11 matches found
EUVD-2019-13230
Malware in sbrugna...
Input validation
Improper Neutralization of Input in the ePO administrator extension for McAfee Data Loss Prevention DLP Endpoint for Windows prior to 11.6.200 allows a remote ePO DLP administrator to inject JavaScript code into the alert configuration text field. This JavaScript will be executed when an end user...
CVE-2019-3595
Improper Neutralization of Special Elements used in a Command 'Command Injection' in ePO extension in McAfee Data Loss Prevention DLP 11.x prior to 11.3.0 allows Authenticated Adminstrator to execute arbitrary code with their local machine privileges via a specially crafted DLP policy, which is...
Command injection
Improper Neutralization of Special Elements used in a Command 'Command Injection' in ePO extension in McAfee Data Loss Prevention DLP 11.x prior to 11.3.0 allows Authenticated Adminstrator to execute arbitrary code with their local machine privileges via a specially crafted DLP policy, which is...
CVE-2019-3595 DLP Endpoint ePO extension not sanitizing CSV exports
Improper Neutralization of Special Elements used in a Command 'Command Injection' in ePO extension in McAfee Data Loss Prevention DLP 11.x prior to 11.3.0 allows Authenticated Adminstrator to execute arbitrary code with their local machine privileges via a specially crafted DLP policy, which is...
CVE-2018-6683
Exploiting Incorrectly Configured Access Control Security Levels vulnerability in McAfee Data Loss Prevention DLP for Windows versions prior to 10.0.505 and 11.0.405 allows local users to bypass DLP policy via editing of local policy files when offline...
Trend Micro Threat Discovery Appliance Arbitrary Code Execution Vulnerability (CNVD-2017-06837)
The Trend Micro Threat Discovery Appliance TDA is a threat discovery appliance with integrated cloud security technology from Trend Micro. The appliance provides detection of malicious activity at the network layer, threat management services, and threat analysis and reporting. A security...
CVE-2016-8587
dlppolicyupload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via an archive file containing a symlink to /engptnstores/prod/sensorSDK/data/ or /engptnstores/prod/sensorSDK/backuppol/...
CVE-2015-2747
Multiple cross-site scripting XSS vulnerabilities in the data loss prevention DLP incident Forensics Preview in Websense Triton 7.8.3 and V-Series 7.7 appliances allow remote attackers to inject arbitrary web script or HTML via a crafted 1 email or 2 HTTP request, which triggers a DLP Policy...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the data loss prevention DLP incident Forensics Preview in Websense Triton 7.8.3 and V-Series 7.7 appliances allow remote attackers to inject arbitrary web script or HTML via a crafted 1 email or 2 HTTP request, which triggers a DLP Policy...
CVE-2015-2747
Multiple cross-site scripting XSS vulnerabilities in the data loss prevention DLP incident Forensics Preview in Websense Triton 7.8.3 and V-Series 7.7 appliances allow remote attackers to inject arbitrary web script or HTML via a crafted 1 email or 2 HTTP request, which triggers a DLP Policy...