The RPC service in Tripwire (formerly nCircle) IP360 VnE Manager 7.2.2 before 7.2.6 allows remote attackers to bypass authentication and (1) enumerate users, (2) reset passwords, or (3) manipulate IP filter restrictions via crafted "privileged...
9.8CVSS
9.5AI Score
0.008EPSS
Multiple cross-site scripting (XSS) vulnerabilities in ajaxRequest/methodCall.do in Tripwire Enterprise 8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) m_target_class_name, (2) m_target_method_name, or (3) m_request_context_params...
5.9AI Score
0.002EPSS
Cross-site scripting (XSS) vulnerability in the web management login page in Tripwire Enterprise 7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified...
5.7AI Score
0.003EPSS
Format string vulnerability in Tripwire commercial 4.0.1 and earlier, including 2.4, and open source 2.3.1 and earlier, allows local users to gain privileges via format string specifiers in a file name, which is used in the generation of an email...
6.2AI Score
0.593EPSS
Tripwire 1.3.1, 2.2.1 and 2.3.0 allows local users to overwrite arbitrary files and possible gain privileges via a symbolic link attack on temporary...
6.6AI Score
0.0004EPSS
Local users can perform a denial of service in Tripwire 1.2 and earlier using long...
7AI Score
0.0004EPSS