CVE-2011-5102
https://notcve.org/view.php?id=CVE-2011-5102
The Investigative Reports web interface in the TRITON management console in Websense Web Security 7.1 before Hotfix 109, 7.1.1 before Hotfix 06, 7.5 before Hotfix 78, 7.5.1 before Hotfix 12, 7.6 before Hotfix 24, and 7.6.2 before Hotfix 12; Web Filter; Web Security Gateway; and Web Security Gateway Anywhere allows remote attackers to execute commands via unspecified vectors. La interfaz web de informes de investigación en la consola de gestión TRITON en Websense Web Security v7.1 before Hotfix 109, v7.1.1 before Hotfix 06, v7.5 anterior al parche v78, 7.5.1 anterior al parche v12, 7.6 anterior al parche v24, y v7.6.2 anterior al parche v12; Web Filter; Web Security Gateway; y Web Security Gateway Anywhere permite a atacantes remotos ejecutar comandos a través de vectores no especificados. • http://www.websense.com/support/article/kbarticle/v7-1-1-About-Hotfix-06-for-Web-Security-Web-Filter-and-Web-Security-Gateway http://www.websense.com/support/article/kbarticle/v7-1-About-Hotfix-109-for-Websense-Web-Security-Web-Filter-and-Web-Security-Gateway http://www.websense.com/support/article/kbarticle/v7-5-1-About-Hotfix-12-for-Websense-Web-Security-Web-Filter-Web-Security-Gateway-and-Web-Security-Gateway-Anywhere http://www.websense.com/support/article/kbarticle/v7-5-About-Hotfix-78-for-Websense • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2012-4604
https://notcve.org/view.php?id=CVE-2012-4604
The TRITON management console in Websense Web Security before 7.6 Hotfix 24 allows remote attackers to bypass authentication and read arbitrary reports via a crafted uid field, in conjunction with a crafted userRoles field, in a cookie, as demonstrated by a request to explorer_wse/favorites.exe. La consola de gestión de TRITON en Websense Web Security anterior a v7.6 Hotfix 24 permite a atacantes remotos saltarse la autenticación y leer informes arbitrarios a través de un campo uid manipulado, en conjunción con un campo userRoles manipulado, en una (cookie), como se demuestra por medio de una solicitud a explorer_wse/favorites.exe. • http://www.securityfocus.com/archive/1/522530 • CWE-287: Improper Authentication •