Computer Security
[EN] securityvulns.ru no-pyccku


Sophos Web Protection Appliance code execution
Published:11.09.2013
Source:
SecurityVulns ID:13285
Type:remote
Threat Level:
6/10
Description:Few command injections.
Affected:SOPHOS : Sophos Web Appliance 3.8
CVE:CVE-2013-4984 (The close_connections function in /opt/cma/bin/clear_keys.pl in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows local users to gain privileges via shell metacharacters in the second argument.)
 CVE-2013-4983 (The get_referers function in /opt/ws/bin/sblistpack in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to end-user/index.php.)
Original documentdocumentCORE SECURITY TECHNOLOGIES ADVISORIES, [CORE-2013-0809] Sophos Web Protection Appliance Multiple Vulnerabilities (11.09.2013)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod