Lucene search
K

152 matches found

packetstorm
packetstorm
added 2019/03/06 12:0 a.m.63 views

Imperva SecureSphere 13.x PWS Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Imperva SecureSphere PWS Command Injection', 'Description' = %q This module exploits a command injection vulnerability in Imperva SecureSphere...

0.2AI score
Exploits0
cnvd
cnvd
added 2019/01/11 12:0 a.m.1 views

Imperva SecureSphere Native Arbitrary Code Execution Vulnerability

Imperva SecureSphere is a suite of high-performance, centralized data security protection and management products from US-based Imperva. The product provides unified auditing, reporting and logging of different SecureSphere products, visualization of security status and real-time monitoring of...

7.8CVSS7.1AI score0.00611EPSS
Exploits1References1
cnvd
cnvd
added 2019/01/11 12:0 a.m.3 views

Imperva SecureSphere Elevation of Privilege Vulnerability

Imperva SecureSphere is a suite of high-performance, centralized data security protection and management products from US-based Imperva. The product provides unified auditing, reporting and logging of different SecureSphere products, visualization of security status and real-time monitoring of...

8.8CVSS6.9AI score0.01255EPSS
Exploits1References1
prion
prion
added 2019/01/10 10:29 p.m.15 views

Code injection

Imperva SecureSphere running v12.0.0.50 is vulnerable to local arbitrary code execution, escaping sealed-mode...

7.2CVSS7.7AI score0.00611EPSS
Exploits1References1Affected Software1
osv
osv
added 2019/01/10 10:29 p.m.4 views

CVE-2018-5413

Imperva SecureSphere running v13.0, v12.0, or v11.5 allows low privileged users to add SSH login keys to the admin user, resulting in privilege escalation...

8.8CVSS5.8AI score0.01255EPSS
Exploits1References1
prion
prion
added 2019/01/10 10:29 p.m.15 views

Authentication flaw

Imperva SecureSphere gateway GW running v13, for both pre-First Time Login or post-First Time Login FTL, if the attacker knows the basic authentication passwords, the GW may be vulnerable to RCE through specially crafted requests, from the web access management interface...

6.8CVSS8.1AI score0.02413EPSS
Exploits1References1Affected Software1
osv
osv
added 2019/01/10 10:29 p.m.2 views

CVE-2018-5412

Imperva SecureSphere running v12.0.0.50 is vulnerable to local arbitrary code execution, escaping sealed-mode...

7.8CVSS6AI score0.00611EPSS
Exploits1References1
prion
prion
added 2019/01/10 10:29 p.m.16 views

Privilege escalation

Imperva SecureSphere running v13.0, v12.0, or v11.5 allows low privileged users to add SSH login keys to the admin user, resulting in privilege escalation...

6.5CVSS8.4AI score0.01255EPSS
Exploits1References1Affected Software1
nvd
nvd
added 2019/01/10 10:29 p.m.18 views

CVE-2018-5403

Imperva SecureSphere gateway GW running v13, for both pre-First Time Login or post-First Time Login FTL, if the attacker knows the basic authentication passwords, the GW may be vulnerable to RCE through specially crafted requests, from the web access management interface...

8.1CVSS8.2AI score0.02413EPSS
Exploits1References1
nvd
nvd
added 2019/01/10 10:29 p.m.13 views

CVE-2018-5413

Imperva SecureSphere running v13.0, v12.0, or v11.5 allows low privileged users to add SSH login keys to the admin user, resulting in privilege escalation...

8.8CVSS8.6AI score0.01255EPSS
Exploits1References1
nvd
nvd
added 2019/01/10 10:29 p.m.23 views

CVE-2018-5412

Imperva SecureSphere running v12.0.0.50 is vulnerable to local arbitrary code execution, escaping sealed-mode...

7.8CVSS7.7AI score0.00611EPSS
Exploits1References1
cvelist
cvelist
added 2019/01/10 10:0 p.m.18 views

CVE-2018-5412

Imperva SecureSphere running v12.0.0.50 is vulnerable to local arbitrary code execution, escaping sealed-mode...

7.7AI score0.00611EPSS
Exploits1References1
cve
cve
added 2019/01/10 10:0 p.m.43 views

CVE-2018-5403

CVE-2018-5403 affects Imperva SecureSphere gateway (GW) running v13. The vulnerability allows remote code execution via specially crafted requests to the web access management interface, applicable for both pre-First Time Login and post-First Time Login (FTL) when an attacker knows the basic auth...

8.1CVSS8.1AI score0.02413EPSS
Exploits1References1Affected Software1
cvelist
cvelist
added 2019/01/10 10:0 p.m.19 views

CVE-2018-5403

Imperva SecureSphere gateway GW running v13, for both pre-First Time Login or post-First Time Login FTL, if the attacker knows the basic authentication passwords, the GW may be vulnerable to RCE through specially crafted requests, from the web access management interface...

8.2AI score0.02413EPSS
Exploits1References1
cvelist
cvelist
added 2019/01/10 10:0 p.m.23 views

CVE-2018-5413

Imperva SecureSphere running v13.0, v12.0, or v11.5 allows low privileged users to add SSH login keys to the admin user, resulting in privilege escalation...

8.6AI score0.01255EPSS
Exploits1References1
cve
cve
added 2019/01/10 10:0 p.m.39 views

CVE-2018-5413

CVE-2018-5413 affects Imperva SecureSphere versions 11.5, 12.0 and 13.0. A low-privilege user can add SSH keys to the administrator’s authorized_keys, enabling privilege escalation. The CNVD entry specifies the elevation of privilege vector and notes the exploitability; no patch/mitigation detail...

8.8CVSS8.4AI score0.01255EPSS
Exploits1References1Affected Software1
cve
cve
added 2019/01/10 10:0 p.m.46 views

CVE-2018-5412

CVE-2018-5412 : Imperva SecureSphere running v12.0.0.50 is vulnerable to local arbitrary code execution (escaping sealed-mode). The connected records corroborate a local arbitrary code execution risk in Imperva SecureSphere 12.0.0.50. The CVE entry itself notes a local attack vector with high imp...

7.8CVSS7.6AI score0.00611EPSS
Exploits1References1Affected Software1
metasploit
metasploit
added 2019/01/08 6:18 a.m.33 views

Imperva SecureSphere PWS Command Injection

This module exploits a command injection vulnerability in Imperva SecureSphere 13.x. The vulnerability exists in the PWS service, where Python CGIs didn't properly sanitize user supplied command parameters and directly passes them to corresponding CLI utility, leading to command injection. Agent...

7.9AI score
Exploits0
osv
osv
added 2018/11/28 6:29 p.m.3 views

CVE-2018-19646

The Python CGI scripts in PWS in Imperva SecureSphere 13.0.10, 13.1.10, and 13.2.10 allow remote attackers to execute arbitrary OS commands because command-line arguments are mishandled...

9.8CVSS6AI score0.0345EPSS
Exploits0References1
nvd
nvd
added 2018/11/28 6:29 p.m.23 views

CVE-2018-19646

The Python CGI scripts in PWS in Imperva SecureSphere 13.0.10, 13.1.10, and 13.2.10 allow remote attackers to execute arbitrary OS commands because command-line arguments are mishandled...

10CVSS9.8AI score0.0345EPSS
Exploits0References1
Rows per page
Query Builder