CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2015-2771
https://notcve.org/view.php?id=CVE-2015-2771
The Mail Server in Websense TRITON AP-EMAIL and V-Series appliances before 8.0.0 uses plaintext credentials, which allows remote attackers to obtain sensitive information via unspecified vectors. Mail Server en Websense TRITON AP-EMAIL y dispositivos de la serie V anterior a 8.0.0 utiliza credenciales de texto plano, lo que permite a atacantes remotos obtener información sensible a través de vectores no especificados. • http://www.securityfocus.com/bid/73428 http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-2769
https://notcve.org/view.php?id=CVE-2015-2769
Multiple cross-site request forgery (CSRF) vulnerabilities in the Personal Email Manager (PEM) in Websense TRITON AP-EMAIL before 8.0.0 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors. Múltiples vulnerabilidades de CSRF en Personal Email Manager (PEM) en Websense TRITON AP-EMAIL anterior a 8.0.0 permiten a atacantes remotos secuestrar la autenticación de victimas no especificadas a través de vectores desconocidos. • http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2014-9712
https://notcve.org/view.php?id=CVE-2014-9712
Websense TRITON V-Series appliances before 7.8.3 Hotfix 03 and 7.8.4 before Hotfix 01 allow remote administrators to read arbitrary files and obtain passwords via a crafted path. Accesorios Websense TRITON V-Series en versiones anteriores a 7.8.3 Hotfix 03 y 7.8.4 en versiones anteriores a Hotfix 01 permiten a administradores remotos leer archivos arbitrarios y obtener contraseñas a través de una ruta manipulada. • http://www.securityfocus.com/bid/73417 http://www.websense.com/support/article/kbarticle/v7-8-3-About-Hotfix-03-for-V-Series-Appliance http://www.websense.com/support/article/kbarticle/v7-8-4-About-Hotfix-01-for-V-Series-Appliance • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-2772
https://notcve.org/view.php?id=CVE-2015-2772
SVM in Websense TRITON V-Series appliances before 8.0.0 allows attackers to upload arbitrary files via unspecified vectors. SVM en los dispositivos de la serie V de Websense TRITON anterior a 8.0.0 permite a atacantes subir ficheros arbitrarios a través de vectores no especifcados. • http://www.securityfocus.com/bid/73439 http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0 •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-2764
https://notcve.org/view.php?id=CVE-2015-2764
Multiple cross-site scripting (XSS) vulnerabilities in Websense TRITON AP-DATA before 8.0.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the DSS (1) Mobile or (2) DLP report catalog. Múltiples vulnerabilidades de XSS en Websense TRITON AP-DATA anterior a 8.0.0 permiten a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través de vectores no especificados en el catálogo de informes de DSS (1) Mobile o (2) DLP. • http://www.securityfocus.com/bid/73424 http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •