CVE-2015-2852
https://notcve.org/view.php?id=CVE-2015-2852
Cross-site request forgery (CSRF) vulnerability in the WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 allows remote attackers to hijack the authentication of administrators. Vulnerabilidad de CSRF en el componente WebUI en Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, y SV3800 3.6.x hasta 3.8.x anterior a 3.8.4 permite a atacantes remotos secuestrar la autenticación de administradores. • http://www.kb.cert.org/vuls/id/498348 http://www.securityfocus.com/bid/74921 https://bto.bluecoat.com/security-advisory/sa96 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2015-0937
https://notcve.org/view.php?id=CVE-2015-0937
Cross-site scripting (XSS) vulnerability in search.php on the Blue Coat Malware Analysis appliance with software before 4.2.4.20150312-RELEASE allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en search.php en el dispositivo Blue Coat Malware Analysis con software anterior a 4.2.4.20150312-RELEASE permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través de vectores no especificados. • http://www.kb.cert.org/vuls/id/274244 https://bto.bluecoat.com/security-advisory/sa94 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2015-0938
https://notcve.org/view.php?id=CVE-2015-0938
search.php on the Blue Coat Malware Analysis appliance with software before 4.2.4.20150312-RELEASE allows remote attackers to bypass intended access restrictions, and list or read arbitrary documents, by providing matching keywords in conjunction with a crafted parameter. search.php en el dispositivo Blue Coat Malware Analysis con software anterior a 4.2.4.20150312-RELEASE permite a atacantes remotos evadir las restricciones de acceso, y listar o leer documentos arbitrarios, mediante la provisión de palabras clave coincidentes en conjunto con un parámetro manipulado. • http://www.kb.cert.org/vuls/id/274244 https://bto.bluecoat.com/security-advisory/sa94 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2008-4515
https://notcve.org/view.php?id=CVE-2008-4515
Blue Coat K9 Web Protection 4.0.230 Beta relies on client-side JavaScript as a protection mechanism, which allows remote attackers to bypass authentication and access the (1) summary, (2) detail, (3) overrides, and (4) pwemail pages by disabling JavaScript. Blue Coat K9 Web Protection 4.0.230 Beta basado en el JavaScript del cliente como mecanismo de proteccion, permite a atacantes remotos evitar la autenticación y el acceso a (1) summary, (2) detail, (3) overrides, and (4) pwemail desactivando el JavaScript. • http://dicas3000.blogspot.com/2008/10/blue-coat-k9-web-protection-v40230-beta.html http://seclists.org/fulldisclosure/2008/Oct/0070.html http://www.securityfocus.com/bid/31584 https://exchange.xforce.ibmcloud.com/vulnerabilities/45696 • CWE-287: Improper Authentication •
CVE-2007-2952
https://notcve.org/view.php?id=CVE-2007-2952
Multiple stack-based buffer overflows in the filter service (aka k9filter.exe) in Blue Coat K9 Web Protection 3.2.44 with Filter 3.2.32 allow (1) remote attackers to execute arbitrary code via a long HTTP Referer header to the K9 Web Protection Administration interface and (2) man-in-the-middle attackers to execute arbitrary code via an HTTP response with a long HTTP version field. Múltiples desbordamientos de búfer basados en pila del servicio de filtros (aka k9filter.exe) en Blue Coat K9 Web Protection 3.2.44 con Filter 3.2.32 permite (1) a atacantes remotos ejecutar código arbitrariamente mediante una cabecera larga HTTP Referer al interfaz web K9 Web Protection Administration y (2) a los atacantes "man-in-the-middle" ejecutar código de su elección a través de una respuesta con una versión de campo HTTP larga. • http://secunia.com/advisories/25813 http://secunia.com/secunia_research/2007-61/advisory http://secunia.com/secunia_research/2007-64/advisory http://www.securityfocus.com/archive/1/494975/100/0/threaded http://www.securityfocus.com/archive/1/494984/100/0/threaded http://www.securityfocus.com/bid/30463 http://www.securityfocus.com/bid/30464 http://www.securitytracker.com/id?1020587 http://www.securitytracker.com/id?1020588 http://www.vupen.com/english/advisories/2008/2263/r • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •