Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
imperva vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2013-4091
The SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 does not have an off autocomplete attribute for the password (aka j_password) field on the secsphLogin.jsp login page, which makes it easier for remote malicious users to obtain access by ...
Imperva Securesphere 9.0.0.5
1 EDB exploit
6.5
CVSSv2
CVE-2013-4094
The Key Management feature in the SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows remote authenticated users to upload executable files via the (1) private_key or (2) public_key parameter in a T/keyManagement request to plain/setting...
Imperva Securesphere 9.0.0.5
1 EDB exploit
6.5
CVSSv2
CVE-2013-4095
plain/actionsets.html in the SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows remote authenticated users to execute arbitrary commands via a task with a [command].value field in conjunction with an [arguments].value field.
Imperva Securesphere 9.0.0.5
1 EDB exploit
7.5
CVSSv2
CVE-2021-45468
Imperva Web Application Firewall (WAF) prior to 2021-12-23 allows remote unauthenticated malicious users to use "Content-Encoding: gzip" to evade WAF security controls and send malicious HTTP POST requests to web servers behind the WAF.
Imperva Web Application Firewall
7.5
CVSSv2
CVE-2011-5266
Imperva SecureSphere Web Application Firewall (WAF) prior to 12-august-2010 allows SQL injection filter bypass.
Imperva Securesphere Web Application Firewall
4.3
CVSSv2
CVE-2011-4887
Cross-site scripting (XSS) vulnerability in the Violations Table in the management GUI in the MX Management Server in Imperva SecureSphere Web Application Firewall (WAF) 9.0 allows remote malicious users to inject arbitrary web script or HTML via the username field.
Imperva Securesphere Web Application Firewall 9.0
NA
CVE-2023-50969
Thales Imperva SecureSphere WAF 14.7.0.40 allows remote malicious users to bypass WAF rules via a crafted POST request, a different vulnerability than CVE-2021-45468.
NA
CVE-2023-40180
silverstripe-graphql is a package which serves Silverstripe data in GraphQL representations. An attacker could use a recursive graphql query to execute a Distributed Denial of Service attack (DDOS attack) against a website. This mostly affects websites with publicly exposed grap...
Silverstripe Graphql
10
CVSSv2
CVE-2006-0265
Multiple unspecified vulnerabilities in Oracle Database server 8.1.7.4, 9.0.1.5, 9.2.0.7, 10.1.0.5, and 10.2.0.1 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) DB17 in the Oracle Text component and (2) DB18 in the Program Interface Network component...
Oracle Database Server 10.1.0.5
Oracle Database Server 9.2.0.7
Oracle Database Server 10.2.0.1
Oracle Database Server 8.1.7.4
Oracle Database Server 9.0.1.5
7.5
CVSSv2
CVE-2004-0204
Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows ...
Bea Weblogic Server 8.1
Businessobjects Crystal Reports 10
Businessobjects Crystal Reports 9
Businessobjects Crystal Enterprise Java Sdk 8.5
Businessobjects Crystal Enterprise Ras 8.5
Borland Software J Builder
Microsoft Business Solutions Crm 1.2
Microsoft Outlook 2003
Businessobjects Crystal Enterprise 10
Businessobjects Crystal Enterprise 9
Microsoft Visual Studio .net 2003
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
cross-site request forgery
unauthorized
CVE-2024-33925
reflected XSS
CVE-2023-51580
CVE-2023-51579
CVE-2015-2051
CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2