CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2010-5148
https://notcve.org/view.php?id=CVE-2010-5148
Websense Web Security and Web Filter before 7.1 Hotfix 21 do not set the secure flag for the Encrypted Session (SSL) cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. Websense Web Security y Web Filter anteriores a v7.1 Hotfix 21 no fija el "flag" secure para la cookie de sesión Encrypted Session (SSL) en una sesión https, lo que facilita a atacantes remotos la captura de esta cookie interceptándola cuando se transmite dentro de una sesión http. • http://www.websense.com/content/support/library/web/v711/ws711_known_issues/first.aspx http://www.websense.com/content/support/library/web/v711/ws711_known_issues/ws711_known_issues.pdf https://exchange.xforce.ibmcloud.com/vulnerabilities/78342 •
CVSS: 2.1EPSS: 0%CPEs: 12EXPL: 0CVE-2010-5146
https://notcve.org/view.php?id=CVE-2010-5146
The Remote Filtering component in Websense Web Security and Web Filter before 7.1 Hotfix 66 allows local users to bypass filtering by (1) renaming the WDC.exe file or (2) deleting driver files. El componente Remote Filtering en Websense Web Security y Web Filter v7.1 anterior a Hotfix 66 permite a usuarios locales eludir el filtrado por (1) el renombrado de WDC.exe o (2) borrar los ficheros del controlador. • http://www.websense.com/content/support/library/web/v711/ws711_known_issues/first.aspx http://www.websense.com/content/support/library/web/v711/ws711_known_issues/ws711_known_issues.pdf https://exchange.xforce.ibmcloud.com/vulnerabilities/78344 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 1%CPEs: 9EXPL: 0CVE-2011-5102
https://notcve.org/view.php?id=CVE-2011-5102
The Investigative Reports web interface in the TRITON management console in Websense Web Security 7.1 before Hotfix 109, 7.1.1 before Hotfix 06, 7.5 before Hotfix 78, 7.5.1 before Hotfix 12, 7.6 before Hotfix 24, and 7.6.2 before Hotfix 12; Web Filter; Web Security Gateway; and Web Security Gateway Anywhere allows remote attackers to execute commands via unspecified vectors. La interfaz web de informes de investigación en la consola de gestión TRITON en Websense Web Security v7.1 before Hotfix 109, v7.1.1 before Hotfix 06, v7.5 anterior al parche v78, 7.5.1 anterior al parche v12, 7.6 anterior al parche v24, y v7.6.2 anterior al parche v12; Web Filter; Web Security Gateway; y Web Security Gateway Anywhere permite a atacantes remotos ejecutar comandos a través de vectores no especificados. • http://www.websense.com/support/article/kbarticle/v7-1-1-About-Hotfix-06-for-Web-Security-Web-Filter-and-Web-Security-Gateway http://www.websense.com/support/article/kbarticle/v7-1-About-Hotfix-109-for-Websense-Web-Security-Web-Filter-and-Web-Security-Gateway http://www.websense.com/support/article/kbarticle/v7-5-1-About-Hotfix-12-for-Websense-Web-Security-Web-Filter-Web-Security-Gateway-and-Web-Security-Gateway-Anywhere http://www.websense.com/support/article/kbarticle/v7-5-About-Hotfix-78-for-Websense • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 1CVE-2012-4604
https://notcve.org/view.php?id=CVE-2012-4604
The TRITON management console in Websense Web Security before 7.6 Hotfix 24 allows remote attackers to bypass authentication and read arbitrary reports via a crafted uid field, in conjunction with a crafted userRoles field, in a cookie, as demonstrated by a request to explorer_wse/favorites.exe. La consola de gestión de TRITON en Websense Web Security anterior a v7.6 Hotfix 24 permite a atacantes remotos saltarse la autenticación y leer informes arbitrarios a través de un campo uid manipulado, en conjunción con un campo userRoles manipulado, en una (cookie), como se demuestra por medio de una solicitud a explorer_wse/favorites.exe. • http://www.securityfocus.com/archive/1/522530 • CWE-287: Improper Authentication •
CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2010-5145
https://notcve.org/view.php?id=CVE-2010-5145
The Filtering Service in Websense Web Security and Web Filter before 6.3.1 Hotfix 136 and 7.x before 7.1.1 on Windows allows remote attackers to cause a denial of service (filtering outage) via a crafted sequence of characters in a URI. El Servicio de Filtrado de Websense Web Security y Web Filter v6.3.1 anterior a Hotfix 136 y v7.x en Windows anterior a v7.1.1 permite a atacantes remotos provocar una denegación de servicio (corte del filtrado) a través de una secuencia manipulada de los caracteres de una URI. • http://www.websense.com/content/support/library/web/v711/ws711_known_issues/first.aspx http://www.websense.com/content/support/library/web/v711/ws711_known_issues/ws711_known_issues.pdf https://exchange.xforce.ibmcloud.com/vulnerabilities/78345 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •