VYPR

Appliance

by Tenable

CVEs (6)

  • CVE-2017-8051CriApr 21, 2017
    risk 0.68cvss 9.8epss 0.16

    Tenable Appliance 3.5 - 4.4.0, and possibly prior versions, contains a flaw in the simpleupload.py script in the Web UI. Through the manipulation of the tns_appliance_session_user parameter, a remote attacker can inject arbitrary commands.

  • CVE-2017-8050HigApr 21, 2017
    risk 0.49cvss 7.5epss 0.01

    Tenable Appliance 4.4.0, and possibly prior, contains a flaw in the Web UI that allows for the unauthorized manipulation of the admin password.

  • CVE-2017-6543HigMar 8, 2017
    risk 0.48cvss 7.3epss 0.01

    Tenable Nessus before 6.10.2 (as used alone or in Tenable Appliance before 4.5.0) was found to contain a flaw that allowed a remote, authenticated attacker to upload a crafted file that could be written to anywhere on the system. This could be used to subsequently gain elevated…

  • CVE-2018-1142MedMar 28, 2018
    risk 0.35cvss 5.4epss 0.01

    Tenable Appliance versions 4.6.1 and earlier have been found to contain a single XSS vulnerability. Utilizing a specially crafted request, an authenticated attacker could potentially execute arbitrary JavaScript code by manipulating certain URL parameters related to offline…

  • CVE-2023-26788Apr 10, 2023
    risk 0.00cvss epss 0.00

    Veritas Appliance v4.1.0.1 is affected by Host Header Injection attacks. HTTP host header can be manipulated and cause the application to behave in unexpected ways. Any changes made to the header would just cause the request to be sent to a completely different Domain/IP address.

  • CVE-2012-0263Dec 31, 2013
    risk 0.00cvss epss 0.02

    monitor/index.php in op5 Monitor and op5 Appliance before 5.5.1 allows remote authenticated users to obtain sensitive information such as database and user credentials via error messages that are triggered by (1) a malformed hoststatustypes parameter to status/service/all or (2)…

VYPR — Vulnerability Intelligence