CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2011-1901
https://notcve.org/view.php?id=CVE-2011-1901
The mail-filter web interface in Proofpoint Messaging Security Gateway 6.2.0.263:6.2.0.237 and earlier in Proofpoint Protection Server 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and 6.2.0 allows remote attackers to bypass authentication via unspecified vectors. La interfaz web del correo web de Proofpoint Messaging Security Gateway v6.2.0.263:6.2.0.237 y anteriores en Proofpoint Protection Server v5.5.3, v5.5.4, v5.5.5, v6.0.2, v6.1.1 y v6.2.0 permite a atacantes remotos eludir la autenticación a través de vectores no especificados. • http://www.clearskies.net/documents/css-advisory-css1105-proofpoint.php http://www.kb.cert.org/vuls/id/790980 https://support.proofpoint.com/article.cgi?article_id=338413 • CWE-287: Improper Authentication •
CVSS: 6.8EPSS: 0%CPEs: 7EXPL: 0CVE-2011-1905
https://notcve.org/view.php?id=CVE-2011-1905
Multiple cross-site request forgery (CSRF) vulnerabilities in unspecified administrative modules in Proofpoint Messaging Security Gateway 6.2.0.263:6.2.0.237 and earlier in Proofpoint Protection Server 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and 6.2.0 allow remote attackers to hijack the authentication of administrators via unknown vectors. Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en módulos administrativos no especificados en Proofpoint Messaging Security Gateway v6.2.0.263:6.2.0.237 y anteriores en Proofpoint Protection Server v5.5.3, v5.5.4, v5.5.5, v6.0.2, v6.1.1, y v6.2.0, permite a atacantes remotos secuestrar la autenticación de los administradores a través de vectores desconocidos. • http://www.clearskies.net/documents/css-advisory-css1105-proofpoint.php http://www.kb.cert.org/vuls/id/790980 https://support.proofpoint.com/article.cgi?article_id=338413 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.0EPSS: 0%CPEs: 7EXPL: 0CVE-2011-1902
https://notcve.org/view.php?id=CVE-2011-1902
Directory traversal vulnerability in the web interface in Proofpoint Messaging Security Gateway 6.2.0.263:6.2.0.237 and earlier in Proofpoint Protection Server 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and 6.2.0 allows remote attackers to read arbitrary files via unspecified vectors. Vulnerabilidad de salto de directorio en la interfaz web de Proofpoint Messaging Security Gateway v6.2.0.263:6.2.0.237 y anteriores en Proofpoint Protection Server v5.5.3, v5.5.4, v5.5.5, v6.0.2, v6.1.1 y v6.2.0 permite a atacantes remotos leer archivos arbitrarios a través de vectores no especificados. • http://www.clearskies.net/documents/css-advisory-css1105-proofpoint.php http://www.kb.cert.org/vuls/id/790980 https://support.proofpoint.com/article.cgi?article_id=338413 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2011-1903
https://notcve.org/view.php?id=CVE-2011-1903
SQL injection vulnerability in an unspecified function in Proofpoint Messaging Security Gateway 6.2.0.263:6.2.0.237 and earlier in Proofpoint Protection Server 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and 6.2.0 allows remote attackers to execute arbitrary SQL commands via unknown vectors. Vulnerabilidad de inyección SQL en una función no especificada en Proofpoint Messaging Security Gateway v6.2.0.263:6.2.0.237 y anteriores en Proofpoint Protection Server v5.5.3, v5.5.4, v5.5.5, v6.0.2, v6.1.1 y v6.2.0 permite a atacantes remotos ejecutar comandos SQL a través de vectores desconocidos. • http://www.clearskies.net/documents/css-advisory-css1105-proofpoint.php http://www.kb.cert.org/vuls/id/790980 https://support.proofpoint.com/article.cgi?article_id=338413 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2011-1904
https://notcve.org/view.php?id=CVE-2011-1904
An unspecified function in the web interface in Proofpoint Messaging Security Gateway 6.2.0.263:6.2.0.237 and earlier in Proofpoint Protection Server 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and 6.2.0 allows remote attackers to execute arbitrary commands via unknown vectors, related to a "command injection" issue. Una función no especificada en la interfaz web de Proofpoint Messaging Security Gateway v6.2.0.263:6.2.0.237 y anterior en Proofpoint Protection Server v5.5.3, v5.5.4, v5.5.5, v6.0.2, v6.1.1 y v6.2.0 permite a atacantes remotos ejecutar código arbitrario a través de vectores desconocidos, relacionados con un problema de "inyección de comandos". • http://www.clearskies.net/documents/css-advisory-css1105-proofpoint.php http://www.kb.cert.org/vuls/id/790980 https://support.proofpoint.com/article.cgi?article_id=338413 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •