Skip to main content

Web Appliance Firmware

6 CVEs product

Monthly

CVE-2014-2850 HIGH POC THREAT Act Now

The network interface configuration page (netinterface) in Sophos Web Appliance before 3.8.2 allows remote administrators to execute arbitrary commands via shell metacharacters in the address. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 75.7%.

Command Injection Sophos Web Appliance Firmware Web Appliance
NVD Exploit-DB VulDB
CVSS 2.0
8.5
EPSS
75.7%
Threat
5.5
CVE-2014-2849 HIGH POC THREAT Act Now

The Change Password dialog box (change_password) in Sophos Web Appliance before 3.8.2 allows remote authenticated users to change the admin user password via a crafted request. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 76.5%.

Sophos Privilege Escalation Web Appliance Firmware Web Appliance
NVD Exploit-DB VulDB
CVSS 2.0
8.5
EPSS
76.5%
Threat
5.5
CVE-2013-2643 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Sophos Web Appliance before 3.7.8.2 allow remote attackers to inject arbitrary web script or HTML via the (1) xss parameter in an allow action. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Sophos PHP Web Appliance Firmware Web Appliance
NVD Exploit-DB VulDB
CVSS 2.0
4.3
EPSS
1.0%
CVE-2013-2642 CRITICAL POC THREAT Emergency

Sophos Web Appliance before 3.7.8.2 allows (1) remote attackers to execute arbitrary commands via shell metacharacters in the client-ip parameter to the Block page, when using the user_workstation. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 12.0%.

Command Injection Sophos Web Appliance Firmware Web Appliance
NVD Exploit-DB VulDB
CVSS 2.0
9.3
EPSS
12.0%
CVE-2013-2641 MEDIUM POC THREAT This Month

Directory traversal vulnerability in patience.cgi in Sophos Web Appliance before 3.7.8.2 allows remote attackers to read arbitrary files via the id parameter. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 82.3%.

Path Traversal Sophos Web Appliance Firmware Web Appliance
NVD Exploit-DB VulDB
CVSS 2.0
5.0
EPSS
82.3%
Threat
5.0
CVE-2013-4983 CRITICAL POC THREAT Emergency

The get_referers function in /opt/ws/bin/sblistpack in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 92.7%.

PHP Command Injection Web Appliance Firmware
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
92.7%
Threat
6.3
EPSS 76% 5.5 CVSS 8.5
HIGH POC THREAT Act Now

The network interface configuration page (netinterface) in Sophos Web Appliance before 3.8.2 allows remote administrators to execute arbitrary commands via shell metacharacters in the address. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 75.7%.

Command Injection Sophos Web Appliance Firmware +1
NVD Exploit-DB VulDB
EPSS 76% 5.5 CVSS 8.5
HIGH POC THREAT Act Now

The Change Password dialog box (change_password) in Sophos Web Appliance before 3.8.2 allows remote authenticated users to change the admin user password via a crafted request. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 76.5%.

Sophos Privilege Escalation Web Appliance Firmware +1
NVD Exploit-DB VulDB
EPSS 1% CVSS 4.3
MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Sophos Web Appliance before 3.7.8.2 allow remote attackers to inject arbitrary web script or HTML via the (1) xss parameter in an allow action. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Sophos PHP +2
NVD Exploit-DB VulDB
EPSS 12% CVSS 9.3
CRITICAL POC THREAT Emergency

Sophos Web Appliance before 3.7.8.2 allows (1) remote attackers to execute arbitrary commands via shell metacharacters in the client-ip parameter to the Block page, when using the user_workstation. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 12.0%.

Command Injection Sophos Web Appliance Firmware +1
NVD Exploit-DB VulDB
EPSS 82% 5.0 CVSS 5.0
MEDIUM POC THREAT This Month

Directory traversal vulnerability in patience.cgi in Sophos Web Appliance before 3.7.8.2 allows remote attackers to read arbitrary files via the id parameter. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 82.3%.

Path Traversal Sophos Web Appliance Firmware +1
NVD Exploit-DB VulDB
EPSS 93% 6.3 CVSS 10.0
CRITICAL POC THREAT Emergency

The get_referers function in /opt/ws/bin/sblistpack in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 92.7%.

PHP Command Injection Web Appliance Firmware
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy