OpenLiteSpeed and LSWS Enterprise vulnerable to OS command injection

Overview OpenLiteSpeed and LSWS Enterprise provided by LiteSpeed Technologies contain the following vulnerability. OS command injection CWE-78 - CVE-2026-31386 Daisuke Nakayama of Mizuho Financial Group, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

PT-2022-23706 · Sophos · Sophos Firewall

Name of the Vulnerable Software and Affected Versions: Sophos Firewall versions prior to 19.5 GA Description: A post-auth code injection issue allows admins to execute code in the Webadmin of Sophos Firewall. This issue does not specify the estimated number of potentially affected devices worldwi...

Sophos Firewall 代码注入漏洞

Sophos Firewall is a firewall from Sophos UK. A code injection vulnerability exists in versions prior to Sophos Firewall 19.5GA, which originates from an administrator being able to implement code execution in Webadmin via code injection...

PT-2022-13110 · Sophos · Sophos Firewall

Name of the Vulnerable Software and Affected Versions: Sophos Firewall versions prior to v18.5 MR3 Description: An information disclosure issue in Webadmin allows an unauthenticated remote attacker to read the device serial number. Recommendations: For Sophos Firewall versions prior to v18.5 MR3,...

PT-2022-2444

Name of the Vulnerable Software and Affected Versions Sophos Firewall versions prior to v18.5 MR3 18.5.3 Sophos XG Firewall version 17.0.10 MR-10 Description An authentication bypass issue exists in the User Portal and Webadmin components of Sophos Firewall, potentially allowing a remote attacker...

CVE-2019-9945

SoftNAS Cloud 4.2.0 and 4.2.1 allows remote command execution. The NGINX default configuration file has a check to verify the status of a user cookie. If not set, a user is redirected to the login page. An arbitrary value can be provided for this cookie to access the web interface without valid...