5 results (0.011 seconds)

CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 0

Clearswift MIMEsweeper for Web before 5.1.15 Hotfix allows remote attackers to cause a denial of service (crash) via an encrypted archived .RAR file, which triggers a scan error and causes the Web Policy Engine service to terminate. Clearswift MIMEsweeper para Web antes de 5.1.15 Hotfix permite a atacantes remotos provocar una denegación de servicio (caída) a través de un archivo .RAR encriptado archivado, lo que dispara un error de escaneado y provoca que termine el servicio de Web Policy Engine (Motor de Política Web). • http://download.mimesweeper.com/www/TechnicalDocumentation/WebReadMeHotfix5115.htm http://secunia.com/advisories/20998 http://www.vupen.com/english/advisories/2006/2731 https://exchange.xforce.ibmcloud.com/vulnerabilities/27643 •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in Clearswift MIMEsweeper for Web before 5.1.15 Hotfix allows remote attackers to inject arbitrary web script or HTML via the URL, which is reflected back in an error message when trying to access a blocked web site. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Clearswift MIMEsweeper for Web versiones anteriores a 5.1.15 Hotfix, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de la URL, se ve reflejado en un mensaje de error cuando se intenta acceder a un sitio web bloqueado. • http://download.mimesweeper.com/www/TechnicalDocumentation/WebReadMeHotfix5115.htm http://marc.info/?l=full-disclosure&m=115249298204354&w=2 http://marc.info/?l=full-disclosure&m=115253320721404&w=2 http://marc.info/?l=full-disclosure&m=115253898206225&w=2 http://secunia.com/advisories/20998 http://securitytracker.com/id?1016454 http://www.securityfocus.com/archive/1/439641/100/0/threaded http://www.securityfocus.com/archive/1/440140/100/0/threaded http://www.securityfocus.com/bid&#x •

CVSS: 5.0EPSS: 1%CPEs: 7EXPL: 1

Clearswift MIMEsweeper For Web (a.k.a. WEBsweeper) 4.0 through 5.1 allows remote attackers to bypass filtering via a URL that does not include a .exe extension but returns an executable file. • http://www.digitalarmaments.com/2005161283546323.html http://www.securityfocus.com/archive/1/419904/100/0/threaded http://www.securityfocus.com/bid/15982 https://exchange.xforce.ibmcloud.com/vulnerabilities/23867 •

CVSS: 4.3EPSS: 5%CPEs: 4EXPL: 0

Clearswift MIMEsweeper 5.0.5, when it has been upgraded from MAILsweeper for SMTP version 4.3 or MAILsweeper Business Suite I or II, allows remote attackers to bypass scanning by including encrypted data in a mail message, which causes the message to be marked as "Clean" instead of "Encrypted". • http://download.mimesweeper.com/www/TechnicalDocumentation/MSWSMTP505UpdateReadMe.htm http://secunia.com/advisories/13160 http://www.osvdb.org/11602 http://www.securityfocus.com/bid/11669 https://exchange.xforce.ibmcloud.com/vulnerabilities/18035 • CWE-310: Cryptographic Issues •

CVSS: 5.0EPSS: 1%CPEs: 2EXPL: 2

Directory traversal vulnerability in MIMEsweeper for Web before 5.0.4 allows remote attackers or local users to read arbitrary files via "..\\", "..\", and similar dot dot sequences in the URL. • http://marc.info/?l=bugtraq&m=109224211512029&w=2 http://marc.info/?l=bugtraq&m=109225567212978&w=2 http://packetstormsecurity.nl/0408-exploits/clearswift.txt http://secunia.com/advisories/12273 http://www.securityfocus.com/bid/10918 https://exchange.xforce.ibmcloud.com/vulnerabilities/16960 •