17 matches found
CVE-2023-1671
A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code...
Sophos Web Appliance UsrBlocked.php command injection
Added: 11/24/2023 CVE: CVE-2023-1671 Background Sophos Web Appliance is a web proxy providing HTTP security. Problem A vulnerability in UsrBlocked.php allows remote attackers to inject arbitrary commands into an HTTP request. Resolution Upgrade to Sophos Web Appliance 4.3.10.4 or higher. Referenc...
Sophos Web Appliance UsrBlocked.php command injection
Added: 11/24/2023 CVE: CVE-2023-1671 Background Sophos Web Appliance is a web proxy providing HTTP security. Problem A vulnerability in UsrBlocked.php allows remote attackers to inject arbitrary commands into an HTTP request. Resolution Upgrade to Sophos Web Appliance 4.3.10.4 or higher. Referenc...
CISA Adds Three Security Flaws with Active Exploitation to KEV Catalog
The U.S. Cybersecurity and Infrastructure Security Agency CISA on Thursday added three security flaws to its Known Exploited Vulnerabilities KEV catalog based on evidence of active exploitation in the wild. The vulnerabilities are as follows - CVE-2023-36584 CVSS score: 5.4 - Microsoft Windows...
Sophos Web Appliance Pre-Authentication Command Injection (CVE-2023-1671)
Binary data sophoswebapplianceCVE-2023-1671.nbin...
Exploit for Command Injection in Sophos Web_Appliance
Сve-2023-1671 How does cve-2023-1671https://vulners.com/c...
Sophos Web Appliance 4.3.10.4 Command Injection
!/bin/bash Exploit Title: Sophos Web Appliance 4.3.10.4 - Pre-auth command injection Exploit Author: Behnam Abasi Vanda Vendor Homepage: https://www.sophos.com Version: Sophos Web Appliance older than version 4.3.10.4 Tested on: Ubuntu CVE : CVE-2023-1671 Shodan Dork: title:"Sophos Web Appliance"...
Exploit for Command Injection in Sophos Web_Appliance
CVE-2023-1671 Vulnerability Scanner !GitHub last commit...
Sophos Web Appliance 4.3.10.4 - Pre-auth command injection
!/bin/bash Exploit Title: Sophos Web Appliance 4.3.10.4 - Pre-auth command injection Exploit Author: Behnam Abasi Vanda Vendor Homepage: https://www.sophos.com Version: Sophos Web Appliance older than version 4.3.10.4 Tested on: Ubuntu CVE : CVE-2023-1671 Shodan Dork: title:"Sophos Web Appliance"...
Sophos Web Appliance 4.3.10.4 - Pre-auth command injection Exploit
!/bin/bash Exploit Title: Sophos Web Appliance 4.3.10.4 - Pre-auth command injection Exploit Author: Behnam Abasi Vanda Vendor Homepage: https://www.sophos.com Version: Sophos Web Appliance older than version 4.3.10.4 Tested on: Ubuntu CVE : CVE-2023-1671 Shodan Dork: title:"Sophos Web Appliance"...
Exploit for Command Injection in Sophos Web_Appliance
Dork fofa title="Sophos Web Appliance" || app="Sophos-W...
CVE-2023-1671
creationtimestamp| type| source ---|---|--- 2023-04-04 14:36:57+00:00| seen| https://t.me/cibsecurity/61374 2023-04-05 15:15:02+00:00| seen| https://t.me/truesecator/4254 2023-04-24 04:35:31+00:00| published-proof-of-concept| https://t.me/CNArsenal/525 2023-04-25 09:47:32+00:00|...
CVE-2023-1671
A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code...
CVE-2023-1671
A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code...
CVE-2023-1671
A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...
CVE-2023-1671
A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code...
CVE-2023-1671
CVE-2023-1671 affects Sophos Web Appliance older than 4.3.10.4, with a pre-auth command-injection in the warn-proceed handler that allows remote code execution. Public analyses and PoCs describe how user-supplied parameters flow to shell commands, enabling arbitrary code execution without authent...