CVSS: 9.0EPSS: 0%CPEs: 11EXPL: 0CVE-2013-3384
https://notcve.org/view.php?id=CVE-2013-3384
The web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-550; Email Security Appliance devices before 7.1.5-104, 7.3 before 7.3.2-026, 7.5 before 7.5.2-203, and 7.6 before 7.6.3-019; and Content Security Management Appliance devices before 7.2.2-110, 7.7 before 7.7.0-213, and 7.8 and 7.9 before 7.9.1-102 allows remote authenticated users to execute arbitrary commands via crafted command-line input in a URL, aka Bug IDs CSCzv85726, CSCzv44633, and CSCzv24579. El framework web de IronPort AsyncOS en dispositivos Cisco Web Security Appliance antes v7.1.3-013, v7.5 antes de v7.5.0-838, y v7.7 antes de v7.7.0-550, dispositivos Email Security Appliance antes de v7.1.5-104, v7.3 antes de v7.3.2-026, v7.5 antes v7.5.2-203 y v7.6 antes v7.6.3-019, y dispositivos Content Security Management Appliance antes de v7.2.2-110, v7.7 antes de v7.7.0-213 y v7.8 y v7.9 antes de 7.9.1-102 permite a los usuarios remotos autenticados ejecutar código arbitrario a través de entrada de línea de comandos diseñado en una URL, también conocido como Bug ID CSCzv85726, CSCzv44633 y CSCzv24579. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-esa http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-sma http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-wsa • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.3EPSS: 0%CPEs: 16EXPL: 0CVE-2009-1162
https://notcve.org/view.php?id=CVE-2009-1162
Cross-site scripting (XSS) vulnerability in the Spam Quarantine login page in Cisco IronPort AsyncOS before 6.5.2 on Series C, M, and X appliances allows remote attackers to inject arbitrary web script or HTML via the referrer parameter. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en la página de login Spam Quarantine en Cisco IronPort AsyncOS anterior a v6.5.2 en las Series C, M y X, permite a atacantes remotos inyectar secuencias de comandos web y HTML de su elección a través del parámetro "referer". • http://osvdb.org/54884 http://secunia.com/advisories/34895 http://tools.cisco.com/security/center/viewAlert.x?alertId=18365 http://www.securityfocus.com/bid/35203 http://www.securitytracker.com/id?1022335 https://exchange.xforce.ibmcloud.com/vulnerabilities/50948 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •