5 matches found
CVE-2013-3385
The management GUI in the web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-602; Email Security Appliance devices before 7.1.5-106 and 7.3, 7.5, and 7.6 before 7.6.3-019; and Content Security Management Appliance...
Cross-site scripting vulnerability
A cross-site scripting vulnerability exists in the web-based device management interface whereby data provided by the user is echoed back to the user without sanitization. Ref 64563. This vulnerability has been assigned CVE-2014-3764. This issue affects the management interface of the device, whe...
CVE-2012-4597
Cross-site scripting XSS vulnerability in McAfee Email and Web Security EWS 5.5 through Patch 6 and 5.6 through Patch 3, and McAfee Email Gateway MEG 7.0.0 and 7.0.1, allows remote attackers to inject arbitrary web script or HTML via vectors related to the McAfee Security Appliance Management...
CVE-2012-4580
Cross-site scripting XSS vulnerability in McAfee Email and Web Security EWS 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway MEG 7.0 before Patch 1, allows remote attackers to inject arbitrary web script or HTML via vectors related to the McAfee Security Appliance Managemen...
Command Injection Vulnerability
A vulnerability exists whereby an unauthenticated user can inject commands as root on the device. Ref 31091 This vulnerability can result in arbitrary command execution, and can result in total compromise of the device. This issue affects PAN-OS 4.0.4 and earlier; PAN-OS 3.1.9 and earlier. Work...