Vulnerabilities > Tripwire

DATE CVE VULNERABILITY TITLE RISK
2017-12-27 CVE-2015-6237 Improper Authentication vulnerability in Tripwire Ip360 7.2.2/7.2.4/7.2.5
The RPC service in Tripwire (formerly nCircle) IP360 VnE Manager 7.2.2 before 7.2.6 allows remote attackers to bypass authentication and (1) enumerate users, (2) reset passwords, or (3) manipulate IP filter restrictions via crafted "privileged commands."
network
low complexity
tripwire CWE-287
7.5
2014-01-29 CVE-2013-5005 Cross-Site Scripting vulnerability in Tripwire Enterprise 7.0
Multiple cross-site scripting (XSS) vulnerabilities in ajaxRequest/methodCall.do in Tripwire Enterprise 8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) m_target_class_name, (2) m_target_method_name, or (3) m_request_context_params parameters.
network
tripwire CWE-79
4.3
2008-02-05 CVE-2008-0578 Cross-Site Scripting vulnerability in Tripwire Enterprise 7.0
Cross-site scripting (XSS) vulnerability in the web management login page in Tripwire Enterprise 7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
tripwire CWE-79
4.3
2004-08-06 CVE-2004-0536 Unspecified vulnerability in Tripwire
Format string vulnerability in Tripwire commercial 4.0.1 and earlier, including 2.4, and open source 2.3.1 and earlier, allows local users to gain privileges via format string specifiers in a file name, which is used in the generation of an email report.
local
low complexity
tripwire
7.2
2001-10-18 CVE-2001-0774 Symbolic Link vulnerability in Tripwire 1.3.1/2.2.1/2.3.0
Tripwire 1.3.1, 2.2.1 and 2.3.0 allows local users to overwrite arbitrary files and possible gain privileges via a symbolic link attack on temporary files.
local
low complexity
tripwire
4.6
1999-01-04 CVE-1999-0464 Unspecified vulnerability in Tripwire
Local users can perform a denial of service in Tripwire 1.2 and earlier using long filenames.
local
low complexity
tripwire
2.1