Advisories

Bug Title CVE/Ref Vendor/Software Date
Remote Agent Configuration Settings Information Disclosure ZDI-CAN-4283 Trend Micro Data Loss Prevention Management Server <= 5.6 Apr 2017
dlpCrawlerServerInvoker Deserialization of Untrusted Data ZDI-CAN-4284 Trend Micro Data Loss Prevention Management Server <= 5.6 Apr 2017
listLogDatas SQL Injection ZDI-CAN-4141 Trend Micro Data Loss Prevention Management Server <= 5.6 Apr 2017
listEndPointDocScanResultLIs SQL Injection ZDI-CAN-4142 Trend Micro Data Loss Prevention Management Server <= 5.6 Apr 2017
listReportDatas SQL Injection ZDI-CAN-4143 Trend Micro Data Loss Prevention Management Server <= 5.6 Apr 2017
listRoleDatas SQL Injection ZDI-CAN-4144 Trend Micro Data Loss Prevention Management Server <= 5.6 Apr 2017
getSourceAcquisitionHistory SQL Injection ZDI-CAN-4145 Trend Micro Data Loss Prevention Management Server <= 5.6 Apr 2017
listFingerprints SQL Injection ZDI-CAN-4131 Trend Micro Data Loss Prevention Management Server <= 5.6 Apr 2017
listReportDefs SQL Injection ZDI-CAN-4133 Trend Micro Data Loss Prevention Management Server <= 5.6 Apr 2017
listEndpoints SQL Injection ZDI-CAN-4134 Trend Micro Data Loss Prevention Management Server <= 5.6 Apr 2017
listEntities SQL Injection ZDI-CAN-4136 Trend Micro Data Loss Prevention Management Server <= 5.6 Apr 2017
listKeywords SQL Injection ZDI-CAN-4137 Trend Micro Data Loss Prevention Management Server <= 5.6 Apr 2017
fileAttribList SQL Injection ZDI-CAN-4146 Trend Micro Data Loss Prevention Management Server <= 5.6 Apr 2017
importComplianceTemplate XXE Processing File Disclosure ZDI-CAN-4138 Trend Micro Data Loss Prevention Management Server <= 5.6 Apr 2017
dataManagementList Remote File Delete DoS ZDI-CAN-4120 Trend Micro Data Loss Prevention Management Server <= 5.6 Apr 2017
exportdatatojsp Directory Trevrsal File Disclosure ZDI-CAN-4119 Trend Micro Data Loss Prevention Management Server <= 5.6 Apr 2017
Session Generation Authentication Bypass CVE-2016-8584 Trend Micro Threat Discovery Appliance <= 2.6.1062r1 Apr 2017
Directory Traversal Authentication Bypass CVE-2016-7552 Trend Micro Threat Discovery Appliance <= 2.6.1062r1 Apr 2017
Command Injection Remote Code Execution CVE-2016-8586 Trend Micro Threat Discovery Appliance <= 2.6.1062r1 Apr 2017
Information Disclosure CVE-2016-7547 Trend Micro Threat Discovery Appliance <= 2.6.1062r1 Apr 2017
Command Injection Remote Code Execution CVE-2016-8585 Trend Micro Threat Discovery Appliance <= 2.6.1062r1 Apr 2017
dlp_policy_upload.cgi Remote Code Execution CVE-2016-8587 Trend Micro Threat Discovery Appliance <= 2.6.1062r1 Apr 2017
hotfix_upload.cgi Command Injection Remote Code Execution CVE-2016-8588 Trend Micro Threat Discovery Appliance <= 2.6.1062r1 Apr 2017
log_query_dlp.cgi Command Injection Remote Code Execution CVE-2016-8589 Trend Micro Threat Discovery Appliance <= 2.6.1062r1 Apr 2017
log_query_dae.cgi Command Injection Remote Code Execution CVE-2016-8590 Trend Micro Threat Discovery Appliance <= 2.6.1062r1 Apr 2017
log_query.cgi Command Injection Remote Code Execution CVE-2016-8591 Trend Micro Threat Discovery Appliance <= 2.6.1062r1 Apr 2017
log_query_system.cgi Command Injection Remote Code Execution CVE-2016-8592 Trend Micro Threat Discovery Appliance <= 2.6.1062r1 Apr 2017
upload.cgi Remote Code Execution Vulnerability CVE-2016-8593 Trend Micro Threat Discovery Appliance <= 2.6.1062r1 Apr 2017
Reflected Cross Site Scripting CVE-2017-5599 eClinicalWorks Patient Portal 7.0 build 13 Jan 2017
SQL Injection CVE-2017-5598 eClinicalWorks healow@work 8.0 build 8 Jan 2017
SQL Injection CVE-2017-5570 eClinicalWorks Patient Portal 7.0 build 13 Jan 2017
SQL Injection CVE-2017-5569 eClinicalWorks Patient Portal 7.0 build 13 Jan 2017
UXSS CVE-2016-8011 McAfee Endpoint Security 10.2 and SiteAdvisor Enterprise 3.5 Dec 2016
Unauthenticated Remote Code Execution CVE-2016-9796 Alcatel Lucent Omnivista 8770 2.0, 2.6, 3.0 and 3.1 Dec 2016
Privilege Escalation CVE-2016-2246 HP ThinPro 4.4, 5.0, 5.1, 5.2, 5.2.1, 6.0, 6.1 Oct 2016
PDF Library Information Disclosure CVE-2016-3374 Microsoft Windows 8.1, Windows Server 2012, Windows RT 8.1, Windows Server 2012 R2, and Windows 10 Oct 2016
Predictable Session CVE-2015-3326 Trend Micro SMEX 10 SP2 May 2016
ReDoS CVE-2015-2526 .NET Framework 4.5, 4.5.1, 4.5.2 and 4.6 September 2015
External JAR Injection CVE-2015-2630 Oracle e-Business Suite 11.5.10.2, 12.0.6, 12.1.3 July 2015
Multiple Vulnerabilities CVE-2015-2159 / CVE-2015-2160 / CVE-2015-2161 / CVE-2015-2162 / CVE-2015-2163 / CVE-2015-2164 / CVE-2015-2240 FootPrints Service Core 11.0, 11.1, 11.6, 11.5 May 2015
Root shell access - Kiosk Bypass n/a HP Thin Pro OS - T6X44017 Apr 2015
Remote Code Execution and multiple vulnerabilities CVE-2014-5287/5288 Kemp Load Master (load balancer) v.7.1-16 Apr 2015
Multiple vulnerabilities CVE-2014-0844, CVE-2014-0845 and CVE-2014-0846 IBM Rational Doors Next Generation, Composer and Requirements Feb 2014
Reflected Cross Site Scripting CVE-2013-6956 Juniper - Junos Pulse Secure Access Service - SA700, SA2000, SA2500, SA4000, FIPS SA4000, SA4500, FIPS SA4500, SA6000, FIPS SA6000, SA6500, FIPS SA6500, MAG2600, MAG4610, MAG6610, and MAG6611 Apr 2014
Multiple vulnerabilities CVE-2014-0844, CVE-2014-0845 and CVE-2014-0846 IBM Rational Doors Next Generation, Composer and Requirements Feb 2014
WAF Bypass n/a Barracuda Web Application Firewall Oct 2013
Multiple Reflected XSS, 2 ESRI - ArcGIS for Server 10.1, 10.2 Sep 2013
Unrestricted File Upload CVE-2013-5221 ESRI - ArcGIS for Server 10.1, 10.2 Sep 2013
Cross Context Scripting (XCS) - about:history - Remote Code Execution TBA Maxthon Dec 2012
Cross Context Scripting (XCS) - RSS - Remote Code Execution TBA Maxthon Dec 2012
Privileged API Available On i.maxthon.com TBA Maxthon Dec 2012
Cross Context Scripting (XCS) - Bookmark Toolbar and Bookmark Sidebar TBA Maxthon Dec 2012
Incorrect Executable File Handling and Same Origin Policy Implementation TBA Maxthon Dec 2012
Same of Origin Policy Bypass - browser:home TBA Avant Browser Dec 2012
Cross Context Scripting - browser:home - Most Visited And History Tabs TBA Avant Browser Dec 2012
Avant Browser - Stored Cross Site Scripting - Feed Reader (browser://localhost/lst?*) TBA Avant Browser Dec 2012
CSRF 2012-0550 Oracle GlassFish Server Apr 2012
Multiple Cross Site Scripting 2012-0551 Oracle GlassFish Server Apr 2012
Use After Free 2011-4152 Opera Oct 2011
DOM Cross Site Scripting 2011-2133 Adobe RoboHelp 9 Aug 2011
ParanoidFragmentSink allows javascript: URLs in chrome documents pdf (section 2.8) 2010-1585 Mozilla Firefox / Thunderbird Mar 2011
Session Fixation 2010-4437 Oracle WebLogic Server Mar 2011
Multiple Cross Site Scripting Vulnerabilities 2010-2406 Oracle eBusiness Application Oct 2010
HTTP Response Splitting 2010-3514 Oracle Sun Java System Web Server Oct 2010
SOP Bypass 2010-3573 Oracle JRE java.net.URLConnection Oct 2010
XML Entity and XML Injections 2009-3960 Multiple Adobe Products Feb 2010
Chrome Privilege Code Execution Update Scanner Aug 2009
Chrome Privilege Code Execution Coolpreviews Aug 2009
Stored Cross Site Scripting 2008-4725 Opera Oct 2008
Stored Cross Site Scripting Google Analytics Oct 2008
Local File Disclosure 2008-2045 SugarCRM Apr 2008
Reflected Cross Site Scripting DotNetNuke Aug 2006

No comments: