Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
leandro barragan vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2018-11139
The '/common/ajax_email_connection_test.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by any authenticated user and can be abused to execute arbitrary commands on the system. This script is vulnerable to command injection via the unsani...
Quest Kace System Management Appliance 8.0.318
NA
CVE-2018-111413
Quest KACE System Management Appliance version 8.0 (Build 8.0.318) suffers from code execution, cross site scripting, path traversal, remote SQL injection, and various other vulnerabilities.
9.8
CVSSv3
CVE-2018-11140
The 'reportID' parameter received by the '/common/run_report.php' script in the Quest KACE System Management Appliance 8.0.318 is not sanitized, leading to SQL injection (in particular, an error-based type).
Quest Kace System Management Appliance 8.0.318
NA
CVE-2017-98123
Kaspersky Anti-Virus for Linux File Server version 8.0.3.297 suffers from remote code execution, cross site request forgery, cross site scripting, security bypass, information disclosure, and path traversal vulnerabilities.
9.8
CVSSv3
CVE-2017-14094
A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an malicious user to perform remote command execution via a cron job injection on a vulnerable system.
Trendmicro Smart Protection Server
1 EDB exploit
8.1
CVSSv3
CVE-2017-14095
A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an malicious user to perform remote command execution via a local file inclusion on a vulnerable system.
Trendmicro Smart Protection Server
1 EDB exploit
6.1
CVSSv3
CVE-2017-14096
A stored cross site scripting (XSS) vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an malicious user to execute a malicious payload on vulnerable systems.
Trendmicro Smart Protection Server
1 EDB exploit
9.8
CVSSv3
CVE-2017-14097
An improper access control vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an malicious user to decrypt contents of a database with information that could be used to access a vulnerable system.
Trendmicro Smart Protection Server
1 EDB exploit
8.8
CVSSv3
CVE-2017-11398
A session hijacking via log disclosure vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an unauthenticated malicious user to hijack active user sessions to perform authenticated requests on a vulnerable system.
Trendmicro Smart Protection Server
1 EDB exploit
9.8
CVSSv3
CVE-2018-11138
The '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by anonymous users and can be abused to execute arbitrary commands on the system.
Quest Kace System Management Appliance 8.0.318
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
firewall
CVE-2024-35649
stored XSS
CVE-2022-28654
CVE-2020-35153
CVE-2024-27348
CVE-2022-28652
local users
CVE-2017-3506
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »