98 matches found
CVE-2013-4093
The SecureSphere Operations Manager SOM Management Server in Imperva SecureSphere 9.0.0.5 allows remote attackers to obtain sensitive information via 1 a direct request to dwr/call/plaincall/AsyncOperationsContainer.getOperationState.dwr, which reveals the installation path in the s0.filePath...
CVE-2013-4095
Imperva SecureSphere SOM Management Server (v9.0.0.5) is affected by CVE-2013-4095. Remote authenticated users can execute arbitrary commands via a task payload using a [command].value field together with an [arguments].value field. The description is consistent across multiple sources (NVD/Red H...
CVE-2013-4094
CVE-2013-4094 concerns Imperva SecureSphere 9.0.0.5, where the Key Management feature in the SOM Management Server allows remote authenticated users to upload executable files via the private_key or public_key parameters in a T/keyManagement request to plain/settings.html, demonstrated by Linux E...
Imperva SecureSphere Operations Manager 9.0.0.5 - Multiple Vulnerabilities
Imperva SecureSphere Operations Manager 9.0.0.5 - Multiple Vulnerabilities Original: http://www.digitalsec.net/stuff/explt+advs/Imperva-SecureSphere.OptMgr.txt =============================== - Advisory - =============================== Tittle: Imperva SecureSphere Operations Manager - Command...
Imperva SecureSphere Operations Manager Command Execution Vulnerability
Imperva SecureSphere Operations Manager version 9.0.0.5 Enterprise Edition suffers from path disclosure, command execution, and arbitrary file upload vulnerabilities. Tittle: Imperva SecureSphere Operations Manager - Command Execution Post Authentication & Minor issues Risk: High Date: 27.May.201...
Imperva SecureSphere Operations Manager 9.0.0.5 - Multiple Vulnerabilities
Original: http://www.digitalsec.net/stuff/explt+advs/Imperva-SecureSphere.OptMgr.txt =============================== - Advisory - =============================== Tittle: Imperva SecureSphere Operations Manager - Command Execution Post Authentication & Minor issues Risk: High Date: 27.May.2013...
Imperva SecureSphere Operations Manager Command Execution
Original: http://www.digitalsec.net/stuff/explt+advs/Imperva-SecureSphere.OptMgr.txt =============================== - Advisory - =============================== Tittle: Imperva SecureSphere Operations Manager - Command Execution Post Authentication & Minor issues Risk: High Date: 27.May.2013...
Imperva SecureSphere Operations Manager multiple security vulnerabilities
Multiple web interface vulnerabilities...
CVE-2011-0767
Cross-site scripting XSS vulnerability in the management GUI in the MX Management Server in Imperva SecureSphere Web Application Firewall 6.2, 7.x, and 8.x allows remote attackers to inject arbitrary web script or HTML via an HTTP request to a firewalled server, aka Bug ID 31759...
CVE-2011-0767
Cross-site scripting XSS vulnerability in the management GUI in the MX Management Server in Imperva SecureSphere Web Application Firewall 6.2, 7.x, and 8.x allows remote attackers to inject arbitrary web script or HTML via an HTTP request to a firewalled server, aka Bug ID 31759...
CVE-2011-0767
The CVE-2011-0767 vulnerability affects Imperva SecureSphere Web Application Firewall, specifically the management GUI in MX Management Server across versions 6.2, 7.x, and 8.x. Root cause: improper validation/sanitization of user-controlled input stored and later returned to the administrator in...
Imperva SecureSphere - SQL Query Filter Security Bypass
source: https://www.securityfocus.com/bid/47780/info Imperva SecureSphere is prone to a security-bypass vulnerability. An attacker can leverage this vulnerability to bypass certain security restrictions. Successful exploits may allow attackers to exploit SQL-injection vulnerabilities. 15 and...
Imperva SecureSphere Web Application Firewall protection bypass
No description provided...
CVE-2010-1329
Imperva SecureSphere Web Application Firewall and Database Firewall 5.0.0.5082 through 7.0.0.7078 allow remote attackers to bypass intrusion-prevention functionality via a request that has an appended long string containing an unspecified manipulation...
CVE-2008-1463
Cross-site scripting XSS vulnerability in the management GUI in Imperva SecureSphere MX Management Server 5.0 allows remote attackers to inject arbitrary web script or HTML via an invalid or prohibited request to a web server protected by SecureSphere, which triggers injection into the "correctiv...
CVE-2008-1463
CVE-2008-1463 describes a cross-site scripting (XSS) vulnerability in the management GUI of Imperva SecureSphere MX Management Server 5.0. The issue arises when processing an invalid or prohibited request to a web server protected by SecureSphere, allowing an attacker to inject arbitrary web scri...
Imperva SecureSphere 5.0 - Cross-Site Scripting
Imperva SecureSphere 5.0 - Cross-Site Scripting source: https://www.securityfocus.com/bid/28279/info Imperva SecureSphere is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitra...
Imperva SecureSphere 5.0 - Cross-Site Scripting
source: https://www.securityfocus.com/bid/28279/info Imperva SecureSphere is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting...