Advisories

Bug Title	CVE/Ref	Vendor/Software	Date
Multiple Unauthenticated Stored Cross Site Scripting	CVE-2019-3769 / CVE-2019-3770	Dell Wyse Management	Nov 2019
Sensitive Data Retrieval Possible Without Authentication	CVE-2019-2761	Oracle e-Business Suite	Oct 2019
Unauthenticated Stored XSS	CVE-2019-3591	McAfee ePolicy Orchestrator 11.2.x or earlier	Jul 2019
Multiple vulnerabilities (XSS, SSRF)	n/a	Microsoft PowerBI Report Server version 15	Apr 2019
Multiple vulnerabilities (SQLi, LFI, XSS)	612518, 612524, 612523, 612522	Lansweeper 6.0.130.62, Lspush 6.0.100.32	Feb 2018
SQL Injection Information Disclosure	ZDI-CAN-4409	Trend Micro SafeSync for Enterprise	Mar 2017
SQL Injection Remote Code Execution	ZDI-CAN-4642/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4643/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4644/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4645/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4646/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4647/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4648/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4649/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4650/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4651/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4652/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4653/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4654/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4656/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4657/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4658/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4659/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4660/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4661/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4662/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4663/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4664/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4665/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4666/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4667/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4668/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4670/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4672/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4676/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4678/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4680/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4682/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4685/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4686/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4687/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4688/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4690/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4691/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4692/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4693/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
Unrestricted File Upload Remote Code Execution	ZDI-CAN-4780/CVE-2017-14079	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4781/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4782/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4783/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
Unrestricted File Upload Remote Code Execution	ZDI-CAN-4784/CVE-2017-14079	Trend Micro Mobile Security for Enterprise	Sep 2017
Unrestricted File Upload Remote Code Execution	ZDI-CAN-4785/CVE-2017-14079	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4786/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4786/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4788/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4790/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4791/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4792/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4793/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4794/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4796/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4797/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4801/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4803/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4804/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
Unrestricted File Upload Remote Code Execution	ZDI-CAN-4805/CVE-2017-14079	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4806/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4679/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
SQL Injection Remote Code Execution	ZDI-CAN-4683/CVE-2017-14078	Trend Micro Mobile Security for Enterprise	Sep 2017
Remote Agent Configuration Settings Information Disclosure	ZDI-CAN-4283	Trend Micro Data Loss Prevention Management Server <= 5.6	Apr 2017
dlpCrawlerServerInvoker Deserialization of Untrusted Data	ZDI-CAN-4284	Trend Micro Data Loss Prevention Management Server <= 5.6	Apr 2017
listLogDatas SQL Injection	ZDI-CAN-4141	Trend Micro Data Loss Prevention Management Server <= 5.6	Apr 2017
listEndPointDocScanResultLIs SQL Injection	ZDI-CAN-4142	Trend Micro Data Loss Prevention Management Server <= 5.6	Apr 2017
listReportDatas SQL Injection	ZDI-CAN-4143	Trend Micro Data Loss Prevention Management Server <= 5.6	Apr 2017
listRoleDatas SQL Injection	ZDI-CAN-4144	Trend Micro Data Loss Prevention Management Server <= 5.6	Apr 2017
getSourceAcquisitionHistory SQL Injection	ZDI-CAN-4145	Trend Micro Data Loss Prevention Management Server <= 5.6	Apr 2017
listFingerprints SQL Injection	ZDI-CAN-4131	Trend Micro Data Loss Prevention Management Server <= 5.6	Apr 2017
listReportDefs SQL Injection	ZDI-CAN-4133	Trend Micro Data Loss Prevention Management Server <= 5.6	Apr 2017
listEndpoints SQL Injection	ZDI-CAN-4134	Trend Micro Data Loss Prevention Management Server <= 5.6	Apr 2017
listEntities SQL Injection	ZDI-CAN-4136	Trend Micro Data Loss Prevention Management Server <= 5.6	Apr 2017
listKeywords SQL Injection	ZDI-CAN-4137	Trend Micro Data Loss Prevention Management Server <= 5.6	Apr 2017
fileAttribList SQL Injection	ZDI-CAN-4146	Trend Micro Data Loss Prevention Management Server <= 5.6	Apr 2017
importComplianceTemplate XXE Processing File Disclosure	ZDI-CAN-4138	Trend Micro Data Loss Prevention Management Server <= 5.6	Apr 2017
dataManagementList Remote File Delete DoS	ZDI-CAN-4120	Trend Micro Data Loss Prevention Management Server <= 5.6	Apr 2017
exportdatatojsp Directory Trevrsal File Disclosure	ZDI-CAN-4119	Trend Micro Data Loss Prevention Management Server <= 5.6	Apr 2017
Session Generation Authentication Bypass	CVE-2016-8584	Trend Micro Threat Discovery Appliance <= 2.6.1062r1	Apr 2017
Directory Traversal Authentication Bypass	CVE-2016-7552	Trend Micro Threat Discovery Appliance <= 2.6.1062r1	Apr 2017
Command Injection Remote Code Execution	CVE-2016-8586	Trend Micro Threat Discovery Appliance <= 2.6.1062r1	Apr 2017
Information Disclosure	CVE-2016-7547	Trend Micro Threat Discovery Appliance <= 2.6.1062r1	Apr 2017
Command Injection Remote Code Execution	CVE-2016-8585	Trend Micro Threat Discovery Appliance <= 2.6.1062r1	Apr 2017
dlp_policy_upload.cgi Remote Code Execution	CVE-2016-8587	Trend Micro Threat Discovery Appliance <= 2.6.1062r1	Apr 2017
hotfix_upload.cgi Command Injection Remote Code Execution	CVE-2016-8588	Trend Micro Threat Discovery Appliance <= 2.6.1062r1	Apr 2017
log_query_dlp.cgi Command Injection Remote Code Execution	CVE-2016-8589	Trend Micro Threat Discovery Appliance <= 2.6.1062r1	Apr 2017
log_query_dae.cgi Command Injection Remote Code Execution	CVE-2016-8590	Trend Micro Threat Discovery Appliance <= 2.6.1062r1	Apr 2017
log_query.cgi Command Injection Remote Code Execution	CVE-2016-8591	Trend Micro Threat Discovery Appliance <= 2.6.1062r1	Apr 2017
log_query_system.cgi Command Injection Remote Code Execution	CVE-2016-8592	Trend Micro Threat Discovery Appliance <= 2.6.1062r1	Apr 2017
upload.cgi Remote Code Execution Vulnerability	CVE-2016-8593	Trend Micro Threat Discovery Appliance <= 2.6.1062r1	Apr 2017
Reflected Cross Site Scripting	CVE-2017-5599	eClinicalWorks Patient Portal 7.0 build 13	Jan 2017
SQL Injection	CVE-2017-5598	eClinicalWorks healow@work 8.0 build 8	Jan 2017
SQL Injection	CVE-2017-5570	eClinicalWorks Patient Portal 7.0 build 13	Jan 2017
SQL Injection	CVE-2017-5569	eClinicalWorks Patient Portal 7.0 build 13	Jan 2017
UXSS	CVE-2016-8011	McAfee Endpoint Security 10.2 and SiteAdvisor Enterprise 3.5	Dec 2016
Unauthenticated Remote Code Execution	CVE-2016-9796	Alcatel Lucent Omnivista 8770 2.0, 2.6, 3.0 and 3.1	Dec 2016
Privilege Escalation	CVE-2016-2246	HP ThinPro 4.4, 5.0, 5.1, 5.2, 5.2.1, 6.0, 6.1	Oct 2016
PDF Library Information Disclosure	CVE-2016-3374	Microsoft Windows 8.1, Windows Server 2012, Windows RT 8.1, Windows Server 2012 R2, and Windows 10	Oct 2016
Predictable Session	CVE-2015-3326	Trend Micro SMEX 10 SP2	May 2016
ReDoS	CVE-2015-2526	Microsoft .NET Framework 4.5, 4.5.1, 4.5.2 and 4.6	September 2015
External JAR Injection	CVE-2015-2630	Oracle e-Business Suite 11.5.10.2, 12.0.6, 12.1.3	July 2015
Multiple Vulnerabilities	CVE-2015-2159 / CVE-2015-2160 / CVE-2015-2161 / CVE-2015-2162 / CVE-2015-2163 / CVE-2015-2164 / CVE-2015-2240	FootPrints Service Core 11.0, 11.1, 11.6, 11.5	May 2015
Root shell access - Kiosk Bypass	n/a	HP Thin Pro OS - T6X44017	Apr 2015
Remote Code Execution and multiple vulnerabilities	CVE-2014-5287/5288	Kemp Load Master (load balancer) v.7.1-16	Apr 2015
Multiple vulnerabilities	CVE-2014-0844, CVE-2014-0845 and CVE-2014-0846	IBM Rational Doors Next Generation, Composer and Requirements	Feb 2014
Reflected Cross Site Scripting	CVE-2013-6956	Juniper - Junos Pulse Secure Access Service - SA700, SA2000, SA2500, SA4000, FIPS SA4000, SA4500, FIPS SA4500, SA6000, FIPS SA6000, SA6500, FIPS SA6500, MAG2600, MAG4610, MAG6610, and MAG6611	Apr 2014
Multiple vulnerabilities	CVE-2014-0844, CVE-2014-0845 and CVE-2014-0846	IBM Rational Doors Next Generation, Composer and Requirements	Feb 2014
WAF Bypass	n/a	Barracuda Web Application Firewall	Oct 2013
Multiple Reflected XSS, 2	ESRI - ArcGIS for Server 10.1, 10.2	Sep 2013
Unrestricted File Upload	CVE-2013-5221	ESRI - ArcGIS for Server 10.1, 10.2	Sep 2013
Cross Context Scripting (XCS) - about:history - Remote Code Execution	TBA	Maxthon	Dec 2012
Cross Context Scripting (XCS) - RSS - Remote Code Execution	TBA	Maxthon	Dec 2012
Privileged API Available On i.maxthon.com	TBA	Maxthon	Dec 2012
Cross Context Scripting (XCS) - Bookmark Toolbar and Bookmark Sidebar	TBA	Maxthon	Dec 2012
Incorrect Executable File Handling and Same Origin Policy Implementation	TBA	Maxthon	Dec 2012
Same of Origin Policy Bypass - browser:home	TBA	Avant Browser	Dec 2012
Cross Context Scripting - browser:home - Most Visited And History Tabs	TBA	Avant Browser	Dec 2012
Avant Browser - Stored Cross Site Scripting - Feed Reader (browser://localhost/lst?*)	TBA	Avant Browser	Dec 2012
CSRF	2012-0550	Oracle GlassFish Server	Apr 2012
Multiple Cross Site Scripting	2012-0551	Oracle GlassFish Server	Apr 2012
Use After Free	2011-4152	Opera	Oct 2011
DOM Cross Site Scripting	2011-2133	Adobe RoboHelp 9	Aug 2011
ParanoidFragmentSink allows javascript: URLs in chrome documents	2010-1585	Mozilla Firefox / Thunderbird	Mar 2011
Session Fixation	2010-4437	Oracle WebLogic Server	Mar 2011
Multiple Cross Site Scripting Vulnerabilities	2010-2406	Oracle eBusiness Application	Oct 2010
HTTP Response Splitting	2010-3514	Oracle Sun Java System Web Server	Oct 2010
SOP Bypass	2010-3573	Oracle JRE java.net.URLConnection	Oct 2010
XML Entity and XML Injections	2009-3960	Multiple Adobe Products	Feb 2010
Chrome Privilege Code Execution		Update Scanner	Aug 2009
Chrome Privilege Code Execution		Coolpreviews	Aug 2009
Stored Cross Site Scripting	2008-4725	Opera	Oct 2008
Stored Cross Site Scripting		Google Analytics	Oct 2008
Local File Disclosure	2008-2045	SugarCRM	Apr 2008
Reflected Cross Site Scripting		DotNetNuke	Aug 2006

malerisch.net

Search This Blog

Advisories

Comments

Popular posts from this blog

Pwning a thin client in less than two minutes

Alcatel Lucent Omnivista or: How I learned GIOP and gained Unauthenticated Remote Code Execution (CVE-2016-9796)

Trend Micro Threat Discovery Appliance - Session Generation Authentication Bypass (CVE-2016-8584)