CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2014-2385 – Sophos Antivirus 9.5.1 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2014-2385
26 Jun 2014 — Multiple cross-site scripting (XSS) vulnerabilities in the web UI in Sophos Anti-Virus for Linux before 9.6.1 allow local users to inject arbitrary web script or HTML via the (1) newListList:ExcludeFileOnExpression, (2) newListList:ExcludeFilesystems, or (3) newListList:ExcludeMountPaths parameter to exclusion/configure or (4) text:EmailServer or (5) newListList:Email parameter to notification/configure. Múltiples vulnerabilidades de XSS en la interfaz de usuario web en Sophos Anti-Virus para Linux anterior... • http://packetstormsecurity.com/files/127228/Sophos-Antivirus-9.5.1-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 43EXPL: 0CVE-2010-2308
https://notcve.org/view.php?id=CVE-2010-2308
16 Jun 2010 — Unspecified vulnerability in the filter driver (savonaccessfilter.sys) in Sophos Anti-Virus before 7.6.20 allows local users to gain privileges via crafted arguments to the NtQueryAttributesFile function. Vulnerabilidad no especificada en el controlador de filtrado (savonaccessfilter.sys) en Sophos Anti-Virus anterior a v7.6.20, permite a usuarios locales elevar sus privilegios a través de argumentos manipulados en la función NtQueryAttributesFile. • http://dvlabs.tippingpoint.com/advisory/TPTI-10-03 •
CVSS: 7.5EPSS: 0%CPEs: 168EXPL: 0CVE-2010-1425
https://notcve.org/view.php?id=CVE-2010-1425
15 Apr 2010 — F-Secure Internet Security 2010 and earlier; Anti-Virus for Microsoft Exchange 9 and earlier, and for MIMEsweeper 5.61 and earlier; Internet Gatekeeper for Windows 6.61 and earlier, and for Linux 4.02 and earlier; Anti-Virus 2010 and earlier; Home Server Security 2009; Protection Service for Consumers 9 and earlier, for Business - Workstation security 9 and earlier, for Business - Server Security 8 and earlier, and for E-mail and Server security 9 and earlier; Mac Protection build 8060 and earlier; Client S... • http://secunia.com/advisories/39396 •
CVSS: 6.8EPSS: 0%CPEs: 19EXPL: 0CVE-2009-1782
https://notcve.org/view.php?id=CVE-2009-1782
22 May 2009 — Multiple F-Secure anti-virus products, including Anti-Virus for Microsoft Exchange 7.10 and earlier; Internet Gatekeeper for Windows 6.61 and earlier, Windows 6.61 and earlier, and Linux 2.16 and earlier; Internet Security 2009 and earlier, Anti-Virus 2009 and earlier, Client Security 8.0 and earlier, and others; allow remote attackers to bypass malware detection via a crafted (1) ZIP and (2) RAR archive. Múltiples productos antivirus F-Secure, incluidos: Anti-Virus for Microsoft Exchange v7.10 y anteriores... • http://secunia.com/advisories/35008 •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2007-4512
https://notcve.org/view.php?id=CVE-2007-4512
10 Sep 2007 — Cross-site scripting (XSS) vulnerability in Sophos Anti-Virus for Windows 6.x before 6.5.8 and 7.x before 7.0.1 allows remote attackers to inject arbitrary web script or HTML via an archive with a file that matches a virus signature and has a crafted filename that is not properly handled by the print function in SavMain.exe. Una vulnerabilidad de tipo cross-site scripting (XSS) en Sophos Anti-Virus para Windows versiones 6.x anteriores a 6.5.8 y versiones 7.x anteriores a 7.0.1, permite a atacantes remotos ... • http://osvdb.org/37527 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •