Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ens vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2018-19513
In Webgalamb up to and including 7.0, log files are exposed to the internet with predictable files/logs/sql_error_log/YYYY-MM-DD-sql_error_log.log filenames. The log file could contain sensitive client data (email addresses) and also facilitates exploitation of SQL injection erro...
Ens Webgalamb
7.5
CVSSv2
CVE-2018-19515
In Webgalamb up to and including 7.0, system/ajax.php functionality is supposed to be available only to the administrator. However, by using one of the bgsend, atment_sddd1xGz, or xls_bgimport query parameters, most of these methods become available to unauthenticated users.
Ens Webgalamb
4.3
CVSSv2
CVE-2018-19509
wg7.php in Webgalamb 7.0 makes opportunistic calls to htmlspecialchars() instead of using a templating engine with proper contextual encoding. Because it is possible to insert arbitrary strings into the database, any JavaScript could be executed by the administrator, leading to X...
Ens Webgalamb 7.0
4.3
CVSSv2
CVE-2018-19511
wg7.php in Webgalamb 7.0 lacks security measures to prevent CSRF attacks, as demonstrated by wg7.php?options=1 to change the administrator password.
Ens Webgalamb 7.0
7.5
CVSSv2
CVE-2018-19514
In Webgalamb up to and including 7.0, an arbitrary code execution vulnerability could be exploited remotely without authentication. Exploitation requires authentication bypass to access administrative functions of the site to upload a crafted CSV file with a malicious payload tha...
Ens Webgalamb
9
CVSSv2
CVE-2018-19512
In Webgalamb up to and including 7.0, a system/ajax.php "wgmfile restore" directory traversal vulnerability could lead to arbitrary code execution by authenticated administrator users, because PHP files are restored under the document root directory.
Ens Webgalamb
6.1
CVSSv2
CVE-2019-3582
Privilege Escalation vulnerability in Microsoft Windows client in McAfee Endpoint Security (ENS) 10.6.1 and previous versions allows local users to gain elevated privileges via a specific set of circumstances.
Mcafee Endpoint Security
4.6
CVSSv2
CVE-2016-8010
Application protections bypass vulnerability in Intel Security McAfee Application Control (MAC) 7.0 and previous versions and Endpoint Security (ENS) 10.2 and previous versions allows local users to bypass local security protection via a command-line utility.
Mcafee Application Control
Mcafee Endpoint Security
4.3
CVSSv2
CVE-2016-8011
Cross-site scripting vulnerability in Intel Security McAfee Endpoint Security (ENS) Web Control prior to 10.2.0.408.10 allows malicious users to inject arbitrary web script or HTML via a crafted web site.
Intel Security Mcafee Endpoint Security Web Control
3.6
CVSSv2
CVE-2016-3984
The McAfee VirusScan Console (mcconsol.exe) in McAfee Active Response (MAR) prior to 1.1.0.161, Agent (MA) 5.x prior to 5.0.2 Hotfix 1110392 (5.0.2.333), Data Exchange Layer 2.x (DXL) prior to 2.0.1.140.1, Data Loss Prevention Endpoint (DLPe) 9.3 before Patch 6 and 9.4 before Pat...
Mcafee Active Response
Mcafee Data Loss Prevention Endpoint
Mcafee Data Exchange Layer
Mcafee Host Intrusion Prevention
Mcafee Virusscan Enterprise
Mcafee Agent
Mcafee Endpoint Security
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5