2 results (0.005 seconds)

CVSS: 5.0EPSS: 6%CPEs: 1EXPL: 0

Websense Enterprise 6.3.1 allows remote attackers to bypass content filtering by visiting http URLs with a (1) RealPlayer G2, (2) MSMSGS, or (3) StoneHttpAgent User-Agent header, which results in a Non-HTTP categorization. Websense Enterprise 6.3.1 permite a atacantes remotos evitar el filtrado de contenido a través de la visita de URLs http con una cabecera (1) RealPlayer G2, (2) MSMSGS, o (3) StoneHttpAgent User-Agent, la cual deriva en una categorización No-HTTP. • http://lists.grok.org.uk/pipermail/full-disclosure/2007-December/059092.html http://mrhinkydink.blogspot.com/2007/12/websense-policy-filtering-bypass.html http://secunia.com/advisories/28026 http://www.securityfocus.com/archive/1/485032/100/0/threaded http://www.securityfocus.com/archive/1/485033/100/0/threaded http://www.securitytracker.com/id?1019094 http://www.vupen.com/english/advisories/2007/4210 http://www.websense.com/SupportPortal/SupportKbs/976.aspx https://exchange.xforce.ib •

CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0

Cross-site scripting (XSS) vulnerability in the logon page in Web Reporting Tools portal in Websense Enterprise and Web Security Suite 6.3 allows remote attackers to inject arbitrary web script or HTML via the username field. Vulnerabilidad de secuencia de comandos en sitios cruzaods (XSS) en la página de entrada en el portal Web Reporting Tools en Websense Enterprise y Web Security Suite 6.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del campo username. • http://secunia.com/advisories/28019 http://securityreason.com/securityalert/3432 http://www.liquidmatrix.org/blog/2007/12/10/advisory-websense-xss-vulnerability http://www.securityfocus.com/archive/1/484824/100/0/threaded http://www.securityfocus.com/bid/26793 http://www.securitytracker.com/id?1019066 http://www.vupen.com/english/advisories/2007/4158 http://www.websense.com/SupportPortal/SupportKbs/1840.aspx https://exchange.xforce.ibmcloud.com/vulnerabilities/38936 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •