Lucene search
K

98 matches found

NVD
NVD
added 2014/09/11 2:16 p.m.14 views

CVE-2011-4887

Cross-site scripting XSS vulnerability in the Violations Table in the management GUI in the MX Management Server in Imperva SecureSphere Web Application Firewall WAF 9.0 allows remote attackers to inject arbitrary web script or HTML via the username field...

4.3CVSS5.7AI score0.01284EPSS
Exploits0References6
Prion
Prion
added 2014/09/11 2:16 p.m.12 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Violations Table in the management GUI in the MX Management Server in Imperva SecureSphere Web Application Firewall WAF 9.0 allows remote attackers to inject arbitrary web script or HTML via the username field...

4.3CVSS6.1AI score0.01284EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2014/09/11 2:0 p.m.24 views

CVE-2011-4887

Cross-site scripting XSS vulnerability in the Violations Table in the management GUI in the MX Management Server in Imperva SecureSphere Web Application Firewall WAF 9.0 allows remote attackers to inject arbitrary web script or HTML via the username field...

5.7AI score0.01284EPSS
Exploits0References6
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.22 views

Imperva SecureSphere Web Application Firewall MX 9.5.6 - Blind SQL Injection

No description provided by source. Blind SQL Injection to Imperva SecureSphere Web Application Firewall MX ======================================================================= ADVISORY INFORMATION Title: Blind SQL Injection on Imperva SecureSphere Web Application Firewall MX Discovery date:...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.14 views

Imperva SecureSphere 5.0 - Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/28279/info Imperva SecureSphere is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.45 views

Imperva SecureSphere Operations Manager 9.0.0.5 - Multiple Vulnerabilities

No description provided by source. Original: http://www.digitalsec.net/stuff/explt+advs/Imperva-SecureSphere.OptMgr.txt =============================== - Advisory - =============================== Tittle: Imperva SecureSphere Operations Manager - Command Execution Post Authentication & Minor issu...

7.1AI score
Exploits0
0day.today
0day.today
added 2013/10/11 12:0 a.m.23 views

Imperva SecureSphere Web Application Firewall MX Blind SQL Injection

Imperva SecureSphere WAF MX version 9.5.6 suffers from a remote blind SQL injection vulnerability. Blind SQL Injection to Imperva SecureSphere Web Application Firewall MX ======================================================================= ADVISORY INFORMATION Title: Blind SQL Injection on...

8.1AI score
Exploits0
0day.today
0day.today
added 2013/10/10 12:0 a.m.25 views

Imperva SecureSphere Web Application Firewall MX 9.5.6 - Blind SQL Injection

The management console of Imperva WAF allows an authenticated user having the only privilege to view lookup dataset, to perform a privilege escalation, and extract through a blind sql injection, the MD5 hash of Administrator's account on the console. Blind SQL Injection to Imperva SecureSphere We...

6.9AI score
Exploits0
Packet Storm
Packet Storm
added 2013/10/10 12:0 a.m.28 views

Imperva SecureSphere WAF MX 9.5.6 SQL Injection

Blind SQL Injection to Imperva SecureSphere Web Application Firewall MX ======================================================================= ADVISORY INFORMATION Title: Blind SQL Injection on Imperva SecureSphere Web Application Firewall MX Discovery date: 09/04/2013 Release date: 09/10/2013...

0.3AI score
Exploits0
Exploit DB
Exploit DB
added 2013/10/10 12:0 a.m.17 views

Imperva SecureSphere Web Application Firewall MX 9.5.6 - Blind SQL Injection

Blind SQL Injection to Imperva SecureSphere Web Application Firewall MX ======================================================================= ADVISORY INFORMATION Title: Blind SQL Injection on Imperva SecureSphere Web Application Firewall MX Discovery date: 09/04/2013 Release date: 09/10/2013...

7.4AI score
Exploits0
NVD
NVD
added 2013/06/28 11:55 p.m.18 views

CVE-2013-4095

plain/actionsets.html in the SecureSphere Operations Manager SOM Management Server in Imperva SecureSphere 9.0.0.5 allows remote authenticated users to execute arbitrary commands via a task with a command.value field in conjunction with an arguments.value field...

6.5CVSS7.1AI score0.05885EPSS
Exploits0References2
NVD
NVD
added 2013/06/28 11:55 p.m.27 views

CVE-2013-4094

The Key Management feature in the SecureSphere Operations Manager SOM Management Server in Imperva SecureSphere 9.0.0.5 allows remote authenticated users to upload executable files via the 1 privatekey or 2 publickey parameter in a T/keyManagement request to plain/settings.html, as demonstrated b...

6.5CVSS6.3AI score0.05629EPSS
Exploits0References2
NVD
NVD
added 2013/06/28 11:55 p.m.20 views

CVE-2013-4092

The SecureSphere Operations Manager SOM Management Server in Imperva SecureSphere 9.0.0.5 allows context-dependent attackers to obtain sensitive information by leveraging the presence of 1 a session ID in the jsessionid field to secsphLogin.jsp or 2 credentials in the jpassword parameter to...

5CVSS6.1AI score0.04865EPSS
Exploits0References2
NVD
NVD
added 2013/06/28 11:55 p.m.15 views

CVE-2013-4091

The SecureSphere Operations Manager SOM Management Server in Imperva SecureSphere 9.0.0.5 does not have an off autocomplete attribute for the password aka jpassword field on the secsphLogin.jsp login page, which makes it easier for remote attackers to obtain access by leveraging an unattended...

7.5CVSS6.7AI score0.05594EPSS
Exploits0References2
Prion
Prion
added 2013/06/28 11:55 p.m.15 views

Design/Logic Flaw

The SecureSphere Operations Manager SOM Management Server in Imperva SecureSphere 9.0.0.5 allows context-dependent attackers to obtain sensitive information by leveraging the presence of 1 a session ID in the jsessionid field to secsphLogin.jsp or 2 credentials in the jpassword parameter to...

5CVSS6.6AI score0.04865EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2013/06/28 11:55 p.m.14 views

Design/Logic Flaw

The SecureSphere Operations Manager SOM Management Server in Imperva SecureSphere 9.0.0.5 does not have an off autocomplete attribute for the password aka jpassword field on the secsphLogin.jsp login page, which makes it easier for remote attackers to obtain access by leveraging an unattended...

7.5CVSS7.3AI score0.05594EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2013/06/28 11:55 p.m.13 views

Design/Logic Flaw

The SecureSphere Operations Manager SOM Management Server in Imperva SecureSphere 9.0.0.5 allows remote attackers to obtain sensitive information via 1 a direct request to dwr/call/plaincall/AsyncOperationsContainer.getOperationState.dwr, which reveals the installation path in the s0.filePath...

5CVSS6.7AI score0.06883EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2013/06/28 11:0 p.m.29 views

CVE-2013-4092

The SecureSphere Operations Manager SOM Management Server in Imperva SecureSphere 9.0.0.5 allows context-dependent attackers to obtain sensitive information by leveraging the presence of 1 a session ID in the jsessionid field to secsphLogin.jsp or 2 credentials in the jpassword parameter to...

6.1AI score0.04865EPSS
Exploits0References2
Cvelist
Cvelist
added 2013/06/28 11:0 p.m.30 views

CVE-2013-4094

The Key Management feature in the SecureSphere Operations Manager SOM Management Server in Imperva SecureSphere 9.0.0.5 allows remote authenticated users to upload executable files via the 1 privatekey or 2 publickey parameter in a T/keyManagement request to plain/settings.html, as demonstrated b...

6.3AI score0.05629EPSS
Exploits0References2
Cvelist
Cvelist
added 2013/06/28 11:0 p.m.24 views

CVE-2013-4093

The SecureSphere Operations Manager SOM Management Server in Imperva SecureSphere 9.0.0.5 allows remote attackers to obtain sensitive information via 1 a direct request to dwr/call/plaincall/AsyncOperationsContainer.getOperationState.dwr, which reveals the installation path in the s0.filePath...

6.2AI score0.06883EPSS
Exploits0References2
Rows per page
Query Builder