PT-2020-17197 · Cyberoam · Cyberoamos

Name of the Vulnerable Software and Affected Versions: Cyberoam OS versions prior to 2020-12-04 Description: An SQL injection vulnerability in the WebAdmin of Cyberoam OS allows unauthenticated attackers to execute arbitrary SQL statements remotely. Recommendations: For versions prior to...

CVE-2020-25223

A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11...

CVE-2020-25223

A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11...

Remote code execution

A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11...

CVE-2020-25223

A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11 Recent assessments: wvu-r7 at November 02, 2021 7:12pm UTC reported: See the other topic. Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

CVE-2020-25223

A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11 Recent assessments: wvu-r7 at August 26, 2021 2:01am UTC reported: Please see theAtredis writeup for root cause analysis. CVE-2020-25223 has high attacker value and...

CVE-2020-25223

A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11...

CVE-2020-25223

A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11...

CodeMeter < 7.10 Information Exfiltration Vulnerability

According to its self-reported version, the CodeMeter WebAdmin server installed on the remote host is prior to 7.10. It is affected by a vulnerability where attacker could send a specially crafted packet that could have the server send back packets containing data from the heap. C Tenable Network...

CodeMeter < 7.10a Multiple Vulnerabilities

According to its self-reported version, the CodeMeter WebAdmin server installed on the remote host is prior to 7.10a. It is, therefore, affected by multiple vulnerabilities : - Multiple memory corruption vulnerabilities exist where the packet parser mechanism does not verify length fields. An...

CodeMeter < 6.90 License forging Vulnerability

According to its self-reported version, the CodeMeter WebAdmin server installed on the remote host is prior to 6.90. It is affected by an issue in the license-file signature checking mechanism, which allows attackers to build arbitrary license files, including forging a valid license file as if i...

Netsweeper Injection Vulnerability

Netsweeper is a Web content filtering solution from Netsweeper Canada. A security vulnerability exists in the /webadmin/tools/unixlogin.php script in Netsweeper versions 6.4.3 and earlier. An attacker could exploit the vulnerability to execute code...

Design/Logic Flaw

Netsweeper through 6.4.3 allows unauthenticated remote code execution because webadmin/tools/unixlogin.php with certain Referer headers launches a command line with client-supplied parameters, and allows injection of shell metacharacters...

CVE-2020-13167

Netsweeper through 6.4.3 allows unauthenticated remote code execution because webadmin/tools/unixlogin.php with certain Referer headers launches a command line with client-supplied parameters, and allows injection of shell metacharacters...

CVE-2020-13167

Affected software: Netsweeper WebAdmin (Web content filtering) up to version 6.4.3. Vulnerability type & root cause: unauthenticated remote code execution via webadmin/tools/unixlogin.php where, with certain Referer headers, the command line is invoked with client-supplied parameters allowing she...

CVE-2020-13167

Netsweeper through 6.4.3 allows unauthenticated remote code execution because webadmin/tools/unixlogin.php with certain Referer headers launches a command line with client-supplied parameters, and allows injection of shell metacharacters. Recent assessments: wvu-r7 at May 21, 2020 5:51am UTC...

Netsweeper WebAdmin unixlogin.php Python Code Injection

This module exploits a Python code injection in the Netsweeper WebAdmin component's unixlogin.php script, for versions 6.4.4 and prior, to execute code as the root user. Authentication is bypassed by sending a random whitelisted Referer header in each request. Tested on the CentOS Linux-based...

Netsweeper WebAdmin unixlogin.php Python Code Injection Exploit

This Metasploit module exploits a Python code injection in the Netsweeper WebAdmin component's unixlogin.php script, for versions 6.4.4 and prior, to execute code as the root user. Authentication is bypassed by sending a random whitelisted Referer header in each request. Tested on the CentOS...

Netsweeper WebAdmin unixlogin.php Python Code Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Netsweeper WebAdmin unixlogin.php Python Code Injection', 'Description' = %q This module exploits a Python code injection in the Netsweeper...

Security Bulletin: IBM Integration Bus is affected by WebAdmin Session Timeout vulnerability (CVE-2017-1693)

Summary IBM Integration Bus has addressed the following vulnerability Vulnerability Details CVEID: CVE-2017-1693 DESCRIPTION: IBM Integration Bus could allow an attacker that has captured a valid session id to highjack another users session during a small timeframe before the session times out...