CVE-2018-6670 External Entity Attack vulnerability in McAfee Common UI (CUI)

External Entity Attack vulnerability in the ePO extension in McAfee Common UI CUI 2.0.2 allows remote authenticated users to view confidential information via a crafted HTTP request parameter...

HPE Intelligent Management Center WmiConfigContent Expression Language Injection (CVE-2017-12526)

An Expression Language injection vulnerability exists in HPE Intelligent Management Center. The vulnerability is due to insufficient handling of request parameter on wmiConfigContent.xhtml...

WordPress Subscribe2 Plugin Cross-Site Scripting Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites on PHP and MySQL servers.Subscribe2 plugin is used in which a subscription and email notification management plugin. A cross-site scripting...

CVE-2017-16670

The project import functionality in SoapUI 5.3.0 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL project file...

Code injection

The project import functionality in SoapUI 5.3.0 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL project file...

CVE-2017-16670

The project import functionality in SoapUI 5.3.0 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL project file...

Trend Micro Mobile Security Enterprise get_dep_profile id SQL Injection (CVE-2017-14078)

An SQL injection vulnerability exists in Trend Micro Mobile Security Enterprise. The vulnerability is due to insufficient validation of the id request parameter with getdepprofile action...

PHP Scripts Mall Realestate Crowdfunding Script SQL Injection Vulnerability

PHP Scripts Mall Realestate Crowdfunding Script is a PHP based real estate crowdfunding website script by PHP Scripts Mall India. A SQL injection vulnerability exists in PHP Scripts Mall Realestate Crowdfunding Script version 2.7.2. A remote attacker can exploit the vulnerability by sending the...

Artica Web Proxy 3.06.112216 Remote Code Execution

Credits: John Page aka Hyp3rlinX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/ARTICA-WEB-PROXY-v3.06-REMOTE-CODE-EXECUTION-CVE-2017-17055.txt + ISR: ApparitionSec Vendor: ======= www.articatech.com Product: ========= Artica Web Proxy v.3.06.112216...

Cross site scripting

Cross-site scripting XSS vulnerability in the GlobalProtect internal and external gateway interface in Palo Alto Networks PAN-OS before 6.1.18, 7.0.x before 7.0.17, 7.1.x before 7.1.12, and 8.0.x before 8.0.3 allows remote attackers to inject arbitrary web script or HTML via vectors related to...

CVE-2017-12416

Cross-site scripting XSS vulnerability in the GlobalProtect internal and external gateway interface in Palo Alto Networks PAN-OS before 6.1.18, 7.0.x before 7.0.17, 7.1.x before 7.1.12, and 8.0.x before 8.0.3 allows remote attackers to inject arbitrary web script or HTML via vectors related to...

Cross-Site Scripting in PAN-OS

A vulnerability exists in PAN-OS’s GlobalProtect internal and external gateway interface. This issue could allow for a cross-site scripting XSS attack. PAN-OS does not properly validate specific request parameters. Ref PAN-76003 / CVE-2017-12416 Successful exploitation of this issue may allow an...

CVE-2017-4053

Command Injection vulnerability in the web interface in McAfee Advanced Threat Defense ATD 3.10, 3.8, 3.6, 3.4 allows remote unauthenticated users / remote attackers to execute a command of their choice via a crafted HTTP request parameter...

Authentication flaw

Authentication Bypass vulnerability in the web interface in McAfee Advanced Threat Defense ATD 3.10, 3.8, 3.6, 3.4 allows remote unauthenticated users / remote attackers to change or update any configuration settings, or gain administrator functionality via a crafted HTTP request parameter...

CVE-2017-4053

Command Injection vulnerability in the web interface in McAfee Advanced Threat Defense ATD 3.10, 3.8, 3.6, 3.4 allows remote unauthenticated users / remote attackers to execute a command of their choice via a crafted HTTP request parameter...

CVE-2017-4054

Command Injection vulnerability in the web interface in McAfee Advanced Threat Defense ATD 3.10, 3.8, 3.6, 3.4 allows remote authenticated users to execute a command of their choice via a crafted HTTP request parameter...

CVE-2017-5672

Kony Enterprise Mobile Management EMM before 4.2.5.2 has the vulnerability of disclosing the private key in clear-text when changing the parameters of the request...

CVE-2016-8025

SQL injection vulnerability in Intel Security VirusScan Enterprise Linux VSEL 2.0.3 and earlier allows remote authenticated users to obtain product information via a crafted HTTP request parameter...

CVE-2017-3899

SQL injection vulnerability in Intel Security Advanced Threat Defense ATD Linux 3.6.0 and earlier allows remote authenticated users to obtain product information via a crafted HTTP request parameter...

Sql injection

SQL injection vulnerability in Intel Security Advanced Threat Defense ATD Linux 3.6.0 and earlier allows remote authenticated users to obtain product information via a crafted HTTP request parameter...