Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sophos web appliance - vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2019-17059
A shell injection vulnerability on the Sophos Cyberoam firewall appliance with CyberoamOS prior to 10.6.6 MR-6 allows remote malicious users to execute arbitrary commands via the Web Admin and SSL VPN consoles.
Sophos Cyberoamos 10.6.6
Sophos Cyberoamos
10
CVSSv2
CVE-2013-4983
The get_referers function in /opt/ws/bin/sblistpack in Sophos Web Appliance prior to 3.7.9.1 and 3.8 prior to 3.8.1.1 allows remote malicious users to execute arbitrary commands via shell metacharacters in the domain parameter to end-user/index.php.
Sophos Web Appliance Firmware 3.0.1
Sophos Web Appliance Firmware 3.0.1.1
Sophos Web Appliance Firmware 3.0.2
Sophos Web Appliance Firmware 3.0.3
Sophos Web Appliance Firmware 3.2.3
Sophos Web Appliance Firmware 3.2.4
Sophos Web Appliance Firmware 3.2.5
Sophos Web Appliance Firmware 3.2.6
Sophos Web Appliance Firmware 3.2.7
Sophos Web Appliance Firmware 3.4.2
Sophos Web Appliance Firmware 3.4.3
Sophos Web Appliance Firmware 3.4.3.1
Sophos Web Appliance Firmware 3.4.4
Sophos Web Appliance Firmware 3.6.1
Sophos Web Appliance Firmware 3.6.1.1
Sophos Web Appliance Firmware 3.6.2
Sophos Web Appliance Firmware 3.6.2.1
Sophos Web Appliance Firmware 3.7.5
Sophos Web Appliance Firmware 3.7.6
Sophos Web Appliance Firmware 3.7.7
Sophos Web Appliance Firmware 3.7.8
Sophos Web Appliance Firmware 3.7.8.1
2 EDB exploits
9.3
CVSSv2
CVE-2013-2642
Sophos Web Appliance prior to 3.7.8.2 allows (1) remote malicious users to execute arbitrary commands via shell metacharacters in the client-ip parameter to the Block page, when using the user_workstation variable in a customized template, and remote authenticated users to execut...
Sophos Web Appliance Firmware
Sophos Web Appliance -
1 EDB exploit
9
CVSSv2
CVE-2016-9553
The Sophos Web Appliance (version 4.2.1.3) is vulnerable to two Remote Command Injection vulnerabilities affecting its web administrative interface. These vulnerabilities occur in the MgrReport.php (/controllers/MgrReport.php) component responsible for blocking and unblocking IP ...
Sophos Web Appliance 4.2.1.3
1 EDB exploit
9
CVSSv2
CVE-2016-9554
The Sophos Web Appliance Remote / Secure Web Gateway server (version 4.2.1.3) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. These vulnerabilities occur in MgrDiagnosticTools.php (/controllers/MgrDiagnosticTools.php), in the compone...
Sophos Web Appliance 4.2.1.3
1 EDB exploit
8.5
CVSSv2
CVE-2014-2849
The Change Password dialog box (change_password) in Sophos Web Appliance prior to 3.8.2 allows remote authenticated users to change the admin user password via a crafted request.
Sophos Web Appliance Firmware 3.7.5
Sophos Web Appliance Firmware 3.7.4
Sophos Web Appliance Firmware 3.7.3
Sophos Web Appliance Firmware 3.7.2
Sophos Web Appliance Firmware 3.5.6
Sophos Web Appliance Firmware 3.5.5
Sophos Web Appliance Firmware 3.5.4
Sophos Web Appliance Firmware 3.5.3
Sophos Web Appliance Firmware 3.4.1
Sophos Web Appliance Firmware 3.4.0
Sophos Web Appliance Firmware 3.3.6.1
Sophos Web Appliance Firmware 3.3.6
Sophos Web Appliance Firmware 3.2.3
Sophos Web Appliance Firmware 3.2.2.1
Sophos Web Appliance Firmware 3.2.2
Sophos Web Appliance Firmware 3.2.1
Sophos Web Appliance Firmware 3.1.4
Sophos Web Appliance Firmware 3.0.0
Sophos Web Appliance Firmware 3.8.0
Sophos Web Appliance Firmware 3.7.9.1
Sophos Web Appliance Firmware 3.7.9
Sophos Web Appliance Firmware 3.7.8.2
1 EDB exploit
8.5
CVSSv2
CVE-2014-2850
The network interface configuration page (netinterface) in Sophos Web Appliance prior to 3.8.2 allows remote administrators to execute arbitrary commands via shell metacharacters in the address parameter.
Sophos Web Appliance Firmware 3.7.3
Sophos Web Appliance Firmware 3.7.2
Sophos Web Appliance Firmware 3.7.1
Sophos Web Appliance Firmware 3.7.0
Sophos Web Appliance Firmware 3.5.4
Sophos Web Appliance Firmware 3.5.3
Sophos Web Appliance Firmware 3.5.2
Sophos Web Appliance Firmware 3.5.1.2
Sophos Web Appliance Firmware 3.4.0
Sophos Web Appliance Firmware 3.3.6.1
Sophos Web Appliance Firmware 3.3.6
Sophos Web Appliance Firmware 3.3.5.1
Sophos Web Appliance Firmware 3.2.2
Sophos Web Appliance Firmware 3.2.1
Sophos Web Appliance Firmware 3.1.4
Sophos Web Appliance Firmware 3.1.3
Sophos Web Appliance Firmware 3.7.9
Sophos Web Appliance Firmware 3.7.8.2
Sophos Web Appliance Firmware 3.7.8.1
Sophos Web Appliance Firmware 3.7.8
Sophos Web Appliance Firmware 3.6.2.4.1
Sophos Web Appliance Firmware 3.6.2.4.0
1 EDB exploit
7.5
CVSSv2
CVE-2017-6182
In Sophos Web Appliance (SWA) prior to 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via functions, aka NSWA-1304.
Sophos Web Appliance
1 EDB exploit
7.2
CVSSv2
CVE-2013-4984
The close_connections function in /opt/cma/bin/clear_keys.pl in Sophos Web Appliance prior to 3.7.9.1 and 3.8 prior to 3.8.1.1 allows local users to gain privileges via shell metacharacters in the second argument.
Sophos Web Appliance 3.7.8.2
Sophos Web Appliance 3.7.8
Sophos Web Appliance 3.7.3
Sophos Web Appliance 3.7.1
Sophos Web Appliance 3.6.4.2
Sophos Web Appliance 3.6.2.4.0
Sophos Web Appliance 3.6.2.1
Sophos Web Appliance 3.5.3
Sophos Web Appliance 3.5.1.2
Sophos Web Appliance 3.4.5
Sophos Web Appliance 3.4.3.1
Sophos Web Appliance 3.3.6.1
Sophos Web Appliance 3.3.5.1
Sophos Web Appliance 3.3.0
Sophos Web Appliance 3.2.6
Sophos Web Appliance 3.1.4
Sophos Web Appliance 3.1.2
Sophos Web Appliance 3.0.5
Sophos Web Appliance 3.0.3
Sophos Web Appliance 3.7.7
Sophos Web Appliance 3.7.6
Sophos Web Appliance 3.7.5
2 EDB exploits
6.8
CVSSv2
CVE-2017-6412
In Sophos Web Appliance (SWA) prior to 4.3.1.2, Session Fixation could occur, aka NSWA-1310.
Sophos Web Appliance
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4651
CVE-2024-34255
elevation of privilege
CVE-2024-25529
CVE-2024-4671
NULL pointer dereference
CVE-2024-25527
template injection
CVE-2008-0166
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »