Watchguard Xcs vulnerabilities
3 known vulnerabilities affecting watchguard/xcs.
Total CVEs
3
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2015-5453P2MEDIUMCVSS 6.5PoCv9.2v10.02015-07-08
CVE-2015-5453 [MEDIUM] CWE-77 CVE-2015-5453: Watchguard XCS 9.2 and 10.0 before build 150522 allow remote authenticated users to execute arbitrar
Watchguard XCS 9.2 and 10.0 before build 150522 allow remote authenticated users to execute arbitrary commands via shell metacharacters in the id parameter to ADMIN/mailqueue.spl.
nvd
CVE-2015-5452P3HIGHCVSS 7.5PoCv9.2v10.02015-07-08
CVE-2015-5452 [HIGH] CWE-89 CVE-2015-5452: SQL injection vulnerability in Watchguard XCS 9.2 and 10.0 before build 150522 allows remote attacke
SQL injection vulnerability in Watchguard XCS 9.2 and 10.0 before build 150522 allows remote attackers to execute arbitrary SQL commands via the sid cookie, as demonstrated by a request to borderpost/imp/compose.php3.
nvd
CVE-2011-2165P3MEDIUMCVSS 6.8PoCv9.0v9.12011-05-23
CVE-2011-2165 [MEDIUM] CVE-2011-2165: The STARTTLS implementation in WatchGuard XCS 9.0 and 9.1 does not properly restrict I/O buffering,
The STARTTLS implementation in WatchGuard XCS 9.0 and 9.1 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.
nvd