302 Super 8 livechat SDK - Cross-site Scripting

Super 8 Live Chat online customer service platform fails to properly filter user input, allowing unauthenticated remote attackers to insert JavaScript code into the chat box. When the message recipient views the message, they become susceptible to Cross-site Scripting XSS attacks...

Cross-site Scripting (XSS)

Sidekiq is vulnerable to Cross-site Scripting XSS. The vulnerability is due to a lack of encoding within the Queues page in metrics.erb, which allows an attacker to inject JavaScript code through the substr parameter in the response, potentially compromising user accounts and data...

Fedora 40 : firefox (2024-c6a1d4e0ec)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-c6a1d4e0ec advisory. - New upstream release 125.0 ---- - New upstream release 124.0.2 Tenable has extracted the preceding description block directly from the Fedora...

Fedora 40 : firefox (2024-8b5bd4ad5f)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-8b5bd4ad5f advisory. - New upstream version 124.0.1 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus ha...

Foxit PDF Editor < 13.1 Multiple Vulnerabilities

According to its version, the Foxit PDF Editor application previously named Foxit PhantomPDF installed on the remote Windows host is prior to 13.1. It is, therefore affected by multiple vulnerabilities: - In Foxit PDF Reader before 2024.1 and PDF Editor before 2024.1, code execution via JavaScrip...

Foxit PDF Editor < 11.2.9 Multiple Vulnerabilities

According to its version, the Foxit PDF Editor application previously named Foxit PhantomPDF installed on the remote Windows host is prior to 11.2.9. It is, therefore affected by multiple vulnerabilities: - In Foxit PDF Reader before 2024.1 and PDF Editor before 2024.1, code execution via...

RHEL 8 / 9 : OpenShift Container Platform 4.12.20 (RHSA-2023:3409)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:3409 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private clo...

Foxit PDF Editor < 12.1.5 Multiple Vulnerabilities

According to its version, the Foxit PDF Editor application previously named Foxit PhantomPDF installed on the remote Windows host is prior to 12.1.5. It is, therefore affected by multiple vulnerabilities: - In Foxit PDF Reader before 2024.1 and PDF Editor before 2024.1, code execution via...

Ukraine Targeted in Cyberattack Exploiting 7-Year-Old Microsoft Office Flaw

Cybersecurity researchers have discovered a targeted operation against Ukraine that has been found leveraging a nearly seven-year-old flaw in Microsoft Office to deliver Cobalt Strike on compromised systems. The attack chain, which took place at the end of 2023 according to Deep Instinct, employs...

CVE-2024-32887 Reflected XSS in sidekiq

Sidekiq is simple, efficient background processing for Ruby. Sidekiq is reflected XSS vulnerability. The value of substr parameter is reflected in the response without any encoding, allowing an attacker to inject Javascript code into the response of the application. An attacker could exploit it t...