CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0CVE-2010-5191
https://notcve.org/view.php?id=CVE-2010-5191
Multiple cross-site request forgery (CSRF) vulnerabilities on the Blue Coat ProxyAV appliance before 3.2.6.1 allow remote attackers to hijack the authentication of administrators for requests that (1) change a password, (2) modify a policy, or (3) restart the device. Múltiples vulnerabilidades de solicitudes falsificadas en sitios cruzados (CSRF) en Blue Coat ProxyAV appliance anterior a v3.2.6.1 permite a atacantes remotos secuestrar la autenticación de los administradores para solicitudes de (1) cambio de contraseña, (2) modificación de una política, o (3) reinicio del dispositivo. • https://kb.bluecoat.com/index?page=content&id=SA46 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2011-5125
https://notcve.org/view.php?id=CVE-2011-5125
Cross-site scripting (XSS) vulnerability in Blue Coat Director before 5.5.2.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving the HTTP TRACE method. Vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en Blue Coat Director anterior a v5.5.2.3 permite a atacantes remotos inyectar código web o HTML arbitrario a través de vectores que están relacionados con el método HTTP TRACE. • https://kb.bluecoat.com/index?page=content&id=SA62 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.8EPSS: 0%CPEs: 31EXPL: 0CVE-2009-1211
https://notcve.org/view.php?id=CVE-2009-1211
Blue Coat ProxySG, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header. Blue Coat ProxySG, cuando el modo de interceptación transparente está activado, usa la cabecera HTTP Host para determinar el "endpoint" (punto de finalización) remoto, lo que permite a atacantes remotos evitar los controles de acceso por Flash, Java, Silverlight y probablemente otras tecnologías, y posiblemente comunicarse con sitios de la intranet restringidos, a través de una página web manipulada que provoca que el cliente envíe peticiones HTTP con una cabecera Host modificada. • http://www.securitytracker.com/id?1021781 https://hypersonic.bluecoat.com/support/securityadvisories/ProxySG_in_transparent_deployments • CWE-16: Configuration •
CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 1CVE-2008-5121 – Deterministic Network Enhancer - 'dne2000.sys' Kernel Ring0 SYSTEM
https://notcve.org/view.php?id=CVE-2008-5121
dne2000.sys in Citrix Deterministic Network Enhancer (DNE) 2.21.7.233 through 3.21.7.17464, as used in (1) Cisco VPN Client, (2) Blue Coat WinProxy, and (3) SafeNet SoftRemote and HighAssurance Remote, allows local users to gain privileges via a crafted DNE_IOCTL DeviceIoControl request to the \\.\DNE device interface. dne2000.sys en Citrix Deterministic Network Enhancer (DNE) desde la version 2.21.7.233 a la 3.21.7.17464, tal y como se usa en (1) Cisco VPN Client, (2) Blue Coat WinProxy, y (3) SafeNet SoftRemote y HighAssurance Remote, permite a usuarios locales obtener privilegios a través de una petición DNE_IOCTL DeviceIoControl modificada a la interfaz de dispositivo \\.\DNE . • https://www.exploit-db.com/exploits/5837 http://secunia.com/advisories/30728 http://secunia.com/advisories/30744 http://secunia.com/advisories/30747 http://secunia.com/advisories/30753 http://securityreason.com/securityalert/4600 http://support.citrix.com/article/CTX117751 http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsm25860 http://www.digit-labs.org/files/exploits/dne2000-call.c http://www.kb.cert.org/vuls/id/858993 http://www&# • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2008-4485
https://notcve.org/view.php?id=CVE-2008-4485
Cross-site scripting (XSS) vulnerability in the ICAP patience page in Blue Coat Security Gateway OS (SGOS) 4.2 before 4.2.9, 5.2 before 5.2.5, and 5.3 before 5.3.1.7 allows remote attackers to inject arbitrary web script or HTML via the URL. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados en "ICAP patience page" (XSS) en Blue Coat Security Gateway OS (SGOS) 4.2 y versiones anteriores a 4.2.9, 5.2 y versiones anteriores a 5.2.5, y 5.3 y versiones anteriores a 5.3.1.7, que permite a los atacantes remotos inyectar arbitrariamente una secuencia de comandos web o HTML a través de URL. • http://marc.info/?l=bugtraq&m=122210321731789&w=2 http://marc.info/?l=bugtraq&m=122298544725313&w=2 http://secunia.com/advisories/32122 http://securityreason.com/securityalert/4367 http://www.bluecoat.com/support/securityadvisories/icap_patience http://www.securityfocus.com/bid/31543 http://www.securitytracker.com/id?1020979 http://www.vupen.com/english/advisories/2008/2739 https://exchange.xforce.ibmcloud.com/vulnerabilities/45625 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •