RSS   Podatności dla 'Web appliance firmware'   RSS

2014-04-11
 
CVE-2014-2850

CWE-78
 

 
The network interface configuration page (netinterface) in Sophos Web Appliance before 3.8.2 allows remote administrators to execute arbitrary commands via shell metacharacters in the address parameter.

 
 
CVE-2014-2849

CWE-264
 

 
The Change Password dialog box (change_password) in Sophos Web Appliance before 3.8.2 allows remote authenticated users to change the admin user password via a crafted request.

 
2014-03-18
 
CVE-2013-2643

CWE-79
 

 
Multiple cross-site scripting (XSS) vulnerabilities in Sophos Web Appliance before 3.7.8.2 allow remote attackers to inject arbitrary web script or HTML via the (1) xss parameter in an allow action to rss.php, (2) msg parameter to end-user/errdoc.php, (3) h parameter to end-user/ftp_redirect.php, or (4) threat parameter to the Blocked component.

 
 
CVE-2013-2642

CWE-78
 

 
Sophos Web Appliance before 3.7.8.2 allows (1) remote attackers to execute arbitrary commands via shell metacharacters in the client-ip parameter to the Block page, when using the user_workstation variable in a customized template, and remote authenticated users to execute arbitrary commands via shell metacharacters in the (2) url parameter to the Diagnostic Tools functionality or (3) entries parameter to the Local Site List functionality.

 
 
CVE-2013-2641

CWE-22
 

 
Directory traversal vulnerability in patience.cgi in Sophos Web Appliance before 3.7.8.2 allows remote attackers to read arbitrary files via the id parameter.

 

 >>> Vendor: Sophos 53 Produkty
Small business suite
Sophos anti-virus
Sophos puremessage anti-virus
Sophos small business suite
Sophos mailmonitor
Sophos mailmonitor for notes domino
Anti-virus
Endpoint security
Scanning engine
Es1000
Es4000
Anti-virus7.6.3
Puremessage for microsoft exchange
Endpoint protection
Unified threat management software
Unified threat management
Disk encryption
Safeguard easy device encryption client
Safeguard enterprise device encryption
Sophos endpoint security and control
Safeguard enterprise
Free encryption
Safeguard privatecrypto
Web appliance
Web appliance firmware
Enterprise console
Cyberoam cr100ing utm firmware
Cyberoam cr35ing utm firmware
Unified threat management up2date
Mobile control eas proxy
Cyberoam cr25ing utm firmware
Cyberoam firmware
Threat detection engine
Hitmanpro
Astaro security gateway firmware
SFOS
Sophos tester
Invincea-x
Invincea dell protected workspace
Safeguard enterprise client
Safeguard lan crypt client
Hitmanpro.alert
Ssl vpn client
Ipsec client
Cyberoamos
HOME
Sophos secure email
Xg firewall firmware
Intercept x
Sophos secure workspace
Exploit prevention
Intercept x endpoint
Intercept x for server


Copyright 2024, cxsecurity.com

 

Back to Top