CVSS: 10.0EPSS: 92%CPEs: 77EXPL: 5CVE-2013-4983 – Sophos Web Protection Appliance - 'sblistpack' Arbitrary Command Execution
https://notcve.org/view.php?id=CVE-2013-4983
07 Sep 2013 — The get_referers function in /opt/ws/bin/sblistpack in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to end-user/index.php. La función get_referers en /opt/ws/bin/sblistpack de Sophos Web Appliance anterior a 3.7.9.1 y 3.8 (anterior a 3.8.1.1) permite a un atacante remoto ejecutar comandos a discrección a través de metacaracteres shell en el parametro dominio de end-user/index.php Core Securit... • https://packetstorm.news/files/id/123259 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 6%CPEs: 76EXPL: 5CVE-2013-4984 – Sophos Web Protection Appliance - clear_keys.pl Privilege Escalation
https://notcve.org/view.php?id=CVE-2013-4984
07 Sep 2013 — The close_connections function in /opt/cma/bin/clear_keys.pl in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows local users to gain privileges via shell metacharacters in the second argument. La función close_connections en /opt/cma/bin/clear_keys.pl en Sophos Web Appliance anterior a v3.7.9.1 y v3.8 anterior a v3.8.1.1 permite a usuarios locales conseguir privilegios a través de metacaracteres de consola en el segundo argumento. Core Security Technologies Advisory - Sophos Web Protection ... • https://packetstorm.news/files/id/123262 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-264: Permissions, Privileges, and Access Controls •