Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ens vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2018-19510
subscriber.php in Webgalamb up to and including 7.0 is vulnerable to SQL injection via the Client-IP HTTP request header.
Ens Webgalamb
7.5
CVSSv3
CVE-2018-19513
In Webgalamb up to and including 7.0, log files are exposed to the internet with predictable files/logs/sql_error_log/YYYY-MM-DD-sql_error_log.log filenames. The log file could contain sensitive client data (email addresses) and also facilitates exploitation of SQL injection erro...
Ens Webgalamb
9.8
CVSSv3
CVE-2018-19515
In Webgalamb up to and including 7.0, system/ajax.php functionality is supposed to be available only to the administrator. However, by using one of the bgsend, atment_sddd1xGz, or xls_bgimport query parameters, most of these methods become available to unauthenticated users.
Ens Webgalamb
9.8
CVSSv3
CVE-2018-19514
In Webgalamb up to and including 7.0, an arbitrary code execution vulnerability could be exploited remotely without authentication. Exploitation requires authentication bypass to access administrative functions of the site to upload a crafted CSV file with a malicious payload tha...
Ens Webgalamb
7.2
CVSSv3
CVE-2018-19512
In Webgalamb up to and including 7.0, a system/ajax.php "wgmfile restore" directory traversal vulnerability could lead to arbitrary code execution by authenticated administrator users, because PHP files are restored under the document root directory.
Ens Webgalamb
6.1
CVSSv3
CVE-2018-19509
wg7.php in Webgalamb 7.0 makes opportunistic calls to htmlspecialchars() instead of using a templating engine with proper contextual encoding. Because it is possible to insert arbitrary strings into the database, any JavaScript could be executed by the administrator, leading to X...
Ens Webgalamb 7.0
6.5
CVSSv3
CVE-2018-19511
wg7.php in Webgalamb 7.0 lacks security measures to prevent CSRF attacks, as demonstrated by wg7.php?options=1 to change the administrator password.
Ens Webgalamb 7.0
4.4
CVSSv3
CVE-2020-7255
Privilege escalation vulnerability in the administrative user interface in McAfee Endpoint Security (ENS) for Windows before 10.7.0 February 2020 Update allows local users to gain elevated privileges via ENS not checking user permissions when editing configuration in the ENS clie...
Mcafee Endpoint Security 10.5.0
Mcafee Endpoint Security 10.5.1
Mcafee Endpoint Security 10.5.2
Mcafee Endpoint Security 10.5.3
Mcafee Endpoint Security 10.5.4
Mcafee Endpoint Security 10.5.5
Mcafee Endpoint Security 10.6.0
4.4
CVSSv3
CVE-2021-23882
Improper Access Control vulnerability in McAfee Endpoint Security (ENS) for Windows before 10.7.0 February 2021 Update allows local administrators to prevent the installation of some ENS files by placing carefully crafted files where ENS will be installed. This is only applicable...
Mcafee Endpoint Security
7.5
CVSSv3
CVE-2019-3586
Protection Mechanism Failure in the Firewall in McAfee Endpoint Security (ENS) 10.x before 10.6.1 May 2019 update allows context-dependent malicious users to circumvent ENS protection where GTI flagged IP addresses are not blocked by the ENS Firewall via specially crafted malicio...
Mcafee Endpoint Security
Mcafee Endpoint Security 10.6.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »