4 matches found
Sophos Web Appliance 4.2.1.3 Remote Command Injection
Critical Start security expert Russell Sanford discovered and reported two critical zero-day vulnerabilities in the Sophos Web Appliance in December of 2016. The vulnerabilities, documented under CVE-2016-9553, allow the remote compromise of the appliance's underlining Linux subsystem. The...
CVE-2016-9553
CVE-2016-9553 — Sophos Web Appliance 4.2.1.3 is vulnerable to two remote command injection flaws in the web admin interface (MgrReport.php) where user-supplied values for unblockip and blockip are passed to shell_exec without proper escaping. An authenticated, remote attacker could exploit these ...
CVE-2016-9553
creationtimestamp| type| source ---|---|--- 2016-12-12 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/41413...
Sophos Web Appliance 4.2.1.3 - block/unblock Remote Command Injection (Metasploit)
Exploit Title: Sophos Web Appliance UnBlock/Block-IP Remote Command Injection Vulnerablity Date: 12/12/2016 Exploit Author: xort @ Critical Start Vendor Homepage: www.sophos.com Software Link: sophos.com/en-us/products/secure-web-gateway.aspx Version: 4.2.1.3 Tested on: 4.2.1.3 CVE : CVE-2016-955...