CVE-2009-10005 ContentKeeper Web Appliance < 125.10 Arbitrary File Access via mimencode

ContentKeeper Web Appliance now maintained by Impero Software versions prior to 125.10 expose the mimencode binary via a CGI endpoint, allowing unauthenticated attackers to retrieve arbitrary files from the filesystem. By crafting a POST request to /cgi-bin/ck/mimencode with traversal and output...

CVE-2009-10005

ContentKeeper Web Appliance now maintained by Impero Software versions prior to 125.10 expose the mimencode binary via a CGI endpoint, allowing unauthenticated attackers to retrieve arbitrary files from the filesystem. By crafting a POST request to /cgi-bin/ck/mimencode with traversal and output...

Sophos Web Appliance Command Injection Vulnerability

Sophos Web Appliance contains a command injection vulnerability in the warn-proceed handler that allows for remote code execution...

CVE-2023-33336

Reflected cross site scripting XSS vulnerability was discovered in Sophos Web Appliance v4.3.9.1 that allows for arbitrary code to be inputted via the double quotes...

CVE-2023-33336

CVE-2023-33336 affects Sophos Web Appliance v4.3.9.1. The vulnerability is a reflected cross-site scripting (XSS) flaw that allows input of arbitrary code via the double quote character. The NVD data lists a CVSSv3.1 base score of 4.8 (Medium) with Network attack vector, high privileges required,...

CVE-2023-20028

Multiple vulnerabilities in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager; Cisco Secure Email Gateway, formerly Cisco Email Security Appliance ESA; and Cisco Secure Web Appliance, formerly Cisco Web Security Appliance WSA, could allow a remote...

Sophos Web Appliance 4.3.10.4 Command Injection

!/bin/bash Exploit Title: Sophos Web Appliance 4.3.10.4 - Pre-auth command injection Exploit Author: Behnam Abasi Vanda Vendor Homepage: https://www.sophos.com Version: Sophos Web Appliance older than version 4.3.10.4 Tested on: Ubuntu CVE : CVE-2023-1671 Shodan Dork: title:"Sophos Web Appliance"...

CVE-2023-1671

CVE-2023-1671 affects Sophos Web Appliance older than 4.3.10.4, with a pre-auth command-injection in the warn-proceed handler that allows remote code execution. Public analyses and PoCs describe how user-supplied parameters flow to shell commands, enabling arbitrary code execution without authent...

Design/Logic Flaw

A vulnerability in the scanning engines of Cisco AsyncOS Software for Cisco Secure Web Appliance, formerly known as Cisco Web Security Appliance WSA, could allow an unauthenticated, remote attacker to bypass a configured rule, thereby allowing traffic onto a network that should have been blocked...

CVE-2022-20952

A vulnerability in the scanning engines of Cisco AsyncOS Software for Cisco Secure Web Appliance, formerly known as Cisco Web Security Appliance WSA, could allow an unauthenticated, remote attacker to bypass a configured rule, thereby allowing traffic onto a network that should have been blocked...

Cisco Secure Web Appliance Content Encoding Filter Bypass (cisco-sa-wsa-bypass-bwBfugek)

According to its self-reported version, Cisco Secure Web Appliance Content Encoding Filter Bypass is affected by a filter bypass vulnerability. An unauthenticated, remote attacker can exploit this, by sending malformed encoded traffic, to bypass an explicit block rule and receive traffic that...

Cisco Secure Web Appliance Privilege Escalation Vulnerability

A vulnerability in the web management interface of Cisco AsyncOS for Cisco Secure Web Appliance, formerly Cisco Web Security Appliance WSA, could allow an authenticated, remote attacker to perform a command injection and elevate privileges to root. This vulnerability is due to insufficient...

Speco Technologies Speco Web Viewer 路径遍历漏洞

Speco Technologies Speco Web Viewer is a web appliance from Speco Technologies, USA. A channel web server. A security vulnerability exists in Speco Web Viewer 2021-05-12. The vulnerability allows an attacker to perform directory traversal via a GET request starting with a URI...

CVE-2020-3367

A vulnerability in the log subscription subsystem of Cisco AsyncOS for the Cisco Secure Web Appliance formerly Web Security Appliance could allow an authenticated, local attacker to perform command injection and elevate privileges to root. This vulnerability is due to insufficient validation of...

CVE-2020-3367 Cisco Secure Web Appliance Privilege Escalation Vulnerability

A vulnerability in the log subscription subsystem of Cisco AsyncOS for the Cisco Secure Web Appliance formerly Web Security Appliance could allow an authenticated, local attacker to perform command injection and elevate privileges to root. This vulnerability is due to insufficient validation of...

Security Bulletin: IBM Security Access Manager for Mobile and IBM Security Access Manager for Web appliances are affected by the following OpenSSL vulnerabilities: CVE-2014-0224, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470 and possibly CVE-2014-0076

Summary Security vulnerabilities have been discovered in OpenSSL that were reported on June 5, 2014 by the OpenSSL Project. Vulnerability Details CVE-ID: CVE-2014-0224 DESCRIPTION: OpenSSL is vulnerable to a man-in-the-middle attack, caused by the use of weak keying material in SSL/TLS clients an...

Sophos Web Appliance 4.3.0.2 - &#039;trafficType&#039; Remote Command Injection (Metasploit)

Exploit Title: Sophos Web Appliance reporting JSON trafficType Remote Command Injection Vulnerablity Date: 01/28/2017 Exploit Author: xort @ Critical Start Vendor Homepage: www.sophos.com Software Link: sophos.com/en-us/products/secure-web-gateway.aspx Version: 4.3.0.2 Tested on: 4.3.0.2 CVE :...

Sophos Web Appliance 4.3.0.2 Remote Command Injection

Exploit Title: Sophos Web Appliance reporting JSON trafficType Remote Command Injection Vulnerablity Date: 01/28/2017 Exploit Author: xort @ Critical Start Vendor Homepage: www.sophos.com Software Link: sophos.com/en-us/products/secure-web-gateway.aspx Version: 4.3.0.2 Tested on: 4.3.0.2 CVE :...

Sophos Web Appliance < 4.3.2 FTP Redirect Page Reflected XSS

According to its self-reported version number, the Sophos Web Appliance software running on the remote host is prior to 4.3.2. It is, therefore, affected by a reflected cross-site scripting XSS vulnerability in the FTP redirect page ftpredirect.php due to improper validation of user-supplied inpu...

Sophos Web Appliance < 4.3.1 Multiple Remote Command Injection Vulnerabilities

According to its self-reported version number, the Sophos Web Appliance software running on the remote host is prior to 4.3.1. It is, therefore, affected by multiple vulnerabilities : - A remote command injection vulnerability exists in the web administration interface in the...