Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sophos web appliance - vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-1671
A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code.
Sophos Web Appliance
5 Github repositories
9.8
CVSSv3
CVE-2019-17059
A shell injection vulnerability on the Sophos Cyberoam firewall appliance with CyberoamOS prior to 10.6.6 MR-6 allows remote malicious users to execute arbitrary commands via the Web Admin and SSL VPN consoles.
Sophos Cyberoamos 10.6.6
Sophos Cyberoamos
9.8
CVSSv3
CVE-2017-6182
In Sophos Web Appliance (SWA) prior to 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via functions, aka NSWA-1304.
Sophos Web Appliance
1 EDB exploit
8.1
CVSSv3
CVE-2017-6412
In Sophos Web Appliance (SWA) prior to 4.3.1.2, Session Fixation could occur, aka NSWA-1310.
Sophos Web Appliance
1 EDB exploit
7.2
CVSSv3
CVE-2022-4934
A post-auth command injection vulnerability in the exception wizard of Sophos Web Appliance older than version 4.3.10.4 allows administrators to execute arbitrary code.
Sophos Web Appliance
7.2
CVSSv3
CVE-2017-6183
In Sophos Web Appliance (SWA) prior to 4.3.1.2, a section of the machine's configuration utilities for adding (and detecting) Active Directory servers was vulnerable to remote command injection, aka NSWA-1314.
Sophos Web Appliance
7.2
CVSSv3
CVE-2016-9553
The Sophos Web Appliance (version 4.2.1.3) is vulnerable to two Remote Command Injection vulnerabilities affecting its web administrative interface. These vulnerabilities occur in the MgrReport.php (/controllers/MgrReport.php) component responsible for blocking and unblocking IP ...
Sophos Web Appliance 4.2.1.3
1 EDB exploit
7.2
CVSSv3
CVE-2016-9554
The Sophos Web Appliance Remote / Secure Web Gateway server (version 4.2.1.3) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. These vulnerabilities occur in MgrDiagnosticTools.php (/controllers/MgrDiagnosticTools.php), in the compone...
Sophos Web Appliance 4.2.1.3
1 EDB exploit
6.1
CVSSv3
CVE-2017-9523
The Sophos Web Appliance prior to 4.3.2 has XSS in the FTP redirect page, aka NSWA-1342.
Sophos Web Appliance
6.1
CVSSv3
CVE-2016-3968
Multiple cross-site scripting (XSS) vulnerabilities in Sophos Cyberoam CR100iNG UTM appliance with firmware 10.6.3 MR-1 build 503, CR35iNG UTM appliance with firmware 10.6.2 MR-1 build 383, and CR35iNG UTM appliance with firmware 10.6.2 Build 378 allow remote malicious users to i...
Sophos Cyberoam Cr100ing Utm Firmware 10.6.3 Mr-1 Build 503
Sophos Cyberoam Cr35ing Utm Firmware 10.6.2 Mr-1 Build 383
Sophos Cyberoam Cr35ing Utm Firmware 10.6.2 Build 378
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-52710
arbitrary
CVE-2024-5272
CVE-2024-2961
brute force
remote
CVE-2024-32944
CVE-2024-36241
CVE-2024-5274
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »