OpenLiteSpeed and LSWS Enterprise vulnerable to OS command injection

Overview OpenLiteSpeed and LSWS Enterprise provided by LiteSpeed Technologies contain the following vulnerability. OS command injection CWE-78 - CVE-2026-31386 Daisuke Nakayama of Mizuho Financial Group, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

Sophos Firewall 代码注入漏洞

Sophos Firewall is a firewall from Sophos UK. A code injection vulnerability exists in versions prior to Sophos Firewall 19.5GA, which originates from an administrator being able to implement code execution in Webadmin via code injection...

PT-2022-23706 · Sophos · Sophos Firewall

Name of the Vulnerable Software and Affected Versions: Sophos Firewall versions prior to 19.5 GA Description: A post-auth code injection issue allows admins to execute code in the Webadmin of Sophos Firewall. This issue does not specify the estimated number of potentially affected devices worldwi...

PT-2022-13110 · Sophos · Sophos Firewall

Name of the Vulnerable Software and Affected Versions: Sophos Firewall versions prior to v18.5 MR3 Description: An information disclosure issue in Webadmin allows an unauthenticated remote attacker to read the device serial number. Recommendations: For Sophos Firewall versions prior to v18.5 MR3,...

PT-2022-2444

Name of the Vulnerable Software and Affected Versions Sophos Firewall versions prior to v18.5 MR3 18.5.3 Sophos XG Firewall version 17.0.10 MR-10 Description An authentication bypass issue exists in the User Portal and Webadmin components of Sophos Firewall, potentially allowing a remote attacker...

CVE-2019-9945

SoftNAS Cloud 4.2.0 and 4.2.1 allows remote command execution. The NGINX default configuration file has a check to verify the status of a user cookie. If not set, a user is redirected to the login page. An arbitrary value can be provided for this cookie to access the web interface without valid...