CVE-2014-2849
- EPSS 73.24%
- Veröffentlicht 11.04.2014 15:55:27
- Zuletzt bearbeitet 12.04.2025 10:46:40
The Change Password dialog box (change_password) in Sophos Web Appliance before 3.8.2 allows remote authenticated users to change the admin user password via a crafted request.
CVE-2014-2850
- EPSS 75.72%
- Veröffentlicht 11.04.2014 15:55:27
- Zuletzt bearbeitet 12.04.2025 10:46:40
The network interface configuration page (netinterface) in Sophos Web Appliance before 3.8.2 allows remote administrators to execute arbitrary commands via shell metacharacters in the address parameter.
- EPSS 81.82%
- Veröffentlicht 18.03.2014 17:02:51
- Zuletzt bearbeitet 12.04.2025 10:46:40
Directory traversal vulnerability in patience.cgi in Sophos Web Appliance before 3.7.8.2 allows remote attackers to read arbitrary files via the id parameter.
CVE-2013-2642
- EPSS 18.09%
- Veröffentlicht 18.03.2014 17:02:51
- Zuletzt bearbeitet 12.04.2025 10:46:40
Sophos Web Appliance before 3.7.8.2 allows (1) remote attackers to execute arbitrary commands via shell metacharacters in the client-ip parameter to the Block page, when using the user_workstation variable in a customized template, and remote authent...
CVE-2013-2643
- EPSS 0.68%
- Veröffentlicht 18.03.2014 17:02:51
- Zuletzt bearbeitet 12.04.2025 10:46:40
Multiple cross-site scripting (XSS) vulnerabilities in Sophos Web Appliance before 3.7.8.2 allow remote attackers to inject arbitrary web script or HTML via the (1) xss parameter in an allow action to rss.php, (2) msg parameter to end-user/errdoc.php...
- EPSS 92.72%
- Veröffentlicht 10.09.2013 11:28:40
- Zuletzt bearbeitet 11.04.2025 00:51:21
The get_referers function in /opt/ws/bin/sblistpack in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to end-user/index.php.