Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sophos web appliance - vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2017-6184
In Sophos Web Appliance (SWA) prior to 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via the token parameter, aka NSWA-1303.
Sophos Web Appliance
6.5
CVSSv2
CVE-2017-6183
In Sophos Web Appliance (SWA) prior to 4.3.1.2, a section of the machine's configuration utilities for adding (and detecting) Active Directory servers was vulnerable to remote command injection, aka NSWA-1314.
Sophos Web Appliance
5
CVSSv2
CVE-2013-2641
Directory traversal vulnerability in patience.cgi in Sophos Web Appliance prior to 3.7.8.2 allows remote malicious users to read arbitrary files via the id parameter.
Sophos Web Appliance Firmware
Sophos Web Appliance -
1 EDB exploit
4.3
CVSSv2
CVE-2017-9523
The Sophos Web Appliance prior to 4.3.2 has XSS in the FTP redirect page, aka NSWA-1342.
Sophos Web Appliance
4.3
CVSSv2
CVE-2016-3968
Multiple cross-site scripting (XSS) vulnerabilities in Sophos Cyberoam CR100iNG UTM appliance with firmware 10.6.3 MR-1 build 503, CR35iNG UTM appliance with firmware 10.6.2 MR-1 build 383, and CR35iNG UTM appliance with firmware 10.6.2 Build 378 allow remote malicious users to i...
Sophos Cyberoam Cr100ing Utm Firmware 10.6.3 Mr-1 Build 503
Sophos Cyberoam Cr35ing Utm Firmware 10.6.2 Mr-1 Build 383
Sophos Cyberoam Cr35ing Utm Firmware 10.6.2 Build 378
4.3
CVSSv2
CVE-2013-2643
Multiple cross-site scripting (XSS) vulnerabilities in Sophos Web Appliance prior to 3.7.8.2 allow remote malicious users to inject arbitrary web script or HTML via the (1) xss parameter in an allow action to rss.php, (2) msg parameter to end-user/errdoc.php, (3) h parameter to e...
Sophos Web Appliance Firmware
Sophos Web Appliance -
1 EDB exploit
4.3
CVSSv2
CVE-2008-0838
Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface in Sophos ES1000 and ES4000 Email Security Appliance 2.1.0.0 allow remote malicious users to inject arbitrary web script or HTML via the (1) error and (2) go parameters to the login page.
Sophos Es1000 2.1.0.0
Sophos Es4000 2.1.0.0
1 EDB exploit
NA
CVE-2023-33336
Reflected cross site scripting (XSS) vulnerability exists in Sophos Web Appliance v4.3.9.1 that allows for arbitrary code to be inputted via the double quotes.
Sophos Web Appliance 4.3.9.1
NA
CVE-2023-1671
A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code.
Sophos Web Appliance
5 Github repositories
NA
CVE-2020-36692
A reflected XSS via POST vulnerability in report scheduler of Sophos Web Appliance versions older than 4.3.10.4 allows execution of JavaScript code in the victim browser via a malicious form that must be manually submitted by the victim while logged in to SWA.
Sophos Web Appliance
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-52710
arbitrary
CVE-2024-5272
CVE-2024-2961
brute force
remote
CVE-2024-32944
CVE-2024-36241
CVE-2024-5274
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »