Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Endpoint Application Control Security Vulnerabilities

cve
cve

CVE-2023-6105

An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user with access to the host where an affected ManageEngine product is installed can view and use the exposed key to decrypt product database...

5.5CVSS

5.2AI Score

0.0004EPSS

2023-11-15 09:15 PM
22
cve
cve

CVE-2022-47966

Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain...

9.8CVSS

9.8AI Score

0.975EPSS

2023-01-18 06:15 PM
685
In Wild
cve
cve

CVE-2018-10357

A directory traversal vulnerability in Trend Micro Endpoint Application Control 2.0 could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw in the FileDrop servlet. Authentication is required to exploit this...

8.8CVSS

8.9AI Score

0.028EPSS

2018-05-23 04:29 PM
17
cve
cve

CVE-2018-6316

Ivanti Endpoint Security (formerly HEAT Endpoint Management and Security Suite) 8.5 Update 1 and earlier allows an authenticated user with low privileges and access to the local network to bypass application whitelisting when using the Application Control module on Ivanti Endpoint Security in...

7.5CVSS

7.3AI Score

0.001EPSS

2018-02-15 11:29 PM
26
cve
cve

CVE-2016-8010

Application protections bypass vulnerability in Intel Security McAfee Application Control (MAC) 7.0 and earlier and Endpoint Security (ENS) 10.2 and earlier allows local users to bypass local security protection via a command-line...

7.8CVSS

7.3AI Score

0.0004EPSS

2017-03-14 10:59 PM
17
cve
cve

CVE-2015-8154

The SysPlant.sys driver in the Application and Device Control (ADC) component in the client in Symantec Endpoint Protection (SEP) 12.1 before RU6-MP4 allows remote attackers to execute arbitrary code via a crafted HTML document, related to "RWX...

8.8CVSS

8.7AI Score

0.01EPSS

2016-03-18 02:59 PM
27
cve
cve

CVE-2013-5010

The Application/Device Control (ADC) component in the client in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protection Small Business Edition 12.x before 12.1.2 RU2 does not properly handle custom polices, which allows local users to bypass...

6.2AI Score

0.0004EPSS

2014-01-10 04:47 PM
19