CVE-2010-5190
https://notcve.org/view.php?id=CVE-2010-5190
The Active Content Transformation functionality in Blue Coat ProxySG before SGOS 4.3.4.2, 5.x before SGOS 5.4.5.1, 5.5 before SGOS 5.5.4.1, and 6.x before SGOS 6.1.2.1 allows remote attackers to bypass JavaScript detection via HTML entities. La funcionalidad Active Content Transformation en Blue Coat ProxySG anterior a SGOS v4.3.4.2, v5.x anterior a SGOS v5.4.5.1, v5.5 anterior a SGOS v5.5.4.1, y v6.x anterior a SGOS v6.1.2.1 permite a atacantes remotos saltarse la detección JavaScript a través de entidades HTML. • https://kb.bluecoat.com/index?page=content&id=SA48 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2011-5124 – Blue Coat Authentication and Authorization Agent (BCAAA) 5 - Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2011-5124
Stack-based buffer overflow in the BCAAA component before build 60258, as used by Blue Coat ProxySG 4.2.3 through 6.1 and ProxyOne, allows remote attackers to execute arbitrary code via a large packet to the synchronization port (16102/tcp). Desbordamiento de búfer basado en pila en el componente BCAAA anterior a build 60258, cuando es usado por Blue Coat ProxySG v4.2.3 hasta v6.1 y ProxyOne, permite a atacantes remotos ejecutar código arbitrario a través de un paquete de gran tamaño en la sincronización con el puerto (16102/tcp). • https://www.exploit-db.com/exploits/17513 https://kb.bluecoat.com/index?page=content&id=SA55 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2009-1211
https://notcve.org/view.php?id=CVE-2009-1211
Blue Coat ProxySG, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header. Blue Coat ProxySG, cuando el modo de interceptación transparente está activado, usa la cabecera HTTP Host para determinar el "endpoint" (punto de finalización) remoto, lo que permite a atacantes remotos evitar los controles de acceso por Flash, Java, Silverlight y probablemente otras tecnologías, y posiblemente comunicarse con sitios de la intranet restringidos, a través de una página web manipulada que provoca que el cliente envíe peticiones HTTP con una cabecera Host modificada. • http://www.securitytracker.com/id?1021781 https://hypersonic.bluecoat.com/support/securityadvisories/ProxySG_in_transparent_deployments • CWE-16: Configuration •
CVE-2008-5121 – Deterministic Network Enhancer - 'dne2000.sys' Kernel Ring0 SYSTEM
https://notcve.org/view.php?id=CVE-2008-5121
dne2000.sys in Citrix Deterministic Network Enhancer (DNE) 2.21.7.233 through 3.21.7.17464, as used in (1) Cisco VPN Client, (2) Blue Coat WinProxy, and (3) SafeNet SoftRemote and HighAssurance Remote, allows local users to gain privileges via a crafted DNE_IOCTL DeviceIoControl request to the \\.\DNE device interface. dne2000.sys en Citrix Deterministic Network Enhancer (DNE) desde la version 2.21.7.233 a la 3.21.7.17464, tal y como se usa en (1) Cisco VPN Client, (2) Blue Coat WinProxy, y (3) SafeNet SoftRemote y HighAssurance Remote, permite a usuarios locales obtener privilegios a través de una petición DNE_IOCTL DeviceIoControl modificada a la interfaz de dispositivo \\.\DNE . • https://www.exploit-db.com/exploits/5837 http://secunia.com/advisories/30728 http://secunia.com/advisories/30744 http://secunia.com/advisories/30747 http://secunia.com/advisories/30753 http://securityreason.com/securityalert/4600 http://support.citrix.com/article/CTX117751 http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsm25860 http://www.digit-labs.org/files/exploits/dne2000-call.c http://www.kb.cert.org/vuls/id/858993 http://www • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2008-4485
https://notcve.org/view.php?id=CVE-2008-4485
Cross-site scripting (XSS) vulnerability in the ICAP patience page in Blue Coat Security Gateway OS (SGOS) 4.2 before 4.2.9, 5.2 before 5.2.5, and 5.3 before 5.3.1.7 allows remote attackers to inject arbitrary web script or HTML via the URL. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados en "ICAP patience page" (XSS) en Blue Coat Security Gateway OS (SGOS) 4.2 y versiones anteriores a 4.2.9, 5.2 y versiones anteriores a 5.2.5, y 5.3 y versiones anteriores a 5.3.1.7, que permite a los atacantes remotos inyectar arbitrariamente una secuencia de comandos web o HTML a través de URL. • http://marc.info/?l=bugtraq&m=122210321731789&w=2 http://marc.info/?l=bugtraq&m=122298544725313&w=2 http://secunia.com/advisories/32122 http://securityreason.com/securityalert/4367 http://www.bluecoat.com/support/securityadvisories/icap_patience http://www.securityfocus.com/bid/31543 http://www.securitytracker.com/id?1020979 http://www.vupen.com/english/advisories/2008/2739 https://exchange.xforce.ibmcloud.com/vulnerabilities/45625 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •