Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sophos web appliance vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2017-6183
In Sophos Web Appliance (SWA) prior to 4.3.1.2, a section of the machine's configuration utilities for adding (and detecting) Active Directory servers was vulnerable to remote command injection, aka NSWA-1314.
Sophos Web Appliance
6.5
CVSSv2
CVE-2017-6184
In Sophos Web Appliance (SWA) prior to 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via the token parameter, aka NSWA-1303.
Sophos Web Appliance
5
CVSSv2
CVE-2013-2641
Directory traversal vulnerability in patience.cgi in Sophos Web Appliance prior to 3.7.8.2 allows remote malicious users to read arbitrary files via the id parameter.
Sophos Web Appliance Firmware
Sophos Web Appliance -
1 EDB exploit
4.3
CVSSv2
CVE-2017-9523
The Sophos Web Appliance prior to 4.3.2 has XSS in the FTP redirect page, aka NSWA-1342.
Sophos Web Appliance
4.3
CVSSv2
CVE-2016-3968
Multiple cross-site scripting (XSS) vulnerabilities in Sophos Cyberoam CR100iNG UTM appliance with firmware 10.6.3 MR-1 build 503, CR35iNG UTM appliance with firmware 10.6.2 MR-1 build 383, and CR35iNG UTM appliance with firmware 10.6.2 Build 378 allow remote malicious users to i...
Sophos Cyberoam Cr100ing Utm Firmware 10.6.3 Mr-1 Build 503
Sophos Cyberoam Cr35ing Utm Firmware 10.6.2 Build 378
Sophos Cyberoam Cr35ing Utm Firmware 10.6.2 Mr-1 Build 383
4.3
CVSSv2
CVE-2013-2643
Multiple cross-site scripting (XSS) vulnerabilities in Sophos Web Appliance prior to 3.7.8.2 allow remote malicious users to inject arbitrary web script or HTML via the (1) xss parameter in an allow action to rss.php, (2) msg parameter to end-user/errdoc.php, (3) h parameter to e...
Sophos Web Appliance Firmware
Sophos Web Appliance -
1 EDB exploit
4.3
CVSSv2
CVE-2008-0838
Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface in Sophos ES1000 and ES4000 Email Security Appliance 2.1.0.0 allow remote malicious users to inject arbitrary web script or HTML via the (1) error and (2) go parameters to the login page.
Sophos Es4000 2.1.0.0
Sophos Es1000 2.1.0.0
1 EDB exploit
NA
CVE-2023-33336
Reflected cross site scripting (XSS) vulnerability exists in Sophos Web Appliance v4.3.9.1 that allows for arbitrary code to be inputted via the double quotes.
Sophos Web Appliance 4.3.9.1
NA
CVE-2023-1671
A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code.
Sophos Web Appliance
5 Github repositories
NA
CVE-2022-4934
A post-auth command injection vulnerability in the exception wizard of Sophos Web Appliance older than version 4.3.10.4 allows administrators to execute arbitrary code.
Sophos Web Appliance
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »