RSS   Vulnerabilities for 'XCS'   RSS

2015-07-08
 
CVE-2015-5453

 

 
Watchguard XCS 9.2 and 10.0 before build 150522 allow remote authenticated users to execute arbitrary commands via shell metacharacters in the id parameter to ADMIN/mailqueue.spl.

 
 
CVE-2015-5452

 

 
SQL injection vulnerability in Watchguard XCS 9.2 and 10.0 before build 150522 allows remote attackers to execute arbitrary SQL commands via the sid cookie, as demonstrated by a request to borderpost/imp/compose.php3.

 
2011-05-23
 
CVE-2011-2165

 

 
The STARTTLS implementation in WatchGuard XCS 9.0 and 9.1 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.

 

 >>> Vendor: Watchguard 15 Products
Firebox
Soho firewall
Firebox ii
Firebox 2500
Firebox 4500
Legacy rssa
SOHO
Vclass
Serverlock
Firebox pptp vpn
XCS
Watchguard system manager
Fireware
Rapidstream
Hawkeye g


Copyright 2019, cxsecurity.com

 

Back to Top