Sophos Web Appliance 4.2.1.3 Remote Command Execution Exploit

Exploit for linux platform in category remote exploits Exploit Title: Sophos Web Appliance diagnostictools wget Remote Command Injection Vulnerablity Date: 12/12/2016 Exploit Author: xort @ Critical Start Vendor Homepage: www.sophos.com Software Link:...

Sophos Web Appliance 4.2.1.3 Remote Command Execution

Exploit Title: Sophos Web Appliance diagnostictools wget Remote Command Injection Vulnerablity Date: 12/12/2016 Exploit Author: xort @ Critical Start Vendor Homepage: www.sophos.com Software Link: sophos.com/en-us/products/secure-web-gateway.aspx Version: 4.2.1.3 Tested on: 4.2.1.3 CVE :...

CVE-2016-9554

The Sophos Web Appliance Remote / Secure Web Gateway server version 4.2.1.3 is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. These vulnerabilities occur in MgrDiagnosticTools.php /controllers/MgrDiagnosticTools.php, in the component responsible for...

CVE-2016-9554

CVE-2016-9554 affects Sophos Web Appliance (Secure Web Gateway) before version 4.3.1. The vulnerability exists in the web admin interface via MgrDiagnosticTools.php, where diagnostic tests invoke wget and pass user-controlled input in the url parameter to executeCommand, which calls exec() withou...

CVE-2016-9554

creationtimestamp| type| source ---|---|--- 2016-12-12 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/41414...