Sophos Cyberoam UTM CR25iNG 10.6.3 MR-5 Insecure Direct Object Reference Vulnerability

Exploit for jsp platform in category web applications Exploit Title: Sophos Cyberoam UTM - Privilege Escalation Date: 31/08/2016 Exploit Author: Chintan Gurjar Frogy Vendor Homepage: http://www.sophos.com/ Software Link: https://www.cyberoam.com/downloads/datasheet/CR25iNG.html Version: Cyberoam...

Sophos Cyberoam UTM CR25iNG 10.6.3 MR-5 Insecure Direct Object Reference

Exploit Title: Sophos Cyberoam UTM - Privilege Escalation Date: 31/08/2016 Exploit Author: Chintan Gurjar Frogy Vendor Homepage: http://www.sophos.com/ Software Link: https://www.cyberoam.com/downloads/datasheet/CR25iNG.html Version: Cyberoam CR25iNG - 10.6.3 MR-5 CVE : CVE-2016-7786 Category :...

Sophos Cyberoam UTM CR25iNG - 10.6.3 MR-5 - Direct Object Reference

Exploit Title: Sophos Cyberoam UTM - Privilege Escalation Date: 31/08/2016 Exploit Author: Chintan Gurjar Frogy Vendor Homepage: http://www.sophos.com/ Software Link: https://www.cyberoam.com/downloads/datasheet/CR25iNG.html Version: Cyberoam CR25iNG - 10.6.3 MR-5 CVE : CVE-2016-7786 Category :...

CVE-2016-7786

Sophos Cyberoam UTM CR25iNG 10.6.3 MR-5 allows remote authenticated users to bypass intended access restrictions via direct object reference, as demonstrated by a request for Licenseinformation.jsp. This is fixed in 10.6.5...

CVE-2016-7786

CVE-2016-7786 affects Sophos Cyberoam UTM CR25iNG 10.6.3 MR-5. The vulnerability is an Insecure Direct Object Reference in Licenseinformation.jsp that allows remote authenticated users to bypass access controls. The issue stems from insufficient input handling in the Access Restriction component,...