Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Virtual Computing Lab Security Vulnerabilities - February

cve
cve

CVE-2018-11772

Apache VCL versions 2.1 through 2.5 do not properly validate cookie input when determining what node (if any) was previously selected in the privilege tree. The cookie data is then used in an SQL statement. This allows for an SQL injection attack. Access to this portion of a VCL system requires adm...

7.2CVSS

7.4AI Score

0.001EPSS

2019-07-29 07:15 PM
31
cve
cve

CVE-2018-11773

Apache VCL versions 2.1 through 2.5 do not properly validate form input when processing a submitted block allocation. The form data is then used as an argument to the php built in function strtotime. This allows for an attack against the underlying implementation of that function. The implementatio...

9.8CVSS

9.2AI Score

0.002EPSS

2019-07-29 07:15 PM
24
cve
cve

CVE-2018-11774

Apache VCL versions 2.1 through 2.5 do not properly validate form input when adding and removing VMs to and from hosts. The form data is then used in SQL statements. This allows for an SQL injection attack. Access to this portion of a VCL system requires admin level rights. Other layers of security...

7.2CVSS

7.3AI Score

0.001EPSS

2019-07-29 07:15 PM
27