Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
imperva vulnerabilities and exploits
(subscribe to this query)
641
VMScore
CVE-2018-5412
Imperva SecureSphere running v12.0.0.50 is vulnerable to local arbitrary code execution, escaping sealed-mode.
Imperva Securesphere 12.0.0.50
755
VMScore
CVE-2013-4091
The SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 does not have an off autocomplete attribute for the password (aka j_password) field on the secsphLogin.jsp login page, which makes it easier for remote malicious users to obtain access by ...
Imperva Securesphere 9.0.0.5
1 EDB exploit
655
VMScore
CVE-2013-4095
plain/actionsets.html in the SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows remote authenticated users to execute arbitrary commands via a task with a [command].value field in conjunction with an [arguments].value field.
Imperva Securesphere 9.0.0.5
1 EDB exploit
668
VMScore
CVE-2021-45468
Imperva Web Application Firewall (WAF) prior to 2021-12-23 allows remote unauthenticated malicious users to use "Content-Encoding: gzip" to evade WAF security controls and send malicious HTTP POST requests to web servers behind the WAF.
Imperva Web Application Firewall
668
VMScore
CVE-2011-5266
Imperva SecureSphere Web Application Firewall (WAF) prior to 12-august-2010 allows SQL injection filter bypass.
Imperva Securesphere Web Application Firewall
383
VMScore
CVE-2011-4887
Cross-site scripting (XSS) vulnerability in the Violations Table in the management GUI in the MX Management Server in Imperva SecureSphere Web Application Firewall (WAF) 9.0 allows remote malicious users to inject arbitrary web script or HTML via the username field.
Imperva Securesphere Web Application Firewall 9.0
NA
CVE-2023-50969
Thales Imperva SecureSphere WAF 14.7.0.40 allows remote malicious users to bypass WAF rules via a crafted POST request, a different vulnerability than CVE-2021-45468.
NA
CVE-2023-40180
silverstripe-graphql is a package which serves Silverstripe data in GraphQL representations. An attacker could use a recursive graphql query to execute a Distributed Denial of Service attack (DDOS attack) against a website. This mostly affects websites with publicly exposed grap...
Silverstripe Graphql
890
VMScore
CVE-2006-0265
Multiple unspecified vulnerabilities in Oracle Database server 8.1.7.4, 9.0.1.5, 9.2.0.7, 10.1.0.5, and 10.2.0.1 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) DB17 in the Oracle Text component and (2) DB18 in the Program Interface Network component...
Oracle Database Server 10.1.0.5
Oracle Database Server 9.2.0.7
Oracle Database Server 10.2.0.1
Oracle Database Server 8.1.7.4
Oracle Database Server 9.0.1.5
755
VMScore
CVE-2004-0204
Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows ...
Bea Weblogic Server 8.1
Businessobjects Crystal Reports 10
Businessobjects Crystal Reports 9
Businessobjects Crystal Enterprise Java Sdk 8.5
Businessobjects Crystal Enterprise Ras 8.5
Borland Software J Builder
Microsoft Business Solutions Crm 1.2
Microsoft Outlook 2003
Businessobjects Crystal Enterprise 10
Businessobjects Crystal Enterprise 9
Microsoft Visual Studio .net 2003
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2