5 matches found
Sophos Web Appliance 4.2.1.3 Remote Command Injection
Critical Start security expert Russell Sanford discovered and reported two critical zero-day vulnerabilities in the Sophos Web Appliance in December of 2016. The vulnerabilities, documented under CVE-2016-9553, allow the remote compromise of the appliance's underlining Linux subsystem. The...
Command injection
The Sophos Web Appliance version 4.2.1.3 is vulnerable to two Remote Command Injection vulnerabilities affecting its web administrative interface. These vulnerabilities occur in the MgrReport.php /controllers/MgrReport.php component responsible for blocking and unblocking IP addresses from...
CVE-2016-9553
The Sophos Web Appliance version 4.2.1.3 is vulnerable to two Remote Command Injection vulnerabilities affecting its web administrative interface. These vulnerabilities occur in the MgrReport.php /controllers/MgrReport.php component responsible for blocking and unblocking IP addresses from...
CVE-2016-9553
CVE-2016-9553 — Sophos Web Appliance 4.2.1.3 is vulnerable to two remote command injection flaws in the web admin interface (MgrReport.php) where user-supplied values for unblockip and blockip are passed to shell_exec without proper escaping. An authenticated, remote attacker could exploit these ...
CVE-2016-9553
The Sophos Web Appliance version 4.2.1.3 is vulnerable to two Remote Command Injection vulnerabilities affecting its web administrative interface. These vulnerabilities occur in the MgrReport.php /controllers/MgrReport.php component responsible for blocking and unblocking IP addresses from...