| Bug Title | CVE/Ref | Vendor/Software | Date | |
| Remote Agent Configuration Settings Information Disclosure | ZDI-CAN-4283 | Trend Micro Data Loss Prevention Management Server <= 5.6 | Apr 2017 | |
| dlpCrawlerServerInvoker Deserialization of Untrusted Data | ZDI-CAN-4284 | Trend Micro Data Loss Prevention Management Server <= 5.6 | Apr 2017 | |
| listLogDatas SQL Injection | ZDI-CAN-4141 | Trend Micro Data Loss Prevention Management Server <= 5.6 | Apr 2017 | |
| listEndPointDocScanResultLIs SQL Injection | ZDI-CAN-4142 | Trend Micro Data Loss Prevention Management Server <= 5.6 | Apr 2017 | |
| listReportDatas SQL Injection | ZDI-CAN-4143 | Trend Micro Data Loss Prevention Management Server <= 5.6 | Apr 2017 | |
| listRoleDatas SQL Injection | ZDI-CAN-4144 | Trend Micro Data Loss Prevention Management Server <= 5.6 | Apr 2017 | |
| getSourceAcquisitionHistory SQL Injection | ZDI-CAN-4145 | Trend Micro Data Loss Prevention Management Server <= 5.6 | Apr 2017 | |
| listFingerprints SQL Injection | ZDI-CAN-4131 | Trend Micro Data Loss Prevention Management Server <= 5.6 | Apr 2017 | |
| listReportDefs SQL Injection | ZDI-CAN-4133 | Trend Micro Data Loss Prevention Management Server <= 5.6 | Apr 2017 | |
| listEndpoints SQL Injection | ZDI-CAN-4134 | Trend Micro Data Loss Prevention Management Server <= 5.6 | Apr 2017 | |
| listEntities SQL Injection | ZDI-CAN-4136 | Trend Micro Data Loss Prevention Management Server <= 5.6 | Apr 2017 | |
| listKeywords SQL Injection | ZDI-CAN-4137 | Trend Micro Data Loss Prevention Management Server <= 5.6 | Apr 2017 | |
| fileAttribList SQL Injection | ZDI-CAN-4146 | Trend Micro Data Loss Prevention Management Server <= 5.6 | Apr 2017 | |
| importComplianceTemplate XXE Processing File Disclosure | ZDI-CAN-4138 | Trend Micro Data Loss Prevention Management Server <= 5.6 | Apr 2017 | |
| dataManagementList Remote File Delete DoS | ZDI-CAN-4120 | Trend Micro Data Loss Prevention Management Server <= 5.6 | Apr 2017 | |
| exportdatatojsp Directory Trevrsal File Disclosure | ZDI-CAN-4119 | Trend Micro Data Loss Prevention Management Server <= 5.6 | Apr 2017 | |
| Session Generation Authentication Bypass | CVE-2016-8584 | Trend Micro Threat Discovery Appliance <= 2.6.1062r1 | Apr 2017 | |
| Directory Traversal Authentication Bypass | CVE-2016-7552 | Trend Micro Threat Discovery Appliance <= 2.6.1062r1 | Apr 2017 | |
| Command Injection Remote Code Execution | CVE-2016-8586 | Trend Micro Threat Discovery Appliance <= 2.6.1062r1 | Apr 2017 | |
| Information Disclosure | CVE-2016-7547 | Trend Micro Threat Discovery Appliance <= 2.6.1062r1 | Apr 2017 | |
| Command Injection Remote Code Execution | CVE-2016-8585 | Trend Micro Threat Discovery Appliance <= 2.6.1062r1 | Apr 2017 | |
| dlp_policy_upload.cgi Remote Code Execution | CVE-2016-8587 | Trend Micro Threat Discovery Appliance <= 2.6.1062r1 | Apr 2017 | |
| hotfix_upload.cgi Command Injection Remote Code Execution | CVE-2016-8588 | Trend Micro Threat Discovery Appliance <= 2.6.1062r1 | Apr 2017 | |
| log_query_dlp.cgi Command Injection Remote Code Execution | CVE-2016-8589 | Trend Micro Threat Discovery Appliance <= 2.6.1062r1 | Apr 2017 | |
| log_query_dae.cgi Command Injection Remote Code Execution | CVE-2016-8590 | Trend Micro Threat Discovery Appliance <= 2.6.1062r1 | Apr 2017 | |
| log_query.cgi Command Injection Remote Code Execution | CVE-2016-8591 | Trend Micro Threat Discovery Appliance <= 2.6.1062r1 | Apr 2017 | |
| log_query_system.cgi Command Injection Remote Code Execution | CVE-2016-8592 | Trend Micro Threat Discovery Appliance <= 2.6.1062r1 | Apr 2017 | |
| upload.cgi Remote Code Execution Vulnerability | CVE-2016-8593 | Trend Micro Threat Discovery Appliance <= 2.6.1062r1 | Apr 2017 | |
| Reflected Cross Site Scripting | CVE-2017-5599 | eClinicalWorks Patient Portal 7.0 build 13 | Jan 2017 | |
| SQL Injection | CVE-2017-5598 | eClinicalWorks healow@work 8.0 build 8 | Jan 2017 | |
| SQL Injection | CVE-2017-5570 | eClinicalWorks Patient Portal 7.0 build 13 | Jan 2017 | |
| SQL Injection | CVE-2017-5569 | eClinicalWorks Patient Portal 7.0 build 13 | Jan 2017 | |
| UXSS | CVE-2016-8011 | McAfee Endpoint Security 10.2 and SiteAdvisor Enterprise 3.5 | Dec 2016 | |
| Unauthenticated Remote Code Execution | CVE-2016-9796 | Alcatel Lucent Omnivista 8770 2.0, 2.6, 3.0 and 3.1 | Dec 2016 | |
| Privilege Escalation | CVE-2016-2246 | HP ThinPro 4.4, 5.0, 5.1, 5.2, 5.2.1, 6.0, 6.1 | Oct 2016 | |
| PDF Library Information Disclosure | CVE-2016-3374 | Microsoft Windows 8.1, Windows Server 2012, Windows RT 8.1, Windows Server 2012 R2, and Windows 10 | Oct 2016 | |
| Predictable Session | CVE-2015-3326 | Trend Micro SMEX 10 SP2 | May 2016 | |
| ReDoS | CVE-2015-2526 | .NET Framework 4.5, 4.5.1, 4.5.2 and 4.6 | September 2015 | |
| External JAR Injection | CVE-2015-2630 | Oracle e-Business Suite 11.5.10.2, 12.0.6, 12.1.3 | July 2015 | |
| Multiple Vulnerabilities | CVE-2015-2159 / CVE-2015-2160 / CVE-2015-2161 / CVE-2015-2162 / CVE-2015-2163 / CVE-2015-2164 / CVE-2015-2240 | FootPrints Service Core 11.0, 11.1, 11.6, 11.5 | May 2015 | |
| Root shell access - Kiosk Bypass | n/a | HP Thin Pro OS - T6X44017 | Apr 2015 | |
| Remote Code Execution and multiple vulnerabilities | CVE-2014-5287/5288 | Kemp Load Master (load balancer) v.7.1-16 | Apr 2015 | |
| Multiple vulnerabilities | CVE-2014-0844, CVE-2014-0845 and CVE-2014-0846 | IBM Rational Doors Next Generation, Composer and Requirements | Feb 2014 | |
| Reflected Cross Site Scripting | CVE-2013-6956 | Juniper - Junos Pulse Secure Access Service - SA700, SA2000, SA2500, SA4000, FIPS SA4000, SA4500, FIPS SA4500, SA6000, FIPS SA6000, SA6500, FIPS SA6500, MAG2600, MAG4610, MAG6610, and MAG6611 | Apr 2014 | |
| Multiple vulnerabilities | CVE-2014-0844, CVE-2014-0845 and CVE-2014-0846 | IBM Rational Doors Next Generation, Composer and Requirements | Feb 2014 | |
| WAF Bypass | n/a | Barracuda Web Application Firewall | Oct 2013 | |
| Multiple Reflected XSS, 2 | ESRI - ArcGIS for Server 10.1, 10.2 | Sep 2013 | ||
| Unrestricted File Upload | CVE-2013-5221 | ESRI - ArcGIS for Server 10.1, 10.2 | Sep 2013 | |
| Cross Context Scripting (XCS) - about:history - Remote Code Execution | TBA | Maxthon | Dec 2012 | |
| Cross Context Scripting (XCS) - RSS - Remote Code Execution | TBA | Maxthon | Dec 2012 | |
| Privileged API Available On i.maxthon.com | TBA | Maxthon | Dec 2012 | |
| Cross Context Scripting (XCS) - Bookmark Toolbar and Bookmark Sidebar | TBA | Maxthon | Dec 2012 | |
| Incorrect Executable File Handling and Same Origin Policy Implementation | TBA | Maxthon | Dec 2012 | |
| Same of Origin Policy Bypass - browser:home | TBA | Avant Browser | Dec 2012 | |
| Cross Context Scripting - browser:home - Most Visited And History Tabs | TBA | Avant Browser | Dec 2012 | |
| Avant Browser - Stored Cross Site Scripting - Feed Reader (browser://localhost/lst?*) | TBA | Avant Browser | Dec 2012 | |
| CSRF | 2012-0550 | Oracle GlassFish Server | Apr 2012 | |
| Multiple Cross Site Scripting | 2012-0551 | Oracle GlassFish Server | Apr 2012 | |
| Use After Free | 2011-4152 | Opera | Oct 2011 | |
| DOM Cross Site Scripting | 2011-2133 | Adobe RoboHelp 9 | Aug 2011 | |
| ParanoidFragmentSink allows javascript: URLs in chrome documents | pdf (section 2.8) | 2010-1585 | Mozilla Firefox / Thunderbird | Mar 2011 |
| Session Fixation | 2010-4437 | Oracle WebLogic Server | Mar 2011 | |
| Multiple Cross Site Scripting Vulnerabilities | 2010-2406 | Oracle eBusiness Application | Oct 2010 | |
| HTTP Response Splitting | 2010-3514 | Oracle Sun Java System Web Server | Oct 2010 | |
| SOP Bypass | 2010-3573 | Oracle JRE java.net.URLConnection | Oct 2010 | |
| XML Entity and XML Injections | 2009-3960 | Multiple Adobe Products | Feb 2010 | |
| Chrome Privilege Code Execution | Update Scanner | Aug 2009 | ||
| Chrome Privilege Code Execution | Coolpreviews | Aug 2009 | ||
| Stored Cross Site Scripting | 2008-4725 | Opera | Oct 2008 | |
| Stored Cross Site Scripting | Google Analytics | Oct 2008 | ||
| Local File Disclosure | 2008-2045 | SugarCRM | Apr 2008 | |
| Reflected Cross Site Scripting | DotNetNuke | Aug 2006 |
Advisories
Subscribe to:
Posts (Atom)
No comments:
New comments are not allowed.