An XML external entity (XXE) vulnerability in Kofax Front Office Server Administration Console version 4.1.1.11.0.5212 allows remote authenticated users to read arbitrary files via crafted XML inside an imported package configuration (.ZIP file) within...
Kofax Front Office Server version 4.1.1.11.0.5212 (both Thin Client and Administration Console) suffers from multiple authenticated stored XSS vulnerabilities via the (1) "Filename" field in /Kofax/KFS/ThinClient/document/upload/ – (Thin Client) or (2) "DeviceName" field in...
In Kofax Front Office Server Administration Console 4.1.1.11.0.5212, some fields, such as passwords, are obfuscated in the front-end, but the cleartext value can be exfiltrated by using the back-end "download" feature, as demonstrated by...
PrinterOn Enterprise 4.1.4 contains multiple Cross Site Request Forgery (CSRF) vulnerabilities in the Administration page. For example, an administrator, by following a link, can be tricked into making unwanted changes to a printer (Disable,...
A flaw was found in pacemaker up to and including version 2.0.1. An insufficient verification inflicted preference of uncontrolled processes can lead to DoS Date published : 2019-04-18 http://www.securityfocus.com/bid/108039 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16878
A flaw was found in the way pacemaker’s client-server authentication was implemented in versions up to and including 2.0.0. A local attacker could use this flaw, and combine it with other IPC weaknesses, to...
WAC on the Sangfor Sundray WLAN Controller version 3.7.4.2 and earlier has a Remote Code Execution issue allowing remote attackers to achieve full access to the system, because shell metacharacters in the nginx_webconsole.php Cookie...
WAC on the Sangfor Sundray WLAN Controller version 3.7.4.2 and earlier has a backdoor account allowing a remote attacker to login to the system via SSH (on TCP port 22345) and escalate to root...
The Cprime Power Scripts app before 4.0.14 for Atlassian Jira allows Directory Traversal. Date published : 2019-04-18 https://marketplace.atlassian.com/apps/43318/power-scripts-jira-script-automation/version-history https://www.detack.de/en/cve-2019-9005
An XML External Entity vulnerability in the UEM Core of BlackBerry UEM version(s) earlier than 12.10.1a could allow an attacker to potentially gain read access to files on any system reachable by the UEM...
A use-after-free flaw was found in pacemaker up to and including version 2.0.1 which could result in certain sensitive information to be leaked via the system logs. Date published : 2019-04-18 http://www.securityfocus.com/bid/108036 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3885
Dell SupportAssist Client versions prior to 3.2.0.90 contain a remote code execution vulnerability. An unauthenticated attacker, sharing the network access layer with the vulnerable system, can compromise the vulnerable system by tricking a victim...
Dell SupportAssist Client versions prior to 3.2.0.90 contain an improper origin validation vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability to attempt CSRF attacks on users of the impacted systems. Date published...
Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. A remote attacker who has permission to add attachments to pages and / or blogs or to create a new...