cbcvebase.

Sophos Web Appliance Firmware vulnerabilities

6 known vulnerabilities affecting sophos/web_appliance_firmware.

Total CVEs
6
CISA KEV
0
Public exploits
6
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH2MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2013-4983P2CRITICALCVSS 10.0PoCv3.7.8≤ 3.7.9+74 more2013-09-10
CVE-2013-4983 [CRITICAL] CWE-78 CVE-2013-4983: The get_referers function in /opt/ws/bin/sblistpack in Sophos Web Appliance before 3.7.9.1 and 3.8 b The get_referers function in /opt/ws/bin/sblistpack in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to end-user/index.php.
nvd
CVE-2014-2850P2HIGHCVSS 8.5PoCv3.7.8≤ 3.8.1.1+76 more2014-04-11
CVE-2014-2850 [HIGH] CWE-78 CVE-2014-2850: The network interface configuration page (netinterface) in Sophos Web Appliance before 3.8.2 allows The network interface configuration page (netinterface) in Sophos Web Appliance before 3.8.2 allows remote administrators to execute arbitrary commands via shell metacharacters in the address parameter.
nvd
CVE-2014-2849P2HIGHCVSS 8.5PoCv3.7.8≤ 3.8.1.1+76 more2014-04-11
CVE-2014-2849 [HIGH] CWE-264 CVE-2014-2849: The Change Password dialog box (change_password) in Sophos Web Appliance before 3.8.2 allows remote The Change Password dialog box (change_password) in Sophos Web Appliance before 3.8.2 allows remote authenticated users to change the admin user password via a crafted request.
nvd
CVE-2013-2641P3MEDIUMCVSS 5.0PoC≤ 3.7.8.12014-03-18
CVE-2013-2641 [MEDIUM] CWE-22 CVE-2013-2641: Directory traversal vulnerability in patience.cgi in Sophos Web Appliance before 3.7.8.2 allows remo Directory traversal vulnerability in patience.cgi in Sophos Web Appliance before 3.7.8.2 allows remote attackers to read arbitrary files via the id parameter.
nvd
CVE-2013-2642P2CRITICALCVSS 9.3PoC≤ 3.7.8.12014-03-18
CVE-2013-2642 [CRITICAL] CWE-78 CVE-2013-2642: Sophos Web Appliance before 3.7.8.2 allows (1) remote attackers to execute arbitrary commands via sh Sophos Web Appliance before 3.7.8.2 allows (1) remote attackers to execute arbitrary commands via shell metacharacters in the client-ip parameter to the Block page, when using the user_workstation variable in a customized template, and remote authenticated users to execute arbitrary commands via shell metacharacters in the (2) url parameter to the Di
nvd
CVE-2013-2643P4MEDIUMCVSS 4.3PoC≤ 3.7.8.12014-03-18
CVE-2013-2643 [MEDIUM] CWE-79 CVE-2013-2643: Multiple cross-site scripting (XSS) vulnerabilities in Sophos Web Appliance before 3.7.8.2 allow rem Multiple cross-site scripting (XSS) vulnerabilities in Sophos Web Appliance before 3.7.8.2 allow remote attackers to inject arbitrary web script or HTML via the (1) xss parameter in an allow action to rss.php, (2) msg parameter to end-user/errdoc.php, (3) h parameter to end-user/ftp_redirect.php, or (4) threat parameter to the Blocked component.
nvd
Sophos Web Appliance Firmware vulnerabilities | cvebase