CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2013-4093 – Imperva SecureSphere Operations Manager 9.0.0.5 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2013-4093
The SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows remote attackers to obtain sensitive information via (1) a direct request to dwr/call/plaincall/AsyncOperationsContainer.getOperationState.dwr, which reveals the installation path in the s0.filePath field, or (2) a T/keyManagement request to plain/settings.html, which reveals a temporary path in an error message. SecureSphere Operations Manager (SOM) Management Server en Imperva SecureSphere v9.0.0.5, permite a atacantes remotos obtener información sensible a través de (1) una solicitud directa a dwr/call/plaincall/AsyncOperationsContainer.getOperationState.dwr, lo que revela la ruta de instalación en el campo s0.filePath, o (2) una petición T/keyManagement a plain/settings.html, lo que revela una ruta temporal en un mensaje de error. • https://www.exploit-db.com/exploits/25977 http://packetstormsecurity.com/files/121861/Imperva-SecureSphere-Operations-Manager-Command-Execution.html http://www.digitalsec.net/stuff/explt+advs/Imperva-SecureSphere.OptMgr.txt • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2013-4095 – Imperva SecureSphere Operations Manager 9.0.0.5 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2013-4095
plain/actionsets.html in the SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows remote authenticated users to execute arbitrary commands via a task with a [command].value field in conjunction with an [arguments].value field. plain/actionsets.html en el SecureSphere Operations Manager (SOM) Management Server en Imperva SecureSphere v9.0.0.5 permite a usuarios autenticados remotamente ejecutar comandos a través de una tarea con un campo [command].value en conjunción con un campo [arguments].value[arguments].value • https://www.exploit-db.com/exploits/25977 http://packetstormsecurity.com/files/121861/Imperva-SecureSphere-Operations-Manager-Command-Execution.html http://www.digitalsec.net/stuff/explt+advs/Imperva-SecureSphere.OptMgr.txt • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2011-0767
https://notcve.org/view.php?id=CVE-2011-0767
Cross-site scripting (XSS) vulnerability in the management GUI in the MX Management Server in Imperva SecureSphere Web Application Firewall 6.2, 7.x, and 8.x allows remote attackers to inject arbitrary web script or HTML via an HTTP request to a firewalled server, aka Bug ID 31759. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el GUI de control de MX Management Server en Imperva SecureSphere Web Application Firewall v6.2, 7.x, y 8.x , permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de una petición HTTP a un servidor filtrado, cambien conocido como Bug ID 31759. • http://secunia.com/advisories/44772 http://www.imperva.com/resources/adc/adc_advisories_response_secureworks.html http://www.kb.cert.org/vuls/id/567774 http://www.secureworks.com/research/advisories/SWRX-2011-001 https://exchange.xforce.ibmcloud.com/vulnerabilities/67779 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 22EXPL: 0CVE-2010-1329
https://notcve.org/view.php?id=CVE-2010-1329
Imperva SecureSphere Web Application Firewall and Database Firewall 5.0.0.5082 through 7.0.0.7078 allow remote attackers to bypass intrusion-prevention functionality via a request that has an appended long string containing an unspecified manipulation. Imperva SecureSphere Web Application Firewall y Database Firewall v5.0.0.5082 a la v7.0.0.7078, permite a atacantes remotos evitar la funcionalidad de prevención frente a intrusiones mediante un petición que tiene añadida una cadena larga manipulada de un modo no especificada. • http://www.clearskies.net/documents/css-advisory-css1001-imperva.php http://www.imperva.com/resources/adc/adc_advisories_response_clearskies.html http://www.securityfocus.com/archive/1/510709/100/0/threaded http://www.securityfocus.com/bid/39472 •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 2CVE-2008-1463 – Imperva SecureSphere 5.0 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-1463
Cross-site scripting (XSS) vulnerability in the management GUI in Imperva SecureSphere MX Management Server 5.0 allows remote attackers to inject arbitrary web script or HTML via an invalid or prohibited request to a web server protected by SecureSphere, which triggers injection into the "corrective action" section of an alert page. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el GUI de administración de Imperva SecureSphere MX Management Server 5.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de una petición no válida o prohibida a un servidor web protegido por SecureSphere, lo que dispara una inyección en la sección de "corrective action" en una página de alerta. • https://www.exploit-db.com/exploits/31413 http://imperva.com/go/secadv/20080318 http://secunia.com/advisories/29439 http://www.securityfocus.com/bid/28279 https://exchange.xforce.ibmcloud.com/vulnerabilities/41359 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •