RSS   Vulnerabilities for 'Cyberoam os'   RSS

2015-09-04
 
CVE-2015-6811

 

 
SQL injection vulnerability in the Sophos Cyberoam CR500iNG-XP firewall appliance with CyberoamOS 10.6.2 MR-1 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter to login.xml.

 
2014-10-07
 
CVE-2014-5503

CWE-89
 

 
SQL injection vulnerability in the Guest Login Portal in the Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote attackers to execute arbitrary SQL commands via the add_guest_user opcode.

 
 
CVE-2014-5502

CWE-78
 

 
The Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote authenticated users to inject arbitrary commands via a (1) checkcert_key, (2) webclient_portal_settings, (3) sslvpn_liveuser_delete, or (4) ccc_flush_sql_file opcode.

 
 
CVE-2014-5501

CWE-119
 

 
Stack-based buffer overflow in the diagnose service in the Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote attackers to execute arbitrary code via a crafted webpage or file.

 

 >>> Vendor: Cyberoam 3 Products
Cyberoam central console
Cyberoam os
Cr500ing-xp


Copyright 2019, cxsecurity.com

 

Back to Top