CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 1CVE-2012-4604
https://notcve.org/view.php?id=CVE-2012-4604
The TRITON management console in Websense Web Security before 7.6 Hotfix 24 allows remote attackers to bypass authentication and read arbitrary reports via a crafted uid field, in conjunction with a crafted userRoles field, in a cookie, as demonstrated by a request to explorer_wse/favorites.exe. La consola de gestión de TRITON en Websense Web Security anterior a v7.6 Hotfix 24 permite a atacantes remotos saltarse la autenticación y leer informes arbitrarios a través de un campo uid manipulado, en conjunción con un campo userRoles manipulado, en una (cookie), como se demuestra por medio de una solicitud a explorer_wse/favorites.exe. • http://www.securityfocus.com/archive/1/522530 • CWE-287: Improper Authentication •
CVSS: 5.0EPSS: 0%CPEs: 5EXPL: 0CVE-2012-4605
https://notcve.org/view.php?id=CVE-2012-4605
The default configuration of the SMTP component in Websense Email Security 6.1 through 7.3 enables weak SSL ciphers in the "SurfControl plc\SuperScout Email Filter\SMTP" registry key, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data. La configuración por defecto en el componente SMTP en Websense Email Security v6.1 hasta la v7.3 utiliza cifrado SSL débil en la clave de registro en "SurfControl plc\SuperScout Email Filter\SMTP", lo cual hace posible para un atacante remoto obtener información sensible por medio del pinchado de la red y la realización de un ataque por fuerza bruta contra los datos encriptados de la sesión. • http://www.securityfocus.com/bid/64758 http://www.websense.com/support/article/kbarticle/SSL-TLS-weak-and-export-ciphers-detected-in-Websense-Email-Security-deployments https://exchange.xforce.ibmcloud.com/vulnerabilities/78131 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2010-5145
https://notcve.org/view.php?id=CVE-2010-5145
The Filtering Service in Websense Web Security and Web Filter before 6.3.1 Hotfix 136 and 7.x before 7.1.1 on Windows allows remote attackers to cause a denial of service (filtering outage) via a crafted sequence of characters in a URI. El Servicio de Filtrado de Websense Web Security y Web Filter v6.3.1 anterior a Hotfix 136 y v7.x en Windows anterior a v7.1.1 permite a atacantes remotos provocar una denegación de servicio (corte del filtrado) a través de una secuencia manipulada de los caracteres de una URI. • http://www.websense.com/content/support/library/web/v711/ws711_known_issues/first.aspx http://www.websense.com/content/support/library/web/v711/ws711_known_issues/ws711_known_issues.pdf https://exchange.xforce.ibmcloud.com/vulnerabilities/78345 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2009-5120
https://notcve.org/view.php?id=CVE-2009-5120
The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port. La configuración por defecto de Apache Tomcat en Websense Manager en Websense Web Security v7.0 y Web Filter v7.0 permite conexiones con el puerto TCP 1812 de cualquier dirección IP de origen, lo que facilita a los atacantes remotos realizar ataques cross-site scripting (XSS) a través de texto UTF-7 a la página de error 404 de un servicio Proyect Woodstock en este puerto. • http://www.websense.com/support/article/t-kbarticle/v7-Apache-Tomcat-security-vulnerabilities-1258048503850 • CWE-16: Configuration •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 3CVE-2009-3748 – Websense Email Security - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2009-3748
Multiple cross-site scripting (XSS) vulnerabilities in the Web Administrator in Websense Personal Email Manager 7.1 before Hotfix 4 and Email Security 7.1 before Hotfix 4 allow remote attackers to inject arbitrary web script or HTML via the (1) FileName, (2) IsolatedMessageID, (3) ServerName, (4) Dictionary, (5) Scoring, and (6) MessagePart parameters to web/msgList/viewmsg/actions/msgAnalyse.asp; the (7) Queue, (8) FileName, (9) IsolatedMessageID, and (10) ServerName parameters to actions/msgForwardToRiskFilter.asp and viewHeaders.asp in web/msgList/viewmsg/; and (11) the subject in an e-mail message that is held in a Queue. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Web Administrator en Websense Personal Email Manager v7.1 anteriores a Hotfix v4 y Email Security v7.1 anteriores a Hotfix v4 permite a los atacantes remotos inyectar arbitrariamente una secuencia de comandos web o HTML a través de los parámetros (1) FileName, (2) IsolatedMessageID, (3) ServerName, (4) Dictionary, (5) Scoring, y (6) MessagePart parameters to web/msgList/viewmsg/actions/msgAnalyse.asp; the (7) Queue, (8) FileName, (9) IsolatedMessageID, and (10) ServerName para actions/msgForwardToRiskFilter.asp y viewHeaders.asp en web/msgList/viewmsg/; y (11) el asunto en un mensaje de correo electrónico que se mantiene en una Queue. • https://www.exploit-db.com/exploits/9981 http://kb.websense.com/display/4/kb/article.aspx?aid=4786 http://secunia.com/advisories/37091 http://sotiriu.de/adv/NSOADV-2009-003.txt http://www.securityfocus.com/archive/1/507330/100/0/threaded http://www.securityfocus.com/bid/36741 http://www.vupen.com/english/advisories/2009/2987 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •