| id | date | type | cve | source | author | platform | description |
|---|---|---|---|---|---|---|---|
| 40465 | 2016-10-05T00:00:00+00:00 | local | CVE-2016-6434 | ExploitDB | KoreLogic | linux | Cisco Firepower Threat Management Console 6.0.1 - Hard-Coded MySQL Credentials |
| 34115 | 2010-06-07T00:00:00+00:00 | remote | ExploitDB | Adam Baldwin | windows | McAfee Unified Threat Management Firewall 4.0.6 - 'page' Cross-Site Scripting | |
| 47527 | 2019-10-21T00:00:00+00:00 | local | CVE-2019-9491 | ExploitDB | hyp3rlinx | windows | Trend Micro Anti-Threat Toolkit 1.62.0.1218 - Remote Code Execution |
| 40463 | 2016-10-05T00:00:00+00:00 | webapps | CVE-2016-6433 | ExploitDB | KoreLogic | cgi | Cisco Firepower Threat Management Console 6.0.1 - Remote Command Execution |
| 43920 | 2018-01-28T00:00:00+00:00 | remote | ExploitDB | mr_me | linux | Trend Micro Threat Discovery Appliance 2.6.1062r1 - 'dlp_policy_upload.cgi' Remote Code Execution | |
| 40464 | 2016-10-05T00:00:00+00:00 | webapps | CVE-2016-6435 | ExploitDB | KoreLogic | cgi | Cisco Firepower Threat Management Console 6.0.1 - Local File Inclusion |
| 33078 | 2009-06-13T00:00:00+00:00 | remote | ExploitDB | anonymous | multiple | HP ProCurve Threat Management Services - zl ST.1.0.090213 Module CRL Security Bypass | |
| 36586 | 2012-01-20T00:00:00+00:00 | webapps | ExploitDB | Alexander Fuchs | php | Syneto Unified Threat Management 1.3.3/1.4.2 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities | |
| 40414 | 2016-09-22T00:00:00+00:00 | webapps | CVE-2014-8142;CVE-2014-3515;CVE-2015-0231;CVE-2015-6834;CVE-2016-5771;CVE-2016-5773 | ExploitDB | SEC Consult | php | Kerio Control Unified Threat Management 9.1.0 build 1087/9.1.1 build 1324 - Multiple Vulnerabilities |
| 2016-0919 | CVE-2016-0919 | CVE | EMC RSA Web Threat Detection version 5.0; RSA Web Threat Detection version 5.1; RSA Web Threat Detection version 5.1.2 has a cross site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system. | ||||
| 2016-7547 | CVE-2016-7547 | CVE | A command execution flaw on the Trend Micro Threat Discovery Appliance 2.6.1062r1 exists with the timezone parameter in the admin_sys_time.cgi interface. | ||||
| 2016-3983 | CVE-2016-3983 | CVE | McAfee Advanced Threat Defense (ATD) before 3.4.8.178 might allow remote attackers to bypass malware detection by leveraging information about the parent process. | ||||
| 2016-8584 | CVE-2016-8584 | CVE | Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier uses predictable session values; which allows remote attackers to bypass authentication by guessing the value. | ||||
| 2018-25012 | CVE-2018-25012 | CVE | A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function WebPMuxCreateInternal. The highest threat from this vulnerability is to data confidentiality and to the service availability. | ||||
| 2018-25009 | CVE-2018-25009 | CVE | A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function WebPMuxCreateInternal. The highest threat from this vulnerability is to data confidentiality and to the service availability. | ||||
| 2019-12440 | CVE-2019-12440 | CVE | The Sitecore Rocks plugin before 2.1.149 for Sitecore allows an unauthenticated threat actor to inject malicious commands and code via the Sitecore Rocks Hard Rocks Service. | ||||
| 2015-0541 | CVE-2015-0541 | CVE | Cross-site request forgery (CSRF) vulnerability in EMC RSA Web Threat Detection before 5.1 allows remote attackers to hijack the authentication of arbitrary users. | ||||
| 2018-25013 | CVE-2018-25013 | CVE | A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ShiftBytes. The highest threat from this vulnerability is to data confidentiality and to the service availability. | ||||
| 2015-8990 | CVE-2015-8990 | CVE | Detection bypass vulnerability in Intel Security Advanced Threat Defense (ATD) 3.4.6 and earlier allows malware samples to bypass ATD detection via renaming the malware. | ||||
| 2015-3030 | CVE-2015-3030 | CVE | The web interface in McAfee Advanced Threat Defense (MATD) before 3.4.4.63 allows remote authenticated users to obtain sensitive configuration information via unspecified vectors. | ||||
| 2018-25010 | CVE-2018-25010 | CVE | A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ApplyFilter. The highest threat from this vulnerability is to data confidentiality and to the service availability. | ||||
| 2014-4627 | CVE-2014-4627 | CVE | SQL injection vulnerability in EMC RSA Web Threat Detection 4.x before 4.6.1.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | ||||
| 2015-4547 | CVE-2015-4547 | CVE | EMC RSA Web Threat Detection before 5.1 SP1 stores a cleartext AnnoDB password in a configuration file; which allows remote authenticated users to obtain sensitive information by reading this file. | ||||
| 2016-8589 | CVE-2016-8589 | CVE | log_query_dae.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter. | ||||
| 2016-8591 | CVE-2016-8591 | CVE | log_query.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter. | ||||
| 2017-4053 | CVE-2017-4053 | CVE | Command Injection vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10; 3.8; 3.6; 3.4 allows remote unauthenticated users / remote attackers to execute a command of their choice via a crafted HTTP request parameter. | ||||
| 2019-3650 | CVE-2019-3650 | CVE | Information Disclosure vulnerability in McAfee Advanced Threat Defense (ATD prior to 4.8 allows remote authenticated attackers to gain access to the atduser credentials via carefully constructed GET request extracting insecurely information stored in the database. | ||||
| 2019-3662 | CVE-2019-3662 | CVE | Path Traversal: '/absolute/pathname/here' vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attacker to gain unintended access to files on the system via carefully constructed HTTP requests. | ||||
| 2007-5439 | CVE-2007-5439 | CVE | CA (formerly Computer Associates) eTrust ITM (Threat Manager) 8.1 stores sensitive user information in log files with predictable names; which allows remote attackers to obtain this information via unspecified vectors. | ||||
| 2015-3029 | CVE-2015-3029 | CVE | The web interface in McAfee Advanced Threat Defense (MATD) before 3.4.4.63 does not properly restrict access; which allows remote authenticated users to obtain sensitive information via unspecified vectors. | ||||
| 2017-4057 | CVE-2017-4057 | CVE | Privilege Escalation vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10; 3.8; 3.6; 3.4 allows remote authenticated users to gain elevated privileges via the GUI or GUI terminal commands. | ||||
| 2018-25011 | CVE-2018-25011 | CVE | A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow was found in PutLE16(). The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | ||||
| 2019-18380 | CVE-2019-18380 | CVE | Symantec Industrial Control System Protection (ICSP); versions 6.x.x; may be susceptible to an unauthorized access issue that could potentially allow a threat actor to create or modify application user accounts without proper authentication. | ||||
| 2016-8588 | CVE-2016-8588 | CVE | The hotfix_upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via shell metacharacters in the file name of an uploaded file. | ||||
| 2016-8590 | CVE-2016-8590 | CVE | log_query_dlp.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter. | ||||
| 2007-5437 | CVE-2007-5437 | CVE | The web console in CA (formerly Computer Associates) eTrust ITM (Threat Manager) 8.1 allows remote attackers to redirect users to arbitrary web sites via a crafted HTTP URL on port 6689. | ||||
| 2009-1422 | CVE-2009-1422 | CVE | Unspecified vulnerability in HP ProCurve Threat Management Services zl Module (J9155A) ST.1.0.090213 and earlier allows remote attackers to gain privileges via unknown vectors; aka PR_41209. | ||||
| 2015-4548 | CVE-2015-4548 | CVE | EMC RSA Web Threat Detection before 5.1 SP1 allows local users to obtain root privileges by leveraging access to a service account and writing commands to a service configuration file. | ||||
| 2016-6433 | CVE-2016-6433 | CVE | The Threat Management Console in Cisco Firepower Management Center 5.2.0 through 6.0.1 allows remote authenticated users to execute arbitrary commands via crafted web-application parameters; aka Bug ID CSCva30872. | ||||
| 2016-8585 | CVE-2016-8585 | CVE | admin_sys_time.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the timezone parameter. | ||||
| 2016-8592 | CVE-2016-8592 | CVE | log_query_system.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter. | ||||
| 2017-4054 | CVE-2017-4054 | CVE | Command Injection vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10; 3.8; 3.6; 3.4 allows remote authenticated users to execute a command of their choice via a crafted HTTP request parameter. | ||||
| 2019-3651 | CVE-2019-3651 | CVE | Information Disclosure vulnerability in McAfee Advanced Threat Defense (ATD prior to 4.8 allows remote authenticated attackers to gain access to ePO as an administrator via using the atduser credentials; which were too permissive. | ||||
| 2015-7238 | CVE-2015-7238 | CVE | The Secondary server in Threat Intelligence Exchange (TIE) before 1.2.0 uses weak permissions for unspecified (1) configuration files and (2) installation logs; which allows local users to obtain sensitive information by reading the files. | ||||
| 2016-8586 | CVE-2016-8586 | CVE | detected_potential_files.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter. | ||||
| 2016-8593 | CVE-2016-8593 | CVE | Directory traversal vulnerability in upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via a .. (dot dot) in the dID parameter. | ||||
| 2016-7552 | CVE-2016-7552 | CVE | On the Trend Micro Threat Discovery Appliance 2.6.1062r1; directory traversal when processing a session_id cookie allows a remote; unauthenticated attacker to delete arbitrary files as root. This can be used to bypass authentication or cause a DoS. | ||||
| 2017-4055 | CVE-2017-4055 | CVE | Exploitation of Authentication vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10; 3.8; 3.6; 3.4 allows remote unauthenticated users / remote attackers to bypass ATD detection via loose enforcement of authentication and authorization. | ||||
| 2018-19391 | CVE-2018-19391 | CVE | Cobham Satcom Sailor 250 and 500 devices before 1.25 contained persistent XSS; which could be exploited by an unauthenticated threat actor via the /index.lua?pageID=Phone%20book name field. | ||||
| 2018-25014 | CVE-2018-25014 | CVE | A flaw was found in libwebp in versions before 1.0.1. An unitialized variable is used in function ReadSymbol. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | ||||
| 2019-16069 | CVE-2019-16069 | CVE | A number of stored Cross-site Scripting (XSS) vulnerabilities were identified in NETSAS Enigma NMS 65.0.0 and prior that could allow a threat actor to inject malicious code directly into the application through the SNMP protocol. | ||||
| 2019-9491 | CVE-2019-9491 | CVE | Trend Micro Anti-Threat Toolkit (ATTK) versions 1.62.0.1218 and below have a vulnerability that may allow an attacker to place malicious files in the same directory; potentially leading to arbitrary remote code execution (RCE) when executed. | ||||
| 2011-1889 | CVE-2011-1889 | CVE | The NSPLookupServiceNext function in the client in Microsoft Forefront Threat Management Gateway (TMG) 2010 allows remote attackers to execute arbitrary code via vectors involving unspecified requests; aka "TMG Firewall Client Memory Corruption Vulnerability." | ||||
| 2015-3028 | CVE-2015-3028 | CVE | McAfee Advanced Threat Defense (MATD) before 3.4.4.63 allows remote authenticated users to bypass intended restrictions and change or update configuration settings via crafted parameters. | ||||
| 2016-8587 | CVE-2016-8587 | CVE | dlp_policy_upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via an archive file containing a symlink to /eng_ptn_stores/prod/sensorSDK/data/ or /eng_ptn_stores/prod/sensorSDK/backup_pol/. | ||||
| 2017-3899 | CVE-2017-3899 | CVE | SQL injection vulnerability in Intel Security Advanced Threat Defense (ATD) Linux 3.6.0 and earlier allows remote authenticated users to obtain product information via a crafted HTTP request parameter. | ||||
| 2019-16070 | CVE-2019-16070 | CVE | A number of stored Cross-site Scripting (XSS) vulnerabilities were identified in NETSAS Enigma NMS 65.0.0 and prior that could allow a threat actor to inject malicious code directly into the application through web application form inputs. | ||||
| 2019-18374 | CVE-2019-18374 | CVE | Symantec Critical System Protection (CSP); versions 8.0; 8.0 HF1 & 8.0 MP1; may be susceptible to an authentication bypass vulnerability; which is a type of issue that can potentially allow a threat actor to circumvent existing authentication controls. | ||||
| 2019-3641 | CVE-2019-3641 | CVE | Abuse of Authorization vulnerability in APIs exposed by TIE server in McAfee Threat Intelligence Exchange Server (TIE Server) 3.0.0 allows remote authenticated users to modify stored reputation data via specially crafted messages. | ||||
| 2019-3660 | CVE-2019-3660 | CVE | Improper Neutralization of HTTP requests in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attacker to execute commands on the server remotely via carefully constructed HTTP requests. | ||||
| 2018-14829 | CVE-2018-14829 | CVE | Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. This vulnerability may allow a remote threat actor to intentionally send a malformed CIP packet to Port 44818; causing the software application to stop responding and crash. This vulnerability also has the potential to exploit a buffer overflow condition; which may allow the threat actor to remotely execute arbitrary code. | ||||
| exploit/windows/brightstor/etrust_itm_alert | exploit | CVE-2007-4620 | Metasploit | ['MC <mc@metasploit.com>'] | ['Windows'] | This module exploits a buffer overflow in Computer Associates Threat Manager for the Enterprise r8.1 By sending a specially crafted RPC request; an attacker could overflow the buffer and execute arbitrary code. In order to successfully exploit this vulnerability; you will need valid logon credentials to the target. | |
| 2007-2523 | CVE-2007-2523 | CVE | CA Anti-Virus for the Enterprise r8 and Threat Manager r8 before 20070510 use weak permissions (NULL security descriptor) for the Task Service shared file mapping; which allows local users to modify this mapping and gain privileges by triggering a stack-based buffer overflow in InoCore.dll before 8.0.448.0. | ||||
| 2009-1423 | CVE-2009-1423 | CVE | Unspecified vulnerability in HP ProCurve Threat Management Services zl Module (J9155A) ST.1.0.090213 and earlier allows remote attackers to cause a denial of service via unknown vectors; aka PR_39898; a different vulnerability than CVE-2009-1424 and CVE-2009-1425. | ||||
| 2012-1821 | CVE-2012-1821 | CVE | The Network Threat Protection module in the Manager component in Symantec Endpoint Protection (SEP) 11.0.600x through 11.0.700x on Windows Server 2003 allows remote attackers to cause a denial of service (web-server outage; or daemon crash or hang) via a flood of packets that triggers automated blocking of network traffic. | ||||
| 2012-2312 | CVE-2012-2312 | CVE | An Elevated Privileges issue exists in JBoss AS 7 Community Release due to the improper implementation in the security context propagation; A threat gets reused from the thread pool that still retains the security context from the process last used; which lets a local user obtain elevated privileges. | ||||
| 2015-8986 | CVE-2015-8986 | CVE | Sandbox detection evasion vulnerability in hardware appliances in McAfee (now Intel Security) Advanced Threat Defense (MATD) 3.4.2.32 and earlier allows attackers to detect the sandbox environment; then bypass proper malware detection resulting in failure to detect a malware file (false-negative) via specially crafted malware. | ||||
| 2017-18268 | CVE-2017-18268 | CVE | Symantec IntelligenceCenter 3.3 is vulnerable to the Return of the Bleichenbacher Oracle Threat (ROBOT) attack. A remote attacker; who has captured a pre-recorded SSL session inspected by SSLV; can establish large numbers of crafted SSL connections to the target and obtain the session keys required to decrypt the pre-recorded SSL session. | ||||
| 2018-6695 | CVE-2018-6695 | CVE | SSH host keys generation vulnerability in the server in McAfee Threat Intelligence Exchange Server (TIE Server) 1.3.0; 2.0.x; 2.1.x; 2.2.0 allows man-in-the-middle attackers to spoof servers via acquiring keys from another environment. | ||||
| 2019-15688 | CVE-2019-15688 | CVE | Kaspersky Anti-Virus; Kaspersky Internet Security; Kaspersky Total Security; Kaspersky Free Anti-Virus; Kaspersky Small Office Security; Kaspersky Security Cloud up to 2020; the web protection component did not adequately inform the user about the threat of redirecting to an untrusted site. Bypass. | ||||
| 2019-20358 | CVE-2019-20358 | CVE | Trend Micro Anti-Threat Toolkit (ATTK) versions 1.62.0.1218 and below have a vulnerability that may allow an attacker to place malicious files in the same directory; potentially leading to arbitrary remote code execution (RCE) when executed. Another attack vector similar to CVE-2019-9491 was idenitfied and resolved in version 1.62.0.1228 of the tool. | ||||
| 2018-10619 | CVE-2018-10619 | CVE | An unquoted search path or element in RSLinx Classic Versions 3.90.01 and prior and FactoryTalk Linx Gateway Versions 3.90.00 and prior may allow an authorized; but non-privileged local user to execute arbitrary code and allow a threat actor to escalate user privileges on the affected workstation. | ||||
| 2018-13435 | CVE-2018-13435 | CVE | ** DISPUTED ** An issue was discovered in the LINE jp.naver.line application 8.8.0 for iOS. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method to disable passcode authentication. NOTE: the vendor indicates that this is not an attack of interest within the context of their threat model; which excludes iOS devices on which a jailbreak has occurred. | ||||
| 2019-3585 | CVE-2019-3585 | CVE | Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 14 may allow local users to interact with the On-Access Scan Messages - Threat Alert Window with elevated privileges via running McAfee Tray with elevated privileges. | ||||
| 2007-6406 | CVE-2007-6406 | CVE | Multiple cross-site scripting (XSS) vulnerabilities in CA (formerly Computer Associates) eTrust Threat Management Console allow remote attackers to inject arbitrary web script or HTML via the IP Address field and other unspecified fields. | ||||
| 2009-1424 | CVE-2009-1424 | CVE | Unspecified vulnerability in HP ProCurve Threat Management Services zl Module (J9155A) ST.1.0.090213 and earlier allows remote attackers to cause a denial of service via unknown vectors; aka PR_39412; a different vulnerability than CVE-2009-1423 and CVE-2009-1425. | ||||
| 2017-4052 | CVE-2017-4052 | CVE | Authentication Bypass vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10; 3.8; 3.6; 3.4 allows remote unauthenticated users / remote attackers to change or update any configuration settings; or gain administrator functionality via a crafted HTTP request parameter. | ||||
| 2019-12774 | CVE-2019-12774 | CVE | A number of stored XSS vulnerabilities have been identified in the web configuration feature in ENTTEC Datagate Mk2 70044_update_05032019-482 that could allow an unauthenticated threat actor to inject malicious code directly into the application. This affects; for example; the Profile Description field in JSON data to the Profile Editor. | ||||
| 2016-1443 | CVE-2016-1443 | CVE | The virtual network stack on Cisco AMP Threat Grid Appliance devices before 2.1.1 allows remote attackers to bypass a sandbox protection mechanism; and consequently obtain sensitive interprocess information or modify interprocess data; via a crafted malware sample. | ||||
| 2019-1696 | CVE-2019-1696 | CVE | Multiple vulnerabilities in the Server Message Block (SMB) Protocol preprocessor detection engine for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated; adjacent or remote attacker to cause a denial of service (DoS) condition. For more information about these vulnerabilities; see the Details section of this advisory. | ||||
| 2019-1704 | CVE-2019-1704 | CVE | Multiple vulnerabilities in the Server Message Block (SMB) Protocol preprocessor detection engine for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated; adjacent or remote attacker to cause a denial of service (DoS) condition. For more information about these vulnerabilities; see the Details section of this advisory. | ||||
| 2019-1709 | CVE-2019-1709 | CVE | A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated; local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting commands into arguments for a specific command. A successful exploit could allow the attacker to execute commands with root privileges. | ||||
| 2019-3661 | CVE-2019-3661 | CVE | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attacker to execute database commands via carefully constructed time based payloads. | ||||
| 2007-2522 | CVE-2007-2522 | CVE | Stack-based buffer overflow in the inoweb Console Server in CA Anti-Virus for the Enterprise r8; Threat Manager r8; Anti-Spyware for the Enterprise r8; and Protection Suites r3 allows remote attackers to execute arbitrary code via a long (1) username or (2) password. | ||||
| 2019-3649 | CVE-2019-3649 | CVE | Information Disclosure vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attackers to gain access to hashed credentials via carefully constructed POST request extracting incorrectly recorded data from log files. | ||||
| 2017-7938 | CVE-2017-7938 | CVE | Stack-based buffer overflow in DMitry (Deepmagic Information Gathering Tool) version 1.3a (Unix) allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long argument. An example threat model is automated execution of DMitry with hostname strings found in local log files. | ||||
| 2017-7894 | CVE-2017-7894 | CVE | WinDjView 2.1 might allow user-assisted attackers to execute code via a crafted .djvu file; because of a "User Mode Write AV near NULL" in WinDjView.exe. One threat model is a victim who obtains an untrusted .djvu file from a remote location and issues several user-defined commands. | ||||
| 2018-14821 | CVE-2018-14821 | CVE | Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. This vulnerability may allow a remote; unauthenticated threat actor to intentionally send a malformed CIP packet to Port 44818; causing the RSLinx Classic application to terminate. The user will need to manually restart the software to regain functionality. | ||||
| 2019-1010022 | CVE-2019-1010022 | CVE | ** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat." | ||||
| 2017-3822 | CVE-2017-3822 | CVE | A vulnerability in the logging subsystem of the Cisco Firepower Threat Defense (FTD) Firepower Device Manager (FDM) could allow an unauthenticated; remote attacker to add arbitrary entries to the audit log. This vulnerability affects Cisco Firepower Threat Defense Software versions 6.1.x on the following vulnerable products that have enabled FDM: ASA5506-X ASA5506W-X ASA5506H-X ASA5508-X ASA5516-X ASA5512-X ASA5515-X ASA5525-X ASA5545-X ASA5555-X. More Information: CSCvb86860. Known Affected Releases: FRANGELICO. Known Fixed Releases: 6.2.0. | ||||
| 2010-2290 | CVE-2010-2290 | CVE | Cross-site scripting (XSS) vulnerability in cgi-bin/cgix/help in McAfee Unified Threat Management (UTM) Firewall (formerly SnapGear) firmware 3.0.0 through 4.0.6 allows remote attackers to inject arbitrary web script or HTML via the page parameter. | ||||
| 2017-9430 | CVE-2017-9430 | CVE | Stack-based buffer overflow in dnstracer through 1.9 allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a command line with a long name argument that is mishandled in a strcpy call for argv[0]. An example threat model is a web application that launches dnstracer with an untrusted name string. | ||||
| 2018-14827 | CVE-2018-14827 | CVE | Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. A remote; unauthenticated threat actor may intentionally send specially crafted Ethernet/IP packets to Port 44818; causing the software application to stop responding and crash. The user must restart the software to regain functionality. | ||||
| 2017-5623 | CVE-2017-5623 | CVE | An issue was discovered in OxygenOS before 4.1.0 on OnePlus 3 and 3T devices. The attacker can change the bootmode of the device by issuing the 'fastboot oem boot_mode {rf/wlan/ftm/normal} command' in contradiction to the threat model of Android where the bootloader MUST NOT allow any security-sensitive operation to be run unless the bootloader is unlocked. | ||||
| 2019-1699 | CVE-2019-1699 | CVE | A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated; local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting commands into arguments for a specific command. A successful exploit could allow the attacker to execute commands with root privileges. | ||||
| 2006-3223 | CVE-2006-3223 | CVE | Format string vulnerability in CA Integrated Threat Management (ITM); eTrust Antivirus (eAV); and eTrust PestPatrol (ePP) r8 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a scan job with format strings in the description field. | ||||
| 2009-1425 | CVE-2009-1425 | CVE | Unspecified vulnerability in HP ProCurve Threat Management Services zl Module (J9155A) ST.1.0.090213 and earlier allows remote attackers to cause a denial of service by triggering a stop or crash in httpd; aka PR_18770; a different vulnerability than CVE-2009-1423 and CVE-2009-1424. | ||||
| 2016-9092 | CVE-2016-9092 | CVE | The Symantec Content Analysis (CA) 1.3; 2.x prior to 2.2.1.1; and Mail Threat Defense (MTD) 1.1 management consoles are susceptible to a cross-site request forging (CSRF) vulnerability. A remote attacker can use phishing or other social engineering techniques to access the management console with the privileges of an authenticated administrator user. | ||||
| 2017-3907 | CVE-2017-3907 | CVE | Code Injection vulnerability in the ePolicy Orchestrator (ePO) extension in McAfee Threat Intelligence Exchange (TIE) Server 2.1.0 and earlier allows remote attackers to execute arbitrary HTML code to be reflected in the response web page via unspecified vector. | ||||
| 2017-8387 | CVE-2017-8387 | CVE | STDU Viewer version 1.6.375 might allow user-assisted attackers to execute code via a crafted file. One threat model is a victim who obtains an untrusted crafted file from a remote location and issues several user-defined commands including Ctrl-+ commands. |