CVE-2015-2768
https://notcve.org/view.php?id=CVE-2015-2768
Cross-site scripting (XSS) vulnerability in Websense TRITON AP-EMAIL before 8.0.0 and V-Series 7.7 appliances allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en Websense TRITON AP-EMAIL anterior a 8.0.0 y los dispositivos de la serie V 7.7 permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través de vectores no especificados. • http://www.securityfocus.com/bid/73429 http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2015-2766
https://notcve.org/view.php?id=CVE-2015-2766
The Personal Email Manager (PEM) in Websense TRITON AP-EMAIL before 8.0.0 allows attackers to have unspecified impact via a brute force attack. Personal Email Manager (PEM) en Websense TRITON AP-EMAIL anterior a 8.0.0 permite a atacantes remotos tener un impacto no especificado a través de un ataques de fuerza bruta. • http://www.securityfocus.com/bid/73426 http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0 • CWE-255: Credentials Management Errors •
CVE-2015-2748
https://notcve.org/view.php?id=CVE-2015-2748
Websense TRITON AP-WEB before 8.0.0 does not properly restrict access to files in explorer_wse/, which allows remote attackers to obtain sensitive information via a direct request to a (1) Web Security incident report or the (2) Explorer configuration (websense.ini) file. Websense TRITON AP-WEB anterior a 8.0.0 no restringe correctamente el acceso a ficheros en explorer_wse/, lo que permite a atacantes remotos obtener información sensible a través de una solicitud directa a (1) un informe de incidentes de Web Security o (2) el fichero de configuración de Explorer (websense.ini). • http://packetstormsecurity.com/files/130901/Websense-Explorer-Missing-Access-Control.html http://seclists.org/fulldisclosure/2015/Mar/107 http://www.securityfocus.com/archive/1/534913/100/0/threaded http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0 https://www.securify.nl/advisory/SFY20140909/missing_access_control_on_websense_explorer_web_folder.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2015-2702
https://notcve.org/view.php?id=CVE-2015-2702
Cross-site scripting (XSS) vulnerability in the Message Log in the Email Security Gateway in Websense TRITON AP-EMAIL before 8.0.0 and V-Series 7.7 appliances allows remote attackers to inject arbitrary web script or HTML via the sender address in an email. Vulnerabilidad de XSS en el registro de mensajes en el componente Email Security Gateway en Websense TRITON AP-EMAIL anterior a 8.0.0 y las aplicaciones de la serie V 7.7 permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través de la dirección de envío en un email. • http://packetstormsecurity.com/files/130898/Websense-Email-Security-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2015/Mar/103 http://www.securityfocus.com/archive/1/534909/100/0/threaded http://www.securityfocus.com/bid/73345 http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0 https://www.securify.nl/advisory/SFY20140905/websense_email_security_vulnerable_to_persistent_cross_site_scripting_in_audit_log_details_view.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •