4 matches found
Sophos Web Appliance change_password Admin Password Privilege Escalation (CVE-2014-2849)
A privilege escalation vulnerability has been reported in Sophos Web Appliance. The vulnerability is due to errors in a changepassword request when handling user input. A remote authenticated attacker could exploit this vulnerability by placing specially crafted data in a changepassword request...
CVE-2014-2849
The CVE-2014-2849 issue affects Sophos Web Appliance (versions up to 3.8.1.x). A flaw in the Change Password dialog (change_password) allows remote authenticated users to change the admin password, potentially enabling privilege escalation. Red Hat confirms the vulnerability; ZDI and other adviso...
KLA10336 Multiple vulnerabilities in Sophos Web Appliance
Multiple critical vulnerabilities have been found in Sophos Web Appliance. Malicious users can exploit these vulnerabilities to execute arbitrary commands or change admin password. Below is a complete list of vulnerabilities 1. Vectors related to the netinterface configuration page can be exploit...
CVE-2014-2849
creationtimestamp| type| source ---|---|--- 2014-04-10 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/32789 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/sophoswpaifaceexec.rb 2025-02-06 03:13:41+00:00| seen...