Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
leandro barragan vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2017-140973
Trend Micro Smart Protection Server version 3.2 suffers from access control bypass, cross site scripting, information disclosure, and various other vulnerabilities.
4.3
CVSSv2
CVE-2018-11133
The 'fmt' parameter of the '/common/run_cross_report.php' script in the the Quest KACE System Management Appliance 8.0.318 is vulnerable to cross-site scripting.
Quest Kace System Management Appliance 8.0.318
6
CVSSv2
CVE-2018-11135
The script '/adminui/error_details.php' in the Quest KACE System Management Appliance 8.0.318 allows authenticated users to conduct PHP object injection attacks.
Quest Kace System Management Appliance 8.0.318
4
CVSSv2
CVE-2018-11137
The 'checksum' parameter of the '/common/download_attachment.php' script in the Quest KACE System Management Appliance 8.0.318 can be abused to read arbitrary files with 'www' privileges via Directory Traversal. No administrator privileges are needed...
Quest Kace System Management Appliance 8.0.318
7.5
CVSSv2
CVE-2018-11141
The 'IMAGES_JSON' and 'attachments_to_remove[]' parameters of the '/adminui/advisory.php' script in the Quest KACE System Management Virtual Appliance 8.0.318 can be abused to write and delete files respectively via Directory Traversal. Files can be ...
Quest Kace System Management Appliance 8.0.318
2.1
CVSSv2
CVE-2018-11142
The 'systemui/settings_network.php' and 'systemui/settings_patching.php' scripts in the Quest KACE System Management Appliance 8.0.318 are accessible only from localhost. This restriction can be bypassed by modifying the 'Host' and 'X_Forwarded_...
Quest Kace System Management Appliance 8.0.318
NA
CVE-2018-62303
Trend Micro Email Encryption Gateway suffers from cleartext transmission of sensitive information, missing authentication, cross site request forgery, cross site scripting, and various other vulnerabilities.
9
CVSSv2
CVE-2018-11132
In order to perform actions that require higher privileges, the Quest KACE System Management Appliance 8.0.318 relies on a message queue that runs daemonized with root privileges and only allows a set of commands to be executed. A command injection vulnerability exists within thi...
Quest Kace System Management Appliance 8.0.318
9
CVSSv2
CVE-2018-11134
In order to perform actions that requires higher privileges, the Quest KACE System Management Appliance 8.0.318 relies on a message queue managed that runs with root privileges and only allows a set of commands. One of the available commands allows changing any user's passwo...
Quest Kace System Management Appliance 8.0.318
7.5
CVSSv2
CVE-2018-11136
The 'orgID' parameter received by the '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance 8.0.318 is not sanitized, leading to SQL injection (in particular, a blind time-based type).
Quest Kace System Management Appliance 8.0.318
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
firewall
CVE-2024-35649
stored XSS
CVE-2022-28654
CVE-2020-35153
CVE-2024-27348
CVE-2022-28652
local users
CVE-2017-3506
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »