CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2011-1902
https://notcve.org/view.php?id=CVE-2011-1902
05 May 2011 — Directory traversal vulnerability in the web interface in Proofpoint Messaging Security Gateway 6.2.0.263:6.2.0.237 and earlier in Proofpoint Protection Server 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and 6.2.0 allows remote attackers to read arbitrary files via unspecified vectors. Vulnerabilidad de salto de directorio en la interfaz web de Proofpoint Messaging Security Gateway v6.2.0.263:6.2.0.237 y anteriores en Proofpoint Protection Server v5.5.3, v5.5.4, v5.5.5, v6.0.2, v6.1.1 y v6.2.0 permite a atacantes re... • http://www.clearskies.net/documents/css-advisory-css1105-proofpoint.php • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 0CVE-2011-1903
https://notcve.org/view.php?id=CVE-2011-1903
05 May 2011 — SQL injection vulnerability in an unspecified function in Proofpoint Messaging Security Gateway 6.2.0.263:6.2.0.237 and earlier in Proofpoint Protection Server 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and 6.2.0 allows remote attackers to execute arbitrary SQL commands via unknown vectors. Vulnerabilidad de inyección SQL en una función no especificada en Proofpoint Messaging Security Gateway v6.2.0.263:6.2.0.237 y anteriores en Proofpoint Protection Server v5.5.3, v5.5.4, v5.5.5, v6.0.2, v6.1.1 y v6.2.0 permite a ... • http://www.clearskies.net/documents/css-advisory-css1105-proofpoint.php • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2011-1905
https://notcve.org/view.php?id=CVE-2011-1905
05 May 2011 — Multiple cross-site request forgery (CSRF) vulnerabilities in unspecified administrative modules in Proofpoint Messaging Security Gateway 6.2.0.263:6.2.0.237 and earlier in Proofpoint Protection Server 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and 6.2.0 allow remote attackers to hijack the authentication of administrators via unknown vectors. Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en módulos administrativos no especificados en Proofpoint Messaging Security Gateway v6.2.0.... • http://www.clearskies.net/documents/css-advisory-css1105-proofpoint.php • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2004-2357
https://notcve.org/view.php?id=CVE-2004-2357
31 Dec 2004 — The embedded MySQL 4.0 server for Proofpoint Protection Server does not require a password for the root user of MySQL, which allows remote attackers to read or modify the backend database. • http://marc.info/?l=full-disclosure&m=107745676915297&w=2 •