Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
imperva vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2013-4095
plain/actionsets.html in the SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows remote authenticated users to execute arbitrary commands via a task with a [command].value field in conjunction with an [arguments].value field.
Imperva Securesphere 9.0.0.5
1 EDB exploit
7.2
CVSSv2
CVE-2018-5412
Imperva SecureSphere running v12.0.0.50 is vulnerable to local arbitrary code execution, escaping sealed-mode.
Imperva Securesphere 12.0.0.50
6.5
CVSSv2
CVE-2013-4094
The Key Management feature in the SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows remote authenticated users to upload executable files via the (1) private_key or (2) public_key parameter in a T/keyManagement request to plain/setting...
Imperva Securesphere 9.0.0.5
1 EDB exploit
7.5
CVSSv2
CVE-2021-45468
Imperva Web Application Firewall (WAF) prior to 2021-12-23 allows remote unauthenticated malicious users to use "Content-Encoding: gzip" to evade WAF security controls and send malicious HTTP POST requests to web servers behind the WAF.
Imperva Web Application Firewall
7.5
CVSSv2
CVE-2011-5266
Imperva SecureSphere Web Application Firewall (WAF) prior to 12-august-2010 allows SQL injection filter bypass.
Imperva Securesphere Web Application Firewall
4.3
CVSSv2
CVE-2011-4887
Cross-site scripting (XSS) vulnerability in the Violations Table in the management GUI in the MX Management Server in Imperva SecureSphere Web Application Firewall (WAF) 9.0 allows remote malicious users to inject arbitrary web script or HTML via the username field.
Imperva Securesphere Web Application Firewall 9.0
NA
CVE-2023-50969
Thales Imperva SecureSphere WAF 14.7.0.40 allows remote malicious users to bypass WAF rules via a crafted POST request, a different vulnerability than CVE-2021-45468.
NA
CVE-2023-40180
silverstripe-graphql is a package which serves Silverstripe data in GraphQL representations. An attacker could use a recursive graphql query to execute a Distributed Denial of Service attack (DDOS attack) against a website. This mostly affects websites with publicly exposed grap...
Silverstripe Graphql
10
CVSSv2
CVE-2006-0265
Multiple unspecified vulnerabilities in Oracle Database server 8.1.7.4, 9.0.1.5, 9.2.0.7, 10.1.0.5, and 10.2.0.1 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) DB17 in the Oracle Text component and (2) DB18 in the Program Interface Network component...
Oracle Database Server 10.1.0.5
Oracle Database Server 9.2.0.7
Oracle Database Server 10.2.0.1
Oracle Database Server 8.1.7.4
Oracle Database Server 9.0.1.5
7.5
CVSSv2
CVE-2004-0204
Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows ...
Bea Weblogic Server 8.1
Businessobjects Crystal Reports 10
Businessobjects Crystal Reports 9
Businessobjects Crystal Enterprise Java Sdk 8.5
Businessobjects Crystal Enterprise Ras 8.5
Borland Software J Builder
Microsoft Business Solutions Crm 1.2
Microsoft Outlook 2003
Businessobjects Crystal Enterprise 10
Businessobjects Crystal Enterprise 9
Microsoft Visual Studio .net 2003
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2