CVE-2015-0937
https://notcve.org/view.php?id=CVE-2015-0937
Cross-site scripting (XSS) vulnerability in search.php on the Blue Coat Malware Analysis appliance with software before 4.2.4.20150312-RELEASE allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en search.php en el dispositivo Blue Coat Malware Analysis con software anterior a 4.2.4.20150312-RELEASE permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través de vectores no especificados. • http://www.kb.cert.org/vuls/id/274244 https://bto.bluecoat.com/security-advisory/sa94 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2015-0938
https://notcve.org/view.php?id=CVE-2015-0938
search.php on the Blue Coat Malware Analysis appliance with software before 4.2.4.20150312-RELEASE allows remote attackers to bypass intended access restrictions, and list or read arbitrary documents, by providing matching keywords in conjunction with a crafted parameter. search.php en el dispositivo Blue Coat Malware Analysis con software anterior a 4.2.4.20150312-RELEASE permite a atacantes remotos evadir las restricciones de acceso, y listar o leer documentos arbitrarios, mediante la provisión de palabras clave coincidentes en conjunto con un parámetro manipulado. • http://www.kb.cert.org/vuls/id/274244 https://bto.bluecoat.com/security-advisory/sa94 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •