67 matches found
Mcafee Database Security Server 代码问题漏洞
Mcafee Database Security Server is a database security software from Mcafee USA. The software provides users with a holistic view of the database and the corresponding security status, protecting business-critical databases from external, internal and insider database threats in real time. A code...
CVE-2020-26155
Multiple files and folders in Utimaco SecurityServer 4.20.0.4 and 4.31.1.0. are installed with Read/Write permissions for authenticated users, which allows for binaries to be manipulated by non-administrator users. Additionally, entries are made to the PATH environment variable which, in...
Mcafee Database Security Server 和 Sensor 加密问题漏洞
Mcafee Database Security Server and Mcafee Database Security sensor are both products of Mcafee Corporation, China.Mcafee Database Security Server is a database security software. Mcafee Database Security Server is a database security software that provides users with an overall view of the...
CVE-2019-8341
An issue was discovered in Jinja2 2.10. The fromstring function is prone to Server Side Template Injection SSTI where it takes the "source" parameter as a template object, renders it, and then returns it. The attacker can exploit it with INJECTION COMMANDS in a URI. NOTE: The maintainer and...
Attachmate Host Access Management and Security Server PassThru Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Attachmate Host Access Management and Security Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the PassThru resource. The issue results...
Directory traversal
Administrative Server in Micro Focus Host Access Management and Security Server MSS and Reflection for the Web RWeb and Reflection Security Gateway RSG and Reflection ZFE ZFE allows remote unauthenticated attackers to read arbitrary files via a specially crafted URL that allows limited directory...
CVE-2016-5765
The CVE-2016-5765 entry describes a remote, unauthenticated directory-traversal information-disclosure in Micro Focus MSS and related products (RWeb, RSG, ZFE, and older components). Affected: MSS 12.3 before 12.3.326, MSS 12.2 before 12.2.342; RSG 12.1 before 12.1.362; RWeb 12.3 before 12.3.312,...
Symantec Embedded Security: Critical System Protection and Symantec Data Center Security: Server Advanced Elevation of Privilege Vulnerabilities
Symantec Embedded Security:Critical System Protection SES:CSP and Symantec Data Center Security: Server Advanced SDCS:SA are both security products from Symantec Corporation. SES:CSP is a lightweight intrusion detection and prevention system client product; SDCS:SA provides security for physical...
The vulnerability of Oracle WebLogic Server application servers allows attackers to execute arbitrary code.
The vulnerability of the WLS Security server component of Oracle WebLogic Server is related to the lack of measures for cleaning incoming data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using specially crafted Java objects transmitted over the TCP protocol,...
Symantec Data Center Security Server SQLi (SYM15-001)
The remote Symantec Data Center Security Server running on the remote host is affected by a SQL injection vulnerability in the '/sis-ui/authenticate' script on the web console interface. A remote attacker, using a crafted HTTP request, can exploit this to execute SQL queries, allowing the...
Symantec Data Center Security Server 'WCUnsupportedClass.jsp' XSS
The remote Symantec Data Center Security Server running on the remote host is affected by a reflected cross-site scripting vulnerability due to improper validation of input to the 'classname' parameter in the 'WCUnsupportedClass.jsp' script. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...
Symantec Data Center Security - Multiple Vulnerabilities
Symantec Data Center Security: Server Advanced SDCS:SA and Symantec Critical System Protection SCSP suffer from cross site scripting, remote SQL injection, information disclosure, and policy bypass vulnerabilities. ======================================================================= title:...
Check Point Software Firewall-1 4.0/1.4.1 Resource Exhaustion Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/1416/info The Check Point Firewall-1 SMTP Security Server in Firewall-1 4.0 and 4.1 on Windows NT is vulnerable to a simple network-based attack which can increase the firewall's CPU utilization to 100%. Sending a stream ...
Bubla <= 1.0.0rc2 (bu/process.php) Remote File Include Vulnerability
No description provided by source. DeltasecurityTEAM WwW.Deltasecurity.iR Portal Name = Bubla = 1.0.0rc2 Class = Remote File Inclusion Risk = High Remote File Execution Download = http://download.sourceforge.net/pub/sourceforge/b/bu/bubla/bubla-1.0.0rc1.tar.gz Discoverd By = DeltahackingTEAM User...
Bubla <= 0.9.2 (bu_dir) Multiple Remote File Include Vulnerabilities
No description provided by source. DeltasecurityTEAM WwW.Deltasecurity.iR Portal Name = Bubla 0.9.1 Class = Remote File Inclusion Risk = High Remote File Execution Download = http://download.sourceforge.net/pub/sourceforge/b/bu/bubla/bubla-0.9.1.tar.gz Discoverd By = DeltahackingTEAM User In Delt...
VMware View Server Directory Traversal Vulnerability (VMSA-2012-0017)
The version of VMware View Server installed on the remote host is potentially affected by a directory traversal vulnerability in the Connection Server and View Security Server. This may allow a remote attacker to read arbitrary files from the system. C Tenable Network Security, Inc...
VMware View critical directory traversal vulnerability
DDI Vulnerability Research Team VRT for reported a critical vulnerability in VMware View Server , that is a directory traversal vulnerability that allows an unauthenticated remote attacker to retrieve arbitrary files from affected View Servers. Exploitation of this issue may expose sensitive...
VMware View critical directory traversal vulnerability
DDI Vulnerability Research Team VRT for reported a critical vulnerability in VMware View Server , that is a directory traversal vulnerability that allows an unauthenticated remote attacker to retrieve arbitrary files from affected View Servers. Exploitation of this issue may expose sensitive...
VMware Patches Directory Traversal Vulnerability in View Server and Security Server
Virtualization vendor VMware has patched a critical vulnerability in its VMware View desktop virtualization product that could have led to a directory traversal attack and an attacker reading or downloading files without the need for authentication. VMware View 5.x prior to 5.1.2 and 4.x prior to...
CVE-2012-5978
Multiple directory traversal vulnerabilities in the 1 View Connection Server and 2 View Security Server in VMware View 4.x before 4.6.2 and 5.x before 5.1.2 allow remote attackers to read arbitrary files via unspecified vectors...