98 matches found
CVE-2011-4887
Cross-site scripting XSS vulnerability in the Violations Table in the management GUI in the MX Management Server in Imperva SecureSphere Web Application Firewall WAF 9.0 allows remote attackers to inject arbitrary web script or HTML via the username field...
Cross site scripting
Cross-site scripting XSS vulnerability in the Violations Table in the management GUI in the MX Management Server in Imperva SecureSphere Web Application Firewall WAF 9.0 allows remote attackers to inject arbitrary web script or HTML via the username field...
CVE-2011-4887
Cross-site scripting XSS vulnerability in the Violations Table in the management GUI in the MX Management Server in Imperva SecureSphere Web Application Firewall WAF 9.0 allows remote attackers to inject arbitrary web script or HTML via the username field...
Imperva SecureSphere Web Application Firewall MX 9.5.6 - Blind SQL Injection
No description provided by source. Blind SQL Injection to Imperva SecureSphere Web Application Firewall MX ======================================================================= ADVISORY INFORMATION Title: Blind SQL Injection on Imperva SecureSphere Web Application Firewall MX Discovery date:...
Imperva SecureSphere 5.0 - Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/28279/info Imperva SecureSphere is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code...
Imperva SecureSphere Operations Manager 9.0.0.5 - Multiple Vulnerabilities
No description provided by source. Original: http://www.digitalsec.net/stuff/explt+advs/Imperva-SecureSphere.OptMgr.txt =============================== - Advisory - =============================== Tittle: Imperva SecureSphere Operations Manager - Command Execution Post Authentication & Minor issu...
Imperva SecureSphere Web Application Firewall MX Blind SQL Injection
Imperva SecureSphere WAF MX version 9.5.6 suffers from a remote blind SQL injection vulnerability. Blind SQL Injection to Imperva SecureSphere Web Application Firewall MX ======================================================================= ADVISORY INFORMATION Title: Blind SQL Injection on...
Imperva SecureSphere Web Application Firewall MX 9.5.6 - Blind SQL Injection
The management console of Imperva WAF allows an authenticated user having the only privilege to view lookup dataset, to perform a privilege escalation, and extract through a blind sql injection, the MD5 hash of Administrator's account on the console. Blind SQL Injection to Imperva SecureSphere We...
Imperva SecureSphere WAF MX 9.5.6 SQL Injection
Blind SQL Injection to Imperva SecureSphere Web Application Firewall MX ======================================================================= ADVISORY INFORMATION Title: Blind SQL Injection on Imperva SecureSphere Web Application Firewall MX Discovery date: 09/04/2013 Release date: 09/10/2013...
Imperva SecureSphere Web Application Firewall MX 9.5.6 - Blind SQL Injection
Blind SQL Injection to Imperva SecureSphere Web Application Firewall MX ======================================================================= ADVISORY INFORMATION Title: Blind SQL Injection on Imperva SecureSphere Web Application Firewall MX Discovery date: 09/04/2013 Release date: 09/10/2013...
CVE-2013-4095
plain/actionsets.html in the SecureSphere Operations Manager SOM Management Server in Imperva SecureSphere 9.0.0.5 allows remote authenticated users to execute arbitrary commands via a task with a command.value field in conjunction with an arguments.value field...
CVE-2013-4094
The Key Management feature in the SecureSphere Operations Manager SOM Management Server in Imperva SecureSphere 9.0.0.5 allows remote authenticated users to upload executable files via the 1 privatekey or 2 publickey parameter in a T/keyManagement request to plain/settings.html, as demonstrated b...
CVE-2013-4092
The SecureSphere Operations Manager SOM Management Server in Imperva SecureSphere 9.0.0.5 allows context-dependent attackers to obtain sensitive information by leveraging the presence of 1 a session ID in the jsessionid field to secsphLogin.jsp or 2 credentials in the jpassword parameter to...
CVE-2013-4091
The SecureSphere Operations Manager SOM Management Server in Imperva SecureSphere 9.0.0.5 does not have an off autocomplete attribute for the password aka jpassword field on the secsphLogin.jsp login page, which makes it easier for remote attackers to obtain access by leveraging an unattended...
Design/Logic Flaw
The SecureSphere Operations Manager SOM Management Server in Imperva SecureSphere 9.0.0.5 allows context-dependent attackers to obtain sensitive information by leveraging the presence of 1 a session ID in the jsessionid field to secsphLogin.jsp or 2 credentials in the jpassword parameter to...
Design/Logic Flaw
The SecureSphere Operations Manager SOM Management Server in Imperva SecureSphere 9.0.0.5 does not have an off autocomplete attribute for the password aka jpassword field on the secsphLogin.jsp login page, which makes it easier for remote attackers to obtain access by leveraging an unattended...
Design/Logic Flaw
The SecureSphere Operations Manager SOM Management Server in Imperva SecureSphere 9.0.0.5 allows remote attackers to obtain sensitive information via 1 a direct request to dwr/call/plaincall/AsyncOperationsContainer.getOperationState.dwr, which reveals the installation path in the s0.filePath...
CVE-2013-4092
The SecureSphere Operations Manager SOM Management Server in Imperva SecureSphere 9.0.0.5 allows context-dependent attackers to obtain sensitive information by leveraging the presence of 1 a session ID in the jsessionid field to secsphLogin.jsp or 2 credentials in the jpassword parameter to...
CVE-2013-4094
The Key Management feature in the SecureSphere Operations Manager SOM Management Server in Imperva SecureSphere 9.0.0.5 allows remote authenticated users to upload executable files via the 1 privatekey or 2 publickey parameter in a T/keyManagement request to plain/settings.html, as demonstrated b...
CVE-2013-4093
The SecureSphere Operations Manager SOM Management Server in Imperva SecureSphere 9.0.0.5 allows remote attackers to obtain sensitive information via 1 a direct request to dwr/call/plaincall/AsyncOperationsContainer.getOperationState.dwr, which reveals the installation path in the s0.filePath...