Lucene search
K

4 matches found

Packet Storm
Packet Storm
added 2017/01/31 12:0 a.m.112 views

Sophos Web Appliance 4.2.1.3 Remote Command Injection

Critical Start security expert Russell Sanford discovered and reported two critical zero-day vulnerabilities in the Sophos Web Appliance in December of 2016. The vulnerabilities, documented under CVE-2016-9553, allow the remote compromise of the appliance's underlining Linux subsystem. The...

0.5AI score0.19312EPSS
Exploits6
CVE
CVE
added 2017/01/28 12:38 p.m.60 views

CVE-2016-9553

CVE-2016-9553 — Sophos Web Appliance 4.2.1.3 is vulnerable to two remote command injection flaws in the web admin interface (MgrReport.php) where user-supplied values for unblockip and blockip are passed to shell_exec without proper escaping. An authenticated, remote attacker could exploit these ...

9CVSS7.3AI score0.19312EPSS
Exploits6References4Affected Software1
Circl
Circl
added 2016/12/12 12:0 a.m.34 views

CVE-2016-9553

creationtimestamp| type| source ---|---|--- 2016-12-12 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/41413...

9CVSS6.8AI score0.19312EPSS
Exploits6References1
Exploit DB
Exploit DB
added 2016/12/12 12:0 a.m.35 views

Sophos Web Appliance 4.2.1.3 - block/unblock Remote Command Injection (Metasploit)

Exploit Title: Sophos Web Appliance UnBlock/Block-IP Remote Command Injection Vulnerablity Date: 12/12/2016 Exploit Author: xort @ Critical Start Vendor Homepage: www.sophos.com Software Link: sophos.com/en-us/products/secure-web-gateway.aspx Version: 4.2.1.3 Tested on: 4.2.1.3 CVE : CVE-2016-955...

9CVSS7AI score0.19312EPSS
Exploits6
Rows per page
Query Builder