16 matches found
EUVD-2018-9044
Malware in sbrugna...
EUVD-2018-9045
Malware in sbrugna...
EUVD-2018-9043
Malware in sbrugna...
CVE-2018-17289
An XML external entity XXE vulnerability in Kofax Front Office Server Administration Console version 4.1.1.11.0.5212 allows remote authenticated users to read arbitrary files via crafted XML inside an imported package configuration .ZIP file within the Kofax/KFS/Admin/PackageService/package/uploa...
CVE-2018-17287
In Kofax Front Office Server Administration Console 4.1.1.11.0.5212, some fields, such as passwords, are obfuscated in the front-end, but the cleartext value can be exfiltrated by using the back-end "download" feature, as demonstrated by an mfp.password downloadsettingvalue operation...
Cross site scripting
Kofax Front Office Server version 4.1.1.11.0.5212 both Thin Client and Administration Console suffers from multiple authenticated stored XSS vulnerabilities via the 1 "Filename" field in /Kofax/KFS/ThinClient/document/upload/ - Thin Client or 2 "DeviceName" field in...
CVE-2018-17288
Kofax Front Office Server version 4.1.1.11.0.5212 both Thin Client and Administration Console suffers from multiple authenticated stored XSS vulnerabilities via the 1 "Filename" field in /Kofax/KFS/ThinClient/document/upload/ - Thin Client or 2 "DeviceName" field in...
Design/Logic Flaw
In Kofax Front Office Server Administration Console 4.1.1.11.0.5212, some fields, such as passwords, are obfuscated in the front-end, but the cleartext value can be exfiltrated by using the back-end "download" feature, as demonstrated by an mfp.password downloadsettingvalue operation...
CVE-2018-17289
An XML external entity XXE vulnerability in Kofax Front Office Server Administration Console version 4.1.1.11.0.5212 allows remote authenticated users to read arbitrary files via crafted XML inside an imported package configuration .ZIP file within the Kofax/KFS/Admin/PackageService/package/uploa...
CVE-2018-17287
In Kofax Front Office Server Administration Console 4.1.1.11.0.5212, some fields, such as passwords, are obfuscated in the front-end, but the cleartext value can be exfiltrated by using the back-end "download" feature, as demonstrated by an mfp.password downloadsettingvalue operation...
CVE-2018-17288
Kofax Front Office Server version 4.1.1.11.0.5212 both Thin Client and Administration Console suffers from multiple authenticated stored XSS vulnerabilities via the 1 "Filename" field in /Kofax/KFS/ThinClient/document/upload/ - Thin Client or 2 "DeviceName" field in...
Xxe
An XML external entity XXE vulnerability in Kofax Front Office Server Administration Console version 4.1.1.11.0.5212 allows remote authenticated users to read arbitrary files via crafted XML inside an imported package configuration .ZIP file within the Kofax/KFS/Admin/PackageService/package/uploa...
CVE-2018-17289
An XML external entity XXE vulnerability in Kofax Front Office Server Administration Console version 4.1.1.11.0.5212 allows remote authenticated users to read arbitrary files via crafted XML inside an imported package configuration .ZIP file within the Kofax/KFS/Admin/PackageService/package/uploa...
CVE-2018-17288
Kofax Front Office Server version 4.1.1.11.0.5212 both Thin Client and Administration Console suffers from multiple authenticated stored XSS vulnerabilities via the 1 "Filename" field in /Kofax/KFS/ThinClient/document/upload/ - Thin Client or 2 "DeviceName" field in...
CVE-2018-17287
In Kofax Front Office Server Administration Console 4.1.1.11.0.5212, some fields, such as passwords, are obfuscated in the front-end, but the cleartext value can be exfiltrated by using the back-end "download" feature, as demonstrated by an mfp.password downloadsettingvalue operation...
CVE-2018-17287
CVE-2018-17287 affects Kofax Front Office Server Administration Console (version 4.1.1.11.0.5212). The issue arises because some fields (e.g., passwords) are obfuscated in the front-end but can be exfiltrated via the back-end download feature (mfp.password downloadsettingvalue operation). This co...