VYPR

Xcs

by WatchGuard

CVEs (3)

  • CVE-2015-5453Jul 8, 2015
    risk 0.08cvss epss 0.57

    Watchguard XCS 9.2 and 10.0 before build 150522 allow remote authenticated users to execute arbitrary commands via shell metacharacters in the id parameter to ADMIN/mailqueue.spl.

  • CVE-2015-5452Jul 8, 2015
    risk 0.03cvss epss 0.03

    SQL injection vulnerability in Watchguard XCS 9.2 and 10.0 before build 150522 allows remote attackers to execute arbitrary SQL commands via the sid cookie, as demonstrated by a request to borderpost/imp/compose.php3.

  • CVE-2011-2165May 23, 2011
    risk 0.03cvss epss 0.05

    The STARTTLS implementation in WatchGuard XCS 9.0 and 9.1 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a…