9 matches found
CVE-2022-28810
Zoho ManageEngine ADSelfService Plus before build 6122 allows a remote authenticated administrator to execute arbitrary operating OS commands as SYSTEM via the policy custom script feature. Due to the use of a default administrator password, attackers may be able to abuse this functionality with...
Cross site scripting
A Cross-site Scripting XSS vulnerability exists in WatchGuard XTM 11.8.3 via the pollname parameter in the firewall/policy script...
CVE-2014-6413
A Cross-site Scripting XSS vulnerability exists in WatchGuard XTM 11.8.3 via the pollname parameter in the firewall/policy script...
keycloak: script execution via UMA policy trigger
A flaw was found in Keycloak’s user-managed access interface, where it would permit a script to be set in the UMA policy. This flaw allows an authenticated attacker with UMA permissions to configure a malicious script to trigger and execute arbitrary code with the permissions of the user running...
CVE-2018-6229
A SQL injection vulnerability in an Trend Micro Email Encryption Gateway 5.5 edit policy script could allow an attacker to execute SQL commands to upload and execute arbitrary code that may harm the target system...
CVE-2018-6228
A SQL injection vulnerability in a Trend Micro Email Encryption Gateway 5.5 policy script could allow an attacker to execute SQL commands to upload and execute arbitrary code that may harm the target system...
CVE-2018-6229
A SQL injection vulnerability in an Trend Micro Email Encryption Gateway 5.5 edit policy script could allow an attacker to execute SQL commands to upload and execute arbitrary code that may harm the target system...
Trend Micro Email Encryption Gateway SQL Injection Vulnerability (CNVD-2018-04493)
Trend Micro Email Encryption is a suite of identity-based email encryption solutions from Trend Micro, Inc. The Trend Micro Email Encryption Gateway TMEEG is one of the gateway products that provides data protection. An SQL injection vulnerability exists in the edit policy script in Trend Micro...
Trend Micro Email Encryption Gateway Cross-Site Scripting Vulnerability (CNVD-2018-04491)
Trend Micro Email Encryption is a suite of identity-based email encryption solutions from Trend Micro, Inc. The Trend Micro Email Encryption Gateway TMEEG is one of the gateway products that provides data protection. A cross-site scripting vulnerability exists in the policy script in Trend Micro...