Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2013-4983

Published: 10/09/2013 Updated: 09/10/2013
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 1000
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Sophos

Vulnerability Summary

The get_referers function in /opt/ws/bin/sblistpack in Sophos Web Appliance prior to 3.7.9.1 and 3.8 prior to 3.8.1.1 allows remote malicious users to execute arbitrary commands via shell metacharacters in the domain parameter to end-user/index.php.

Vulnerable Product Search on Vulmon Subscribe to Product

sophos web_appliance_firmware 3.0.1

sophos web_appliance_firmware 3.0.1.1

sophos web_appliance_firmware 3.0.2

sophos web_appliance_firmware 3.0.3

sophos web_appliance_firmware 3.2.3

sophos web_appliance_firmware 3.2.4

sophos web_appliance_firmware 3.2.5

sophos web_appliance_firmware 3.2.6

sophos web_appliance_firmware 3.2.7

sophos web_appliance_firmware 3.4.2

sophos web_appliance_firmware 3.4.3

sophos web_appliance_firmware 3.4.3.1

sophos web_appliance_firmware 3.4.4

sophos web_appliance_firmware 3.6.1

sophos web_appliance_firmware 3.6.1.1

sophos web_appliance_firmware 3.6.2

sophos web_appliance_firmware 3.6.2.1

sophos web_appliance_firmware 3.7.5

sophos web_appliance_firmware 3.7.6

sophos web_appliance_firmware 3.7.7

sophos web_appliance_firmware 3.7.8

sophos web_appliance_firmware 3.7.8.1

sophos web_appliance_firmware 3.0.0

sophos web_appliance_firmware 3.0.4

sophos web_appliance_firmware 3.0.5.1

sophos web_appliance_firmware 3.2.1

sophos web_appliance_firmware 3.2.2.1

sophos web_appliance_firmware 3.3.1

sophos web_appliance_firmware 3.3.3

sophos web_appliance_firmware 3.3.6

sophos web_appliance_firmware 3.4.0

sophos web_appliance_firmware 3.1.0.1

sophos web_appliance_firmware 3.1.1

sophos web_appliance_firmware 3.1.2

sophos web_appliance_firmware 3.1.3

sophos web_appliance_firmware 3.3.3.1

sophos web_appliance_firmware 3.3.4

sophos web_appliance_firmware 3.3.5

sophos web_appliance_firmware 3.3.5.1

sophos web_appliance_firmware 3.5.0

sophos web_appliance_firmware 3.5.1

sophos web_appliance_firmware 3.5.1.1

sophos web_appliance_firmware 3.5.1.2

sophos web_appliance_firmware 3.5.2

sophos web_appliance_firmware 3.6.4

sophos web_appliance_firmware 3.6.4.1

sophos web_appliance_firmware 3.6.4.2

sophos web_appliance_firmware 3.7.0

sophos web_appliance_firmware 3.4.6

sophos web_appliance_firmware 3.4.8

sophos web_appliance_firmware 3.5.4

sophos web_appliance_firmware 3.5.6

sophos web_appliance_firmware 3.6.2.3

sophos web_appliance_firmware 3.6.2.4.1

sophos web_appliance_firmware 3.7.2

sophos web_appliance_firmware 3.7.4

sophos web_appliance_firmware

sophos web_appliance_firmware 3.8.1

sophos web_appliance_firmware 3.0.5

sophos web_appliance_firmware 3.1.0

sophos web_appliance_firmware 3.1.4

sophos web_appliance_firmware 3.2.2

sophos web_appliance_firmware 3.3.0

sophos web_appliance_firmware 3.3.2

sophos web_appliance_firmware 3.3.6.1

sophos web_appliance_firmware 3.4.1

sophos web_appliance_firmware 3.4.5

sophos web_appliance_firmware 3.4.7

sophos web_appliance_firmware 3.5.3

sophos web_appliance_firmware 3.5.5

sophos web_appliance_firmware 3.6.2.4.0

sophos web_appliance_firmware 3.6.3

sophos web_appliance_firmware 3.7.1

sophos web_appliance_firmware 3.7.3

sophos web_appliance_firmware 3.7.8.2

sophos web_appliance_firmware 3.8.0

Exploits

Exploit DB: Sophos Web Protection Appliance - 'sblistpack' Arbitrary Command Execution (Metasploit)
## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # web site for more information on licensing and terms of use # metasploitcom/ ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Explo ...
Exploit DB: Sophos Web Protection Appliance - Multiple Vulnerabilities
Core Security - Corelabs Advisory corelabscoresecuritycom/ Sophos Web Protection Appliance Multiple Vulnerabilities 1 *Advisory Information* Title: Sophos Web Protection Appliance Multiple Vulnerabilities Advisory ID: CORE-2013-0809 Advisory URL: wwwcoresecuritycom/advisories/sophos-web-protection-appliance-multiple-vulnerabi ...
Exploit DB: Sophos Web Protection Appliance Command Injection
Core Security Technologies Advisory - Sophos Web Protection Appliance versions 379 and earlier, 381, and 380 suffer from multiple OS command injection vulnerabilities ...

References

CWE-78http://www.coresecurity.com/advisories/sophos-web-protection-appliance-multiple-vulnerabilitieshttp://www.sophos.com/en-us/support/knowledgebase/119773.aspxhttps://nvd.nist.govhttps://www.exploit-db.com/exploits/28334/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675CVE-2024-3400CVE-2024-23557mass assignmentCVE-2023-1389local file inclusionCVE-2024-32596file uploadCVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook