Show filters
43 Total Results
Displaying 31-40 of 43
Sort by:
Attacker Value
Unknown

CVE-2016-9314

Disclosure Date: February 21, 2017 (last updated November 26, 2024)
Sensitive Information Disclosure in com.trend.iwss.gui.servlet.ConfigBackup in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to backup the system configuration and download it onto their local machine. This backup file contains sensitive information like passwd/shadow files, RSA certificates, Private Keys and Default Passphrase, etc. This was resolved in Version 6.5 CP 1737.
0
0
Attacker Value
Unknown

CVE-2016-9269

Disclosure Date: February 21, 2017 (last updated November 26, 2024)
Remote Command Execution in com.trend.iwss.gui.servlet.ManagePatches in Trend Micro Interscan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to run arbitrary commands on the system as root via Patch Update functionality. This was resolved in Version 6.5 CP 1737.
0
0
Attacker Value
Unknown

CVE-2016-9316

Disclosure Date: February 21, 2017 (last updated November 26, 2024)
Multiple stored Cross-Site-Scripting (XSS) vulnerabilities in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allow authenticated, remote users with least privileges to inject arbitrary HTML/JavaScript code into web pages. This was resolved in Version 6.5 CP 1737.
0
0
Attacker Value
Unknown

CVE-2016-9315

Disclosure Date: February 21, 2017 (last updated November 26, 2024)
Privilege Escalation Vulnerability in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to change Master Admin's password and/or add new admin accounts. This was resolved in Version 6.5 CP 1737.
0
0
Attacker Value
Unknown

CVE-2015-6287

Disclosure Date: September 14, 2015 (last updated October 05, 2023)
Cisco Web Security Appliance (WSA) 8.0.6-078 and 8.0.6-115 allows remote attackers to cause a denial of service (service outage) via a flood of TCP traffic that leads to DNS resolution delays, aka Bug IDs CSCur32005 and CSCur07907.
0
0
Attacker Value
Unknown

CVE-2015-6290

Disclosure Date: September 14, 2015 (last updated October 05, 2023)
Cisco Web Security Appliance (WSA) 8.0.7 allows remote HTTP servers to cause a denial of service (memory consumption from stale TCP connections) via crafted responses, aka Bug ID CSCuw10426.
0
0
Attacker Value
Unknown

CVE-2015-0732

Disclosure Date: July 29, 2015 (last updated October 05, 2023)
Cross-site scripting (XSS) vulnerability in Cisco AsyncOS on the Web Security Appliance (WSA) 9.0.0-193; Email Security Appliance (ESA) 8.5.6-113, 9.1.0-032, 9.1.1-000, and 9.6.0-000; and Content Security Management Appliance (SMA) 9.1.0-033 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug IDs CSCuu37430, CSCuu37420, CSCut71981, and CSCuv50167.
0
0
Attacker Value
Unknown

CVE-2015-4217

Disclosure Date: June 26, 2015 (last updated October 05, 2023)
The remote-support feature on Cisco Web Security Virtual Appliance (WSAv), Email Security Virtual Appliance (ESAv), and Security Management Virtual Appliance (SMAv) devices before 2015-06-25 uses the same default SSH host keys across different customers' installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of a private key from another installation, aka Bug IDs CSCus29681, CSCuu95676, and CSCuu96601.
0
0
Attacker Value
Unknown

CVE-2015-4216

Disclosure Date: June 26, 2015 (last updated October 05, 2023)
The remote-support feature on Cisco Web Security Virtual Appliance (WSAv), Email Security Virtual Appliance (ESAv), and Security Management Virtual Appliance (SMAv) devices before 2015-06-25 uses the same default SSH root authorized key across different customers' installations, which makes it easier for remote attackers to bypass authentication by leveraging knowledge of a private key from another installation, aka Bug IDs CSCuu95988, CSCuu95994, and CSCuu96630.
0
0
Attacker Value
Unknown

CVE-2014-8510

Disclosure Date: November 07, 2014 (last updated October 05, 2023)
The AdminUI in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) before 6.0 HF build 1244 allows remote authenticated users to read arbitrary files via vectors related to configuration input when saving filters.
0
0
View More Topics  < Previous  Next >