Home
Bugtraq
Full List
Only Bugs
Only Tricks
Only Exploits
Only Dorks
Only CVE
Only CWE
Fake Notes
Ranking
CVEMAP
Full List
Show Vendors
Show Products
CWE Dictionary
Check CVE Id
Check CWE Id
Search
Bugtraq
CVEMAP
By author
CVE Id
CWE Id
By vendors
By products
RSS
Bugtraq
CVEMAP
CVE Products
Bugs
Exploits
Dorks
More
cIFrex
Facebook
Twitter
Donate
About
Submit
Vulnerabilities for
'SFOS'
2022-03-29
CVE-2022-0331
CWE-200
An information disclosure vulnerability in Webadmin allows an unauthenticated remote attacker to read the device serial number in Sophos Firewall version v18.5 MR2 and older.
2022-03-25
CVE-2022-1040
CWE-287
An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5 MR3 and older.
2019-06-20
CVE-2018-16118
CWE-78
A shell escape vulnerability in /webconsole/APIController in the API Configuration component of Sophos XG firewall 17.0.8 MR-8 allows remote attackers to execute arbitrary OS commands via shell metachracters in the "X-Forwarded-for" HTTP header.
CVE-2018-16117
CWE-78
A shell escape vulnerability in /webconsole/Controller in Admin Portal of Sophos XG firewall 17.0.8 MR-8 allow remote authenticated attackers to execute arbitrary OS commands via shell metacharacters in the "dbName" POST parameter.
CVE-2018-16116
CWE-89
SQL injection vulnerability in AccountStatus.jsp in Admin Portal of Sophos XG firewall 17.0.8 MR-8 allow remote authenticated attackers to execute arbitrary SQL commands via the "username" GET parameter.
2018-01-12
CVE-2017-18014
CWE-79
An NC-25986 issue was discovered in the Logging subsystem of Sophos XG Firewall with SFOS before 17.0.3 MR3. An unauthenticated user can trigger a persistent XSS vulnerability found in the WAF log page (Control Center -> Log Viewer -> in the filter option "Web Server Protection") in the webadmin interface, and execute any action available to the webadmin of the firewall (e.g., creating a new user, enabling SSH, or adding an SSH authorized key). The WAF log page will execute the "User-Agent" parameter in the HTTP POST request.
>>>
Vendor:
Sophos
53
Products
Small business suite
Sophos anti-virus
Sophos puremessage anti-virus
Sophos small business suite
Sophos mailmonitor
Sophos mailmonitor for notes domino
Anti-virus
Endpoint security
Scanning engine
Es1000
Es4000
Anti-virus7.6.3
Puremessage for microsoft exchange
Endpoint protection
Unified threat management software
Unified threat management
Disk encryption
Safeguard easy device encryption client
Safeguard enterprise device encryption
Sophos endpoint security and control
Safeguard enterprise
Free encryption
Safeguard privatecrypto
Web appliance
Web appliance firmware
Enterprise console
Cyberoam cr100ing utm firmware
Cyberoam cr35ing utm firmware
Unified threat management up2date
Mobile control eas proxy
Cyberoam cr25ing utm firmware
Cyberoam firmware
Threat detection engine
Hitmanpro
Astaro security gateway firmware
SFOS
Sophos tester
Invincea-x
Invincea dell protected workspace
Safeguard enterprise client
Safeguard lan crypt client
Hitmanpro.alert
Ssl vpn client
Ipsec client
Cyberoamos
HOME
Sophos secure email
Xg firewall firmware
Intercept x
Sophos secure workspace
Exploit prevention
Intercept x endpoint
Intercept x for server
Copyright
2024
, cxsecurity.com
Back to Top
Vulnerabilities for 'SFOS' 