CVSS: 5.3EPSS: 0%CPEs: 52EXPL: 0CVE-2010-5190
https://notcve.org/view.php?id=CVE-2010-5190
26 Aug 2012 — The Active Content Transformation functionality in Blue Coat ProxySG before SGOS 4.3.4.2, 5.x before SGOS 5.4.5.1, 5.5 before SGOS 5.5.4.1, and 6.x before SGOS 6.1.2.1 allows remote attackers to bypass JavaScript detection via HTML entities. La funcionalidad Active Content Transformation en Blue Coat ProxySG anterior a SGOS v4.3.4.2, v5.x anterior a SGOS v5.4.5.1, v5.5 anterior a SGOS v5.5.4.1, y v6.x anterior a SGOS v6.1.2.1 permite a atacantes remotos saltarse la detección JavaScript a través de entidades... • https://kb.bluecoat.com/index?page=content&id=SA48 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0CVE-2010-5191
https://notcve.org/view.php?id=CVE-2010-5191
26 Aug 2012 — Multiple cross-site request forgery (CSRF) vulnerabilities on the Blue Coat ProxyAV appliance before 3.2.6.1 allow remote attackers to hijack the authentication of administrators for requests that (1) change a password, (2) modify a policy, or (3) restart the device. Múltiples vulnerabilidades de solicitudes falsificadas en sitios cruzados (CSRF) en Blue Coat ProxyAV appliance anterior a v3.2.6.1 permite a atacantes remotos secuestrar la autenticación de los administradores para solicitudes de (1) cambio de... • https://kb.bluecoat.com/index?page=content&id=SA46 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 52EXPL: 0CVE-2010-5192
https://notcve.org/view.php?id=CVE-2010-5192
26 Aug 2012 — Cross-site scripting (XSS) vulnerability in the Java Management Console in Blue Coat ProxySG before SGOS 4.3.4.1, 5.x before SGOS 5.4.5.1, 5.5 before SGOS 5.5.4.1, and 6.x before SGOS 6.1.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en Java Management Console en Blue Coat ProxySG anterior a SGOS v4.3.4.1, v5.x anterior a SGOS v5.4.5.1, v5.5 anterior a SGOS v5.5.4.1, y v6.x anterior a SGOS v6.1.1.1... • http://secunia.com/advisories/41695 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 70%CPEs: 13EXPL: 1CVE-2011-5124 – Blue Coat Authentication and Authorization Agent (BCAAA) 5 - Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2011-5124
26 Aug 2012 — Stack-based buffer overflow in the BCAAA component before build 60258, as used by Blue Coat ProxySG 4.2.3 through 6.1 and ProxyOne, allows remote attackers to execute arbitrary code via a large packet to the synchronization port (16102/tcp). Desbordamiento de búfer basado en pila en el componente BCAAA anterior a build 60258, cuando es usado por Blue Coat ProxySG v4.2.3 hasta v6.1 y ProxyOne, permite a atacantes remotos ejecutar código arbitrario a través de un paquete de gran tamaño en la sincronización co... • https://www.exploit-db.com/exploits/17513 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2011-5125
https://notcve.org/view.php?id=CVE-2011-5125
26 Aug 2012 — Cross-site scripting (XSS) vulnerability in Blue Coat Director before 5.5.2.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving the HTTP TRACE method. Vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en Blue Coat Director anterior a v5.5.2.3 permite a atacantes remotos inyectar código web o HTML arbitrario a través de vectores que están relacionados con el método HTTP TRACE. • https://kb.bluecoat.com/index?page=content&id=SA62 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2011-5126
https://notcve.org/view.php?id=CVE-2011-5126
26 Aug 2012 — Blue Coat ProxySG 6.1 before SGOS 6.1.5.1 and 6.2 before SGOS 6.2.2.1 writes the secure heap to core images, which allows context-dependent attackers to obtain sensitive authentication information by leveraging read access to a downloaded core file. Blue Coat ProxySG v6.1 anterior a SGOS v6.1.5.1 y a v6.2.2.1 6.2 escribe el montón segura de las imágenes centrales, lo que permite a atacantes dependientes de contexto para obtener información confidencial de autenticación mediante el aprovechamiento de acceso ... • https://kb.bluecoat.com/index?page=content&id=SA56 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 33%CPEs: 5EXPL: 1CVE-2011-5127 – Blue Coat Reporter - Directory Traversal
https://notcve.org/view.php?id=CVE-2011-5127
26 Aug 2012 — Directory traversal vulnerability in Blue Coat Reporter 9.x before 9.2.4.13, 9.2.5.x before 9.2.5.1, and 9.3 before 9.3.1.2 on Windows allows remote attackers to read arbitrary files, and consequently execute arbitrary code, via an unspecified HTTP request. Vulnerabilidad de ejecución directorio transversal en Blue Coat Reporter v9.x anterior v9.2.4.13, v9.2.5.x anterior a v9.2.5.1, y v9.3 anterior a v9.3.1.2 en Windows permite a atacantes remotos leer ficheros arbitrarios, y consecuentemente ejecutar códig... • https://www.exploit-db.com/exploits/17883 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.1EPSS: 0%CPEs: 31EXPL: 0CVE-2009-1211
https://notcve.org/view.php?id=CVE-2009-1211
01 Apr 2009 — Blue Coat ProxySG, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header. Blue Coat ProxySG, cuando el modo de interceptación transparente está activado, usa la cabecera HTTP Host para dete... • http://www.securitytracker.com/id?1021781 • CWE-16: Configuration •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1CVE-2008-5121 – Deterministic Network Enhancer - 'dne2000.sys' Kernel Ring0 SYSTEM
https://notcve.org/view.php?id=CVE-2008-5121
18 Nov 2008 — dne2000.sys in Citrix Deterministic Network Enhancer (DNE) 2.21.7.233 through 3.21.7.17464, as used in (1) Cisco VPN Client, (2) Blue Coat WinProxy, and (3) SafeNet SoftRemote and HighAssurance Remote, allows local users to gain privileges via a crafted DNE_IOCTL DeviceIoControl request to the \\.\DNE device interface. dne2000.sys en Citrix Deterministic Network Enhancer (DNE) desde la version 2.21.7.233 a la 3.21.7.17464, tal y como se usa en (1) Cisco VPN Client, (2) Blue Coat WinProxy, y (3) SafeNet Soft... • https://www.exploit-db.com/exploits/5837 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2008-4485
https://notcve.org/view.php?id=CVE-2008-4485
08 Oct 2008 — Cross-site scripting (XSS) vulnerability in the ICAP patience page in Blue Coat Security Gateway OS (SGOS) 4.2 before 4.2.9, 5.2 before 5.2.5, and 5.3 before 5.3.1.7 allows remote attackers to inject arbitrary web script or HTML via the URL. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados en "ICAP patience page" (XSS) en Blue Coat Security Gateway OS (SGOS) 4.2 y versiones anteriores a 4.2.9, 5.2 y versiones anteriores a 5.2.5, y 5.3 y versiones anteriores a 5.3.1.7, que permite a l... • http://marc.info/?l=bugtraq&m=122210321731789&w=2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •