Tripwire : Security Vulnerabilities, CVEs,
The RPC service in Tripwire (formerly nCircle) IP360 VnE Manager 7.2.2 before 7.2.6 allows remote attackers to bypass authentication and (1) enumerate users, (2) reset passwords, or (3) manipulate IP filter restrictions via crafted "privileged commands."
Max CVSS
9.8
EPSS Score
0.75%
Published
2017-12-27
Updated
2018-10-09
Multiple cross-site scripting (XSS) vulnerabilities in ajaxRequest/methodCall.do in Tripwire Enterprise 8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) m_target_class_name, (2) m_target_method_name, or (3) m_request_context_params parameters.
Max CVSS
4.3
EPSS Score
0.16%
Published
2014-01-29
Updated
2016-12-31
Cross-site scripting (XSS) vulnerability in the web management login page in Tripwire Enterprise 7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.28%
Published
2008-02-05
Updated
2018-10-15
Format string vulnerability in Tripwire commercial 4.0.1 and earlier, including 2.4, and open source 2.3.1 and earlier, allows local users to gain privileges via format string specifiers in a file name, which is used in the generation of an email report.
Max CVSS
7.2
EPSS Score
59.32%
Published
2004-08-06
Updated
2017-07-11
Tripwire 1.3.1, 2.2.1 and 2.3.0 allows local users to overwrite arbitrary files and possible gain privileges via a symbolic link attack on temporary files.
Max CVSS
4.6
EPSS Score
0.04%
Published
2001-10-18
Updated
2017-10-10
Local users can perform a denial of service in Tripwire 1.2 and earlier using long filenames.
Max CVSS
2.1
EPSS Score
0.04%
Published
1999-01-04
Updated
2016-10-18
6 vulnerabilities found