CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0CVE-2008-4646
https://notcve.org/view.php?id=CVE-2008-4646
The Websense Reporter Module in Websense Enterprise 6.3.2 stores the SQL database system administrator password in plaintext in CreateDbInstall.log, which allows local users to gain privileges to the database. El Websense Reporter Module en Websense Enterprise v6.3.2 almacena la contraseña de administrador de la base de datos SQL en texto plano en CreateDbInstall.log, lo que permite a usuarios locales obtener privilegios en la base de datos. • http://secunia.com/advisories/32264 http://www.securityfocus.com/bid/31746 http://www.securitytracker.com/id?1021058 http://www.vupen.com/english/advisories/2008/2819 http://www.zebux.org/pub/Advisory/Advisory_Websense_Reporter_Password_Disclosure_200810.txt • CWE-255: Credentials Management Errors •
CVSS: 5.0EPSS: 6%CPEs: 1EXPL: 0CVE-2007-6511
https://notcve.org/view.php?id=CVE-2007-6511
Websense Enterprise 6.3.1 allows remote attackers to bypass content filtering by visiting http URLs with a (1) RealPlayer G2, (2) MSMSGS, or (3) StoneHttpAgent User-Agent header, which results in a Non-HTTP categorization. Websense Enterprise 6.3.1 permite a atacantes remotos evitar el filtrado de contenido a través de la visita de URLs http con una cabecera (1) RealPlayer G2, (2) MSMSGS, o (3) StoneHttpAgent User-Agent, la cual deriva en una categorización No-HTTP. • http://lists.grok.org.uk/pipermail/full-disclosure/2007-December/059092.html http://mrhinkydink.blogspot.com/2007/12/websense-policy-filtering-bypass.html http://secunia.com/advisories/28026 http://www.securityfocus.com/archive/1/485032/100/0/threaded http://www.securityfocus.com/archive/1/485033/100/0/threaded http://www.securitytracker.com/id?1019094 http://www.vupen.com/english/advisories/2007/4210 http://www.websense.com/SupportPortal/SupportKbs/976.aspx https://exchange.xforce.ib •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2007-6312
https://notcve.org/view.php?id=CVE-2007-6312
Cross-site scripting (XSS) vulnerability in the logon page in Web Reporting Tools portal in Websense Enterprise and Web Security Suite 6.3 allows remote attackers to inject arbitrary web script or HTML via the username field. Vulnerabilidad de secuencia de comandos en sitios cruzaods (XSS) en la página de entrada en el portal Web Reporting Tools en Websense Enterprise y Web Security Suite 6.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del campo username. • http://secunia.com/advisories/28019 http://securityreason.com/securityalert/3432 http://www.liquidmatrix.org/blog/2007/12/10/advisory-websense-xss-vulnerability http://www.securityfocus.com/archive/1/484824/100/0/threaded http://www.securityfocus.com/bid/26793 http://www.securitytracker.com/id?1019066 http://www.vupen.com/english/advisories/2007/4158 http://www.websense.com/SupportPortal/SupportKbs/1840.aspx https://exchange.xforce.ibmcloud.com/vulnerabilities/38936 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.7EPSS: 0%CPEs: 1EXPL: 0CVE-2006-2035
https://notcve.org/view.php?id=CVE-2006-2035
Websense, when configured to permit access to the dynamic content category, allows local users to bypass intended blocking of the Uncategorized category by appending a "/?" sequence to a URL. • http://www.osvdb.org/25211 http://www.securityfocus.com/archive/1/431600/100/0/threaded http://www.securityfocus.com/archive/1/431685/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/25980 •