6 matches found
CVE-2009-3748
Websense Web Administrator in Websense Personal Email Manager 7.1.x before Hotfix 4 and Websense Email Security 7.1 before Hotfix 4 contains multiple cross-site scripting (XSS) flaws. The vulnerabilities affect the Web Administrator component and allow remote attackers to inject arbitrary script/...
CVE-2009-5131
CVE-2009-5131 concerns the Receive Service in Websense Email Security prior to 7.1, where the blacklist fails to recognize domain extensions. This allows remote attackers to bypass access restrictions and send e-mail messages via an SMTP session. Documented by NVD and Red Hat with the same descri...
CVE-2012-4605
The Websense Email Security SMTP component (versions 6.1–7.3) defaults to enabling weak SSL ciphers in the SurfControl plc\SuperScout Email Filter\SMTP registry key, enabling potential information disclosure via network sniffing and brute-force of encrypted sessions. Websense provides a patch/hot...
CVE-2009-5121
Websense Email Security 7.1 prior to Hotfix 4 is vulnerable to bypassing the sender-based blacklist via the 8BITMIME EHLO keyword in the SMTP session. The root cause is the SMTP handling that permits 8BITMIME EHLO, enabling remote attackers to circumvent blacklist checks. The public description c...
CVE-2009-5122
The CVE-2009-5122 entry affects the Personal Email Manager component of Websense Email Security prior to version 7.2. The vulnerability enables remote attackers to disclose potentially sensitive information from the JBoss status page through an unspecified query. No explicit exploitation details,...
CVE-2009-5130
CVE-2009-5130 affects Websense Email Security’s Rules Service prior to 7.1. The issue is caused by processing an attachment with a crafted size, allowing remote attackers to trigger a denial-of-service (service crash). The connected documents do not provide exploitation details or a confirmed rem...