17 matches found
CVE-2023-1671
CVE-2023-1671 affects Sophos Web Appliance older than 4.3.10.4, with a pre-auth command-injection in the warn-proceed handler that allows remote code execution. Public analyses and PoCs describe how user-supplied parameters flow to shell commands, enabling arbitrary code execution without authent...
CVE-2017-6412
CVE-2017-6412 affects Sophos Web Appliance (SWA) versions before 4.3.1.2, with a Session Fixation vulnerability (NSWA-1310) that can lead to session hijacking. Public references indicate exploitation in 4.3.1.1 and the issue being addressed in the SWA 4.3.1.2 release notes. The CVE entry and mult...
CVE-2013-2641
CVE-2013-2641 concerns Sophos Web Protection Appliance (patience.cgi) with a directory traversal vulnerability. Exploitation via the id parameter could allow an unauthenticated remote attacker to read arbitrary files on the affected appliance. Public references in connected documents indicate the...
CVE-2013-4984
The CVE-2013-4984 issue affects Sophos Web Protection Appliance: the close_connections() function in /opt/cma/bin/clear_keys.pl allows local privilege escalation via shell metacharacters in the second argument, on affected builds before 3.7.9.1 and 3.8 before 3.8.1.1. Root cause is improper escap...
CVE-2016-9553
CVE-2016-9553 — Sophos Web Appliance 4.2.1.3 is vulnerable to two remote command injection flaws in the web admin interface (MgrReport.php) where user-supplied values for unblockip and blockip are passed to shell_exec without proper escaping. An authenticated, remote attacker could exploit these ...
CVE-2016-9554
CVE-2016-9554 affects Sophos Web Appliance (Secure Web Gateway) before version 4.3.1. The vulnerability exists in the web admin interface via MgrDiagnosticTools.php, where diagnostic tests invoke wget and pass user-controlled input in the url parameter to executeCommand, which calls exec() withou...
CVE-2014-2850
CVE-2014-2850 affects Sophos Web Appliance: the netinterface (network interface configuration) page allows remote administrators to execute arbitrary shell commands via metacharacters in the address parameter, on affected versions prior to 3.8.2. Public references and feeds corroborate remote com...
CVE-2017-6184
In Sophos Web Appliance (SWA) versions before 4.3.1.2, the reports-generation interface is vulnerable to remote command injection through the token parameter (aka NSWA-1303). The root cause is improper input handling/sanitization in the reporting path, allowing an authenticated or network-exposed...
CVE-2023-33336
CVE-2023-33336 affects Sophos Web Appliance v4.3.9.1. The vulnerability is a reflected cross-site scripting (XSS) flaw that allows input of arbitrary code via the double quote character. The NVD data lists a CVSSv3.1 base score of 4.8 (Medium) with Network attack vector, high privileges required,...
CVE-2013-2642
Vulnerability : CVE-2013-2642 affects Sophos Web Protection Appliance (pre-3.7.8.2). The issue enables OS command injection in multiple contexts: (1) OS commands via the Block page when a customized template uses the client-ip variable, (2) commands via the Diagnostic Tools URL parameter, and (3)...
CVE-2013-2643
CVE-2013-2643 is a reflected XSS affecting Sophos Web Protection Appliance up to version 3.7.8.1 (fixed in 3.7.8.2). The vulnerability arises from improper sanitization in multiple web interfaces, allowing remote attackers to inject arbitrary script/HTML via: the xss parameter in rss.php, the msg...
CVE-2017-6183
In Sophos Web Appliance (SWA) versions prior to 4.3.1.2, CVE-2017-6183 describes a remote command injection vulnerability in the configuration utilities used for adding/detecting Active Directory servers. The issue arises from improper sanitization of input when managing AD-related settings, enab...
CVE-2022-4934
Sophos Web Appliance is affected by CVE-2022-4934. A post-auth command injection vulnerability resides in the exception wizard of Sophos Web Appliance versions prior to 4.3.10.4, allowing an administrator to execute arbitrary commands. The underlying issue is described in PT-2023-2216 as a failur...
CVE-2017-6182
Affected product : Sophos Web Appliance (SWA) prior to version 4.3.1.2. Vulnerability : Remote command injection in the reporting UI, via functions related to report generation (NSWA-1304). Impact : Unauthenticated/remote attacker could inject commands through the reporting component; severity is...
CVE-2020-36692
CVE-2020-36692 affects Sophos Web Appliance prior to 4.3.10.4. The issue is a reflected XSS in the report scheduler via a crafted POST form, requiring the victim to submit the form while logged in to SWA. This can allow execution of JavaScript in the victim’s browser. Mitigation: upgrade to 4.3.1...
CVE-2014-2849
The CVE-2014-2849 issue affects Sophos Web Appliance (versions up to 3.8.1.x). A flaw in the Change Password dialog (change_password) allows remote authenticated users to change the admin password, potentially enabling privilege escalation. Red Hat confirms the vulnerability; ZDI and other adviso...
CVE-2017-9523
The vulnerability CVE-2017-9523 affects Sophos Web Appliance prior to 4.3.2. It is a reflected cross-site scripting (XSS) issue in the FTP redirect page (ftp_redirect.php) caused by improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this via crafted reques...