Multiple cross-site request forgery (CSRF) vulnerabilities in the web management interface in InterSect Alliance Snare Agent 3.2.3 and earlier on Solaris, Snare Agent 3.1.7 and earlier on Windows, Snare Agent 1.5.0 and earlier on Linux and AIX, Snare Agent 1.4 and earlier on IRIX, Snare Epilog...
7.6AI Score
0.004EPSS
6.5CVSS
6.5AI Score
0.001EPSS
Snare for Linux before 1.7.0 has password disclosure because the rendered page contains the field...
7.5CVSS
7.5AI Score
0.001EPSS
An OS Command Injection vulnerability in Snare Central before 7.4.5 allows remote authenticated attackers to inject arbitrary OS commands via the ServerConf/DataManagement/DiskManager.php FORMNAS_share...
7.2CVSS
7AI Score
0.002EPSS
A SQL injection vulnerability in Snare Central before 7.4.5 allows remote authenticated attackers to execute arbitrary SQL commands via the AgentConsole/UserGroupQuery.php ShowUser...
7.2CVSS
7.3AI Score
0.001EPSS
Cross-site scripting (XSS) vulnerability in InterSect Alliance SNARE Epilog for UNIX version 1.5 allows remote authenticated users to inject arbitrary web script or HTML via the str_log_name parameter in a "Web Admin Portal > Log Configuration > Add"...
5.4CVSS
5.1AI Score
0.001EPSS