31 matches found
EUVD-2018-11780
Malware in sbrugna...
EUVD-2017-17014
Malware in sbrugna...
CVE-2017-8050
Tenable Appliance 4.4.0, and possibly prior, contains a flaw in the Web UI that allows for the unauthorized manipulation of the admin password...
CVE-2017-8051
Tenable Appliance 3.5 - 4.4.0, and possibly prior versions, contains a flaw in the simpleupload.py script in the Web UI. Through the manipulation of the tnsappliancesessionuser parameter, a remote attacker can inject arbitrary commands...
Tenable Appliance vulnerable to cross-site scripting
Overview Tenable Appliance provided by Tenable, Inc. contains a stored cross-site scripting vulnerability CWE-79. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...
JVN#71255137: Tenable Appliance vulnerable to cross-site scripting
Tenable Appliance provided by Tenable, Inc. contains a stored cross-site scripting vulnerability CWE-79. Impact Arbitrary JavaScript may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by the developer. Product...
Tenable Appliance Cross-Site Scripting Vulnerability
Tenable Appliance is a browser management application from US-based Tenable Network Security that hosts a variety of Tenable applications, including Nessus. A cross-site scripting vulnerability exists in Tenable Appliance. A remote attacker can exploit this vulnerability by sending a specially...
CVE-2018-1142
Tenable Appliance versions 4.6.1 and earlier have been found to contain a single XSS vulnerability. Utilizing a specially crafted request, an authenticated attacker could potentially execute arbitrary JavaScript code by manipulating certain URL parameters related to offline plugins...
CVE-2018-1142
Tenable Appliance versions 4.6.1 and earlier have been found to contain a single XSS vulnerability. Utilizing a specially crafted request, an authenticated attacker could potentially execute arbitrary JavaScript code by manipulating certain URL parameters related to offline plugins...
CVE-2018-1142
Tenable Appliance versions 4.6.1 and earlier have been found to contain a single XSS vulnerability. Utilizing a specially crafted request, an authenticated attacker could potentially execute arbitrary JavaScript code by manipulating certain URL parameters related to offline plugins...
[R1] Tenable Appliance 4.7.0 Fixes One Vulnerability
Tenable Appliance versions 4.6.1 and earlier have been found to contain a single XSS vulnerability. Utilizing a specially crafted request, an authenticated attacker could potentially execute arbitrary JavaScript code by manipulating certain URL parameters related to offline plugins...
The vulnerability of the simpleupload.py script in the Tenable Appliance web interface allows a hacker to execute arbitrary commands.
The vulnerability of the simpleupload.py script in the Tenable Appliance web interface is related to the lack of data cleaning at the management level. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using the tnsappliancesessionuser parameter...
Tenable Appliance Arbitrary Command Execution Vulnerability
Tenable Appliance is a browser management program developed by Tenable Network Security. An arbitrary command execution vulnerability exists in Tenable Appliance versions 3.5 through 4.4.0. A remote attacker can inject arbitrary commands by manipulating the tnsappliancesessionuser parameter...
Tenable Appliance Unauthorized Administrator Password Manipulation Vulnerability
The Tenable Appliance is a browser-managed application that hosts a variety of Tenable enterprise applications, including Nessus, SecurityCenter SC and Passive Vulnerability Scanner PVS. An unauthorized administrator password manipulation vulnerability exists in Tenable Appliance, which can be...
CVE-2017-8051
Tenable Appliance 3.5 - 4.4.0, and possibly prior versions, contains a flaw in the simpleupload.py script in the Web UI. Through the manipulation of the tnsappliancesessionuser parameter, a remote attacker can inject arbitrary commands...
CVE-2017-8050
Tenable Appliance 4.4.0, and possibly prior, contains a flaw in the Web UI that allows for the unauthorized manipulation of the admin password...
CVE-2017-8050
Tenable Appliance 4.4.0, and possibly prior, contains a flaw in the Web UI that allows for the unauthorized manipulation of the admin password...
CVE-2017-8051
Tenable Appliance 3.5 - 4.4.0, and possibly prior versions, contains a flaw in the simpleupload.py script in the Web UI. Through the manipulation of the tnsappliancesessionuser parameter, a remote attacker can inject arbitrary commands...
Command injection
Tenable Appliance 3.5 - 4.4.0, and possibly prior versions, contains a flaw in the simpleupload.py script in the Web UI. Through the manipulation of the tnsappliancesessionuser parameter, a remote attacker can inject arbitrary commands...
Design/Logic Flaw
Tenable Appliance 4.4.0, and possibly prior, contains a flaw in the Web UI that allows for the unauthorized manipulation of the admin password...