Page 2 of 15 results (0.003 seconds)

CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 1

The Python CGI scripts in PWS in Imperva SecureSphere 13.0.10, 13.1.10, and 13.2.10 allow remote attackers to execute arbitrary OS commands because command-line arguments are mishandled. Los scripts Python CGI en PWS en Imperva SecureSphere 13.0.10, 13.1.10 y 13.2.10 permiten que los atacantes remotos ejecuten comandos arbitrarios del sistema operativo debido a que los argumentos de la línea de comandos se gestionan de manera incorrecta. • https://www.exploit-db.com/exploits/45542 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in the Violations Table in the management GUI in the MX Management Server in Imperva SecureSphere Web Application Firewall (WAF) 9.0 allows remote attackers to inject arbitrary web script or HTML via the username field. Vulnerabilidad de XSS en la tabla de violaciones en la GUI de gestión en el servidor MX Management en Imperva SecureSphere Web Application Firewall (WAF) 9.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del campo del nombre del usuario. • http://osvdb.org/79338 http://secunia.com/advisories/48086 http://www.imperva.com/Services/adc_advisories_response_secureworks_CVE_2011_4887 http://www.secureworks.com/cyber-threat-intelligence/advisories/SWRX-2012-002 http://www.securityfocus.com/bid/52064 https://exchange.xforce.ibmcloud.com/vulnerabilities/73264 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

The Key Management feature in the SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows remote authenticated users to upload executable files via the (1) private_key or (2) public_key parameter in a T/keyManagement request to plain/settings.html, as demonstrated by uploading a Linux ELF file and a shell script. La funcionalidad Key Management en SecureSphere Operations Manager (SOM) Management Server en Imperva SecureSphere v9.0.0.5 permite a usuarios autenticados remotamente cargar archivos ejecutables a través de (1) private_key o (2) el parámetro public_key en una solicitud de T/keyManagement a plain/settings.html, como se ha demostrado mediante la subida de un archivo ELF Linux y una secuencia de comandos de shell. • https://www.exploit-db.com/exploits/25977 http://packetstormsecurity.com/files/121861/Imperva-SecureSphere-Operations-Manager-Command-Execution.html http://www.digitalsec.net/stuff/explt+advs/Imperva-SecureSphere.OptMgr.txt • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

The SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 does not have an off autocomplete attribute for the password (aka j_password) field on the secsphLogin.jsp login page, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. SecureSphere Operations Manager (SOM) Management Server en Imperva SecureSphere v9.0.0.5 no tiene un atributo de autocompletar para el campo de la contraseña (aka j_password)en la página de inicio de sesión secsphLogin.jsp, lo que hace que sea más fácil para los atacantes remotos obtener acceso mediante el aprovechamiento una estación de trabajo sin supervisión. • https://www.exploit-db.com/exploits/25977 http://packetstormsecurity.com/files/121861/Imperva-SecureSphere-Operations-Manager-Command-Execution.html http://www.digitalsec.net/stuff/explt+advs/Imperva-SecureSphere.OptMgr.txt • CWE-255: Credentials Management Errors •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1

The SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows context-dependent attackers to obtain sensitive information by leveraging the presence of (1) a session ID in the jsessionid field to secsphLogin.jsp or (2) credentials in the j_password parameter to j_acegi_security_check, and reading (a) web-server access logs, (b) web-server Referer logs, or (c) the browser history. SecureSphere Operations Manager (SOM) Management Server en Imperva SecureSphere v9.0.0.5, permite a atacantes locales o remotos obtener información sensible mediante el aprovechamiento de la presencia de (1) un identificador de sesión en el campo de jsessionid (2) credenciales en el parámetro j_password a j_acegi_security_check secsphLogin.jsp o, y mediante la lectura de (a) los registros de acceso del servidor web, (b) la registros de Referer, o (c) el historial del navegador. • https://www.exploit-db.com/exploits/25977 http://packetstormsecurity.com/files/121861/Imperva-SecureSphere-Operations-Manager-Command-Execution.html http://www.digitalsec.net/stuff/explt+advs/Imperva-SecureSphere.OptMgr.txt • CWE-255: Credentials Management Errors •