218 matches found
Code injection
An issue was discovered in PrimeKey EJBCA before 7.6.0. When audit logging changes to the alias configurations of various protocols that use an enrollment secret, any modifications to the secret were logged in cleartext in the audit log that can only be viewed by an administrator. This affects us...
Code injection
An issue was discovered in PrimeKey EJBCA before 7.6.0. As part of the configuration of the aliases for SCEP, CMP, EST, and Auto-enrollment, the enrollment secret was reflected on a page that can only be viewed by an administrator. While hidden from direct view, checking the page source would...
CVE-2021-40086
An issue was discovered in PrimeKey EJBCA before 7.6.0. As part of the configuration of the aliases for SCEP, CMP, EST, and Auto-enrollment, the enrollment secret was reflected on a page that can only be viewed by an administrator. While hidden from direct view, checking the page source would...
CVE-2021-40087
PrimeKey EJBCA before version 7.6.0 is affected by an issue where modifications to enrollment-secret alias configurations for protocols SCEP, CMP, and EST are logged in cleartext in the audit log (administrator-accessible). The vulnerability arises from audit logging changes to alias configuratio...
CVE-2021-40087
An issue was discovered in PrimeKey EJBCA before 7.6.0. When audit logging changes to the alias configurations of various protocols that use an enrollment secret, any modifications to the secret were logged in cleartext in the audit log that can only be viewed by an administrator. This affects us...
CVE-2021-40088
An issue was discovered in PrimeKey EJBCA before 7.6.0. CMP RA Mode can be configured to use a known client certificate to authenticate enrolling clients. The same RA client certificate is used for revocation requests as well. While enrollment enforces multi tenancy constraints by verifying that...
WordPress CMP – Coming Soon & Maintenance plugin <= 4.0.9 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Sun Cyber Security Research Team Patchstack Red Team member in WordPress CMP – Coming Soon & Maintenance plugin versions = 4.0.9. Solution Update the WordPress CMP – Coming Soon & Maintenance plugin to the...
WordPress CMP – Coming Soon & Maintenance plugin <= 4.0.9 - Authenticated Remote Code Execution (RCE) vulnerability
Remote Code Execution RCE vulnerability discovered by Ngo Van Thien Sun Cyber Security Research Team Patchstack Red Team member in WordPress CMP – Coming Soon & Maintenance plugin versions = 4.0.9. Solution Update the WordPress CMP – Coming Soon & Maintenance plugin to the latest available versio...
CVE-2021-31435
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.931. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Design/Logic Flaw
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.931. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
CVE-2021-31435
Foxit Studio Photo 3.6.6.931 is affected by a CMP file parsing vulnerability caused by uninitialized memory access, enabling remote code execution. Exploitation requires user interaction (e.g., visiting a malicious page or opening a malicious file). The issue is documented across multiple sources...
CVE-2021-31435
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.931. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Foxit Studio Photo CMP File Parsing Uninitialized Variable Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...
CVE-2020-17429
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists with...
CVE-2020-17428
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists with...
CVE-2020-17436
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists with...
CVE-2020-17428
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists with...
CVE-2020-17436
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists with...
CVE-2020-17429
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists with...
CVE-2020-17433
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists with...