Web Appliance Firmware
by Sophos
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-4983 | 0.10 | — | 0.90 | Sep 10, 2013 | The get_referers function in /opt/ws/bin/sblistpack in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to end-user/index.php. | |||
| CVE-2013-2641 | 0.09 | — | 0.71 | Mar 18, 2014 | Directory traversal vulnerability in patience.cgi in Sophos Web Appliance before 3.7.8.2 allows remote attackers to read arbitrary files via the id parameter. | |||
| CVE-2014-2850 | 0.08 | — | 0.58 | Apr 11, 2014 | The network interface configuration page (netinterface) in Sophos Web Appliance before 3.8.2 allows remote administrators to execute arbitrary commands via shell metacharacters in the address parameter. | |||
| CVE-2014-2849 | 0.08 | — | 0.61 | Apr 11, 2014 | The Change Password dialog box (change_password) in Sophos Web Appliance before 3.8.2 allows remote authenticated users to change the admin user password via a crafted request. | |||
| CVE-2013-2642 | 0.04 | — | 0.07 | Mar 18, 2014 | Sophos Web Appliance before 3.7.8.2 allows (1) remote attackers to execute arbitrary commands via shell metacharacters in the client-ip parameter to the Block page, when using the user_workstation variable in a customized template, and remote authenticated users to execute… | |||
| CVE-2013-2643 | 0.03 | — | 0.05 | Mar 18, 2014 | Multiple cross-site scripting (XSS) vulnerabilities in Sophos Web Appliance before 3.7.8.2 allow remote attackers to inject arbitrary web script or HTML via the (1) xss parameter in an allow action to rss.php, (2) msg parameter to end-user/errdoc.php, (3) h parameter to… |
- CVE-2013-4983Sep 10, 2013risk 0.10cvss —epss 0.90
The get_referers function in /opt/ws/bin/sblistpack in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to end-user/index.php.
- CVE-2013-2641Mar 18, 2014risk 0.09cvss —epss 0.71
Directory traversal vulnerability in patience.cgi in Sophos Web Appliance before 3.7.8.2 allows remote attackers to read arbitrary files via the id parameter.
- CVE-2014-2850Apr 11, 2014risk 0.08cvss —epss 0.58
The network interface configuration page (netinterface) in Sophos Web Appliance before 3.8.2 allows remote administrators to execute arbitrary commands via shell metacharacters in the address parameter.
- CVE-2014-2849Apr 11, 2014risk 0.08cvss —epss 0.61
The Change Password dialog box (change_password) in Sophos Web Appliance before 3.8.2 allows remote authenticated users to change the admin user password via a crafted request.
- CVE-2013-2642Mar 18, 2014risk 0.04cvss —epss 0.07
Sophos Web Appliance before 3.7.8.2 allows (1) remote attackers to execute arbitrary commands via shell metacharacters in the client-ip parameter to the Block page, when using the user_workstation variable in a customized template, and remote authenticated users to execute…
- CVE-2013-2643Mar 18, 2014risk 0.03cvss —epss 0.05
Multiple cross-site scripting (XSS) vulnerabilities in Sophos Web Appliance before 3.7.8.2 allow remote attackers to inject arbitrary web script or HTML via the (1) xss parameter in an allow action to rss.php, (2) msg parameter to end-user/errdoc.php, (3) h parameter to…