Advisories

Bug Title	CVE/Ref	Vendor/Software	Date
Multiple Unauthenticated Stored Cross Site Scripting	CVE-2019-3769 / CVE-2019-3770	Dell Wyse Management	Nov 2019
Sensitive Data Retrieval Possible Without Authentication	CVE-2019-2761	Oracle e-Business Suite	Oct 2019
Unauthenticated Stored XSS	CVE-2019-3591	McAfee ePolicy Orchestrator 11.2.x or earlier	Jul 2019
Multiple vulnerabilities (XSS, SSRF)	n/a	Microsoft PowerBI Report Server version 15	Apr 2019
Multiple vulnerabilities (SQLi, LFI, XSS)	612518, 612524, 612523, 612522	Lansweeper 6.0.130.62, Lspush 6.0.100.32	Feb 2018
SQL Injection Information Disclosure	ZDI-CAN-4409	Trend Micro SafeSync for Enterprise	Mar 2017
SQL Injection Remote Code Execution	ZDI-CAN-4642/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4643/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4644/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4645/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4646/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4647/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4648/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4649/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4650/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4651/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4652/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4653/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4654/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4656/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4657/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4658/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4659/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4660/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4661/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4662/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4663/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4664/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4665/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4666/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4667/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4668/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4670/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4672/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4676/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4678/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4680/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4682/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4685/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4686/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4687/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4688/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4690/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4691/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4692/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4693/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
Unrestricted File Upload Remote Code Execution	ZDI-CAN-4780/CVE-2017-14079	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4781/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4782/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4783/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
Unrestricted File Upload Remote Code Execution	ZDI-CAN-4784/CVE-2017-14079	Trend Micro Mobile Security for Enterprise	Sep 2017
Unrestricted File Upload Remote Code Execution	ZDI-CAN-4785/CVE-2017-14079	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4786/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4786/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4788/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4790/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4791/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4792/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4793/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4794/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4796/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4797/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4801/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4803/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4804/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
Unrestricted File Upload Remote Code Execution	ZDI-CAN-4805/CVE-2017-14079	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4806/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4679/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4683/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
Remote Agent Configuration Settings Information Disclosure	ZDI-CAN-4283	Trend Micro Data Loss Prevention Management Server <= 5.6	Apr 2017
dlpCrawlerServerInvoker Deserialization of Untrusted Data	ZDI-CAN-4284	Trend Micro Data Loss Prevention Management Server <= 5.6	Apr 2017
listLogDatas SQL Injection	ZDI-CAN-4141	Trend Micro Data Loss Prevention Management Server <= 5.6	Apr 2017
listEndPointDocScanResultLIs SQL Injection	ZDI-CAN-4142	Trend Micro Data Loss Prevention Management Server <= 5.6	Apr 2017
listReportDatas SQL Injection	ZDI-CAN-4143	Trend Micro Data Loss Prevention Management Server <= 5.6	Apr 2017
listRoleDatas SQL Injection	ZDI-CAN-4144	Trend Micro Data Loss Prevention Management Server <= 5.6	Apr 2017
getSourceAcquisitionHistory SQL Injection	ZDI-CAN-4145	Trend Micro Data Loss Prevention Management Server <= 5.6	Apr 2017
listFingerprints SQL Injection	ZDI-CAN-4131	Trend Micro Data Loss Prevention Management Server <= 5.6	Apr 2017
listReportDefs SQL Injection	ZDI-CAN-4133	Trend Micro Data Loss Prevention Management Server <= 5.6	Apr 2017
listEndpoints SQL Injection	ZDI-CAN-4134	Trend Micro Data Loss Prevention Management Server <= 5.6	Apr 2017
listEntities SQL Injection	ZDI-CAN-4136	Trend Micro Data Loss Prevention Management Server <= 5.6	Apr 2017
listKeywords SQL Injection	ZDI-CAN-4137	Trend Micro Data Loss Prevention Management Server <= 5.6	Apr 2017
fileAttribList SQL Injection	ZDI-CAN-4146	Trend Micro Data Loss Prevention Management Server <= 5.6	Apr 2017
importComplianceTemplate XXE Processing File Disclosure	ZDI-CAN-4138	Trend Micro Data Loss Prevention Management Server <= 5.6	Apr 2017
dataManagementList Remote File Delete DoS	ZDI-CAN-4120	Trend Micro Data Loss Prevention Management Server <= 5.6	Apr 2017
exportdatatojsp Directory Trevrsal File Disclosure	ZDI-CAN-4119	Trend Micro Data Loss Prevention Management Server <= 5.6	Apr 2017
Session Generation Authentication Bypass	CVE-2016-8584	Trend Micro Threat Discovery Appliance <= 2.6.1062r1	Apr 2017
Directory Traversal Authentication Bypass	CVE-2016-7552	Trend Micro Threat Discovery Appliance <= 2.6.1062r1	Apr 2017
Command Injection Remote Code Execution	CVE-2016-8586	Trend Micro Threat Discovery Appliance <= 2.6.1062r1	Apr 2017
Information Disclosure	CVE-2016-7547	Trend Micro Threat Discovery Appliance <= 2.6.1062r1	Apr 2017
Command Injection Remote Code Execution	CVE-2016-8585	Trend Micro Threat Discovery Appliance <= 2.6.1062r1	Apr 2017
dlp_policy_upload.cgi Remote Code Execution	CVE-2016-8587	Trend Micro Threat Discovery Appliance <= 2.6.1062r1	Apr 2017
hotfix_upload.cgi Command Injection Remote Code Execution	CVE-2016-8588	Trend Micro Threat Discovery Appliance <= 2.6.1062r1	Apr 2017
log_query_dlp.cgi Command Injection Remote Code Execution	CVE-2016-8589	Trend Micro Threat Discovery Appliance <= 2.6.1062r1	Apr 2017
log_query_dae.cgi Command Injection Remote Code Execution	CVE-2016-8590	Trend Micro Threat Discovery Appliance <= 2.6.1062r1	Apr 2017
log_query.cgi Command Injection Remote Code Execution	CVE-2016-8591	Trend Micro Threat Discovery Appliance <= 2.6.1062r1	Apr 2017
log_query_system.cgi Command Injection Remote Code Execution	CVE-2016-8592	Trend Micro Threat Discovery Appliance <= 2.6.1062r1	Apr 2017
upload.cgi Remote Code Execution Vulnerability	CVE-2016-8593	Trend Micro Threat Discovery Appliance <= 2.6.1062r1	Apr 2017
Reflected Cross Site Scripting	CVE-2017-5599	eClinicalWorks Patient Portal 7.0 build 13	Jan 2017
SQL Injection	CVE-2017-5598	eClinicalWorks healow@work 8.0 build 8	Jan 2017
SQL Injection	CVE-2017-5570	eClinicalWorks Patient Portal 7.0 build 13	Jan 2017
SQL Injection	CVE-2017-5569	eClinicalWorks Patient Portal 7.0 build 13	Jan 2017
UXSS	CVE-2016-8011	McAfee Endpoint Security 10.2 and SiteAdvisor Enterprise 3.5	Dec 2016
Unauthenticated Remote Code Execution	CVE-2016-9796	Alcatel Lucent Omnivista 8770 2.0, 2.6, 3.0 and 3.1	Dec 2016
Privilege Escalation	CVE-2016-2246	HP ThinPro 4.4, 5.0, 5.1, 5.2, 5.2.1, 6.0, 6.1	Oct 2016
PDF Library Information Disclosure	CVE-2016-3374	Microsoft Windows 8.1, Windows Server 2012, Windows RT 8.1, Windows Server 2012 R2, and Windows 10	Oct 2016
Predictable Session	CVE-2015-3326	Trend Micro SMEX 10 SP2	May 2016
ReDoS	CVE-2015-2526	Microsoft .NET Framework 4.5, 4.5.1, 4.5.2 and 4.6	September 2015
External JAR Injection	CVE-2015-2630	Oracle e-Business Suite 11.5.10.2, 12.0.6, 12.1.3	July 2015
Multiple Vulnerabilities	CVE-2015-2159 / CVE-2015-2160 / CVE-2015-2161 / CVE-2015-2162 / CVE-2015-2163 / CVE-2015-2164 / CVE-2015-2240	FootPrints Service Core 11.0, 11.1, 11.6, 11.5	May 2015
Root shell access - Kiosk Bypass	n/a	HP Thin Pro OS - T6X44017	Apr 2015
Remote Code Execution and multiple vulnerabilities	CVE-2014-5287/5288	Kemp Load Master (load balancer) v.7.1-16	Apr 2015
Multiple vulnerabilities	CVE-2014-0844, CVE-2014-0845 and CVE-2014-0846	IBM Rational Doors Next Generation, Composer and Requirements	Feb 2014
Reflected Cross Site Scripting	CVE-2013-6956	Juniper - Junos Pulse Secure Access Service - SA700, SA2000, SA2500, SA4000, FIPS SA4000, SA4500, FIPS SA4500, SA6000, FIPS SA6000, SA6500, FIPS SA6500, MAG2600, MAG4610, MAG6610, and MAG6611	Apr 2014
Multiple vulnerabilities	CVE-2014-0844, CVE-2014-0845 and CVE-2014-0846	IBM Rational Doors Next Generation, Composer and Requirements	Feb 2014
WAF Bypass	n/a	Barracuda Web Application Firewall	Oct 2013
Multiple Reflected XSS, 2	ESRI - ArcGIS for Server 10.1, 10.2	Sep 2013
Unrestricted File Upload	CVE-2013-5221	ESRI - ArcGIS for Server 10.1, 10.2	Sep 2013
Cross Context Scripting (XCS) - about:history - Remote Code Execution	TBA	Maxthon	Dec 2012
Cross Context Scripting (XCS) - RSS - Remote Code Execution	TBA	Maxthon	Dec 2012
Privileged API Available On i.maxthon.com	TBA	Maxthon	Dec 2012
Cross Context Scripting (XCS) - Bookmark Toolbar and Bookmark Sidebar	TBA	Maxthon	Dec 2012
Incorrect Executable File Handling and Same Origin Policy Implementation	TBA	Maxthon	Dec 2012
Same of Origin Policy Bypass - browser:home	TBA	Avant Browser	Dec 2012
Cross Context Scripting - browser:home - Most Visited And History Tabs	TBA	Avant Browser	Dec 2012
Avant Browser - Stored Cross Site Scripting - Feed Reader (browser://localhost/lst?*)	TBA	Avant Browser	Dec 2012
CSRF	2012-0550	Oracle GlassFish Server	Apr 2012
Multiple Cross Site Scripting	2012-0551	Oracle GlassFish Server	Apr 2012
Use After Free	2011-4152	Opera	Oct 2011
DOM Cross Site Scripting	2011-2133	Adobe RoboHelp 9	Aug 2011
ParanoidFragmentSink allows javascript: URLs in chrome documents	2010-1585	Mozilla Firefox / Thunderbird	Mar 2011
Session Fixation	2010-4437	Oracle WebLogic Server	Mar 2011
Multiple Cross Site Scripting Vulnerabilities	2010-2406	Oracle eBusiness Application	Oct 2010
HTTP Response Splitting	2010-3514	Oracle Sun Java System Web Server	Oct 2010
SOP Bypass	2010-3573	Oracle JRE java.net.URLConnection	Oct 2010
XML Entity and XML Injections	2009-3960	Multiple Adobe Products	Feb 2010
Chrome Privilege Code Execution		Update Scanner	Aug 2009
Chrome Privilege Code Execution		Coolpreviews	Aug 2009
Stored Cross Site Scripting	2008-4725	Opera	Oct 2008
Stored Cross Site Scripting		Google Analytics	Oct 2008
Local File Disclosure	2008-2045	SugarCRM	Apr 2008
Reflected Cross Site Scripting		DotNetNuke	Aug 2006

malerisch.net

Search This Blog

Advisories

Comments

Popular posts from this blog

TrendMicro ScanMail for Microsoft Exchange (SMEX) predictable session token - CVE-2015-3326

Alcatel Lucent Omnivista or: How I learned GIOP and gained Unauthenticated Remote Code Execution (CVE-2016-9796)

Microsoft .NET MVC ReDoS (Denial of Service) Vulnerability - CVE-2015-2526 (MS15-101)