12 results (0.011 seconds)

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0

A post-auth command injection vulnerability in the exception wizard of Sophos Web Appliance older than version 4.3.10.4 allows administrators to execute arbitrary code. • https://www.sophos.com/en-us/security-advisories/sophos-sa-20230404-swa-rce • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

A reflected XSS via POST vulnerability in report scheduler of Sophos Web Appliance versions older than 4.3.10.4 allows execution of JavaScript code in the victim browser via a malicious form that must be manually submitted by the victim while logged in to SWA. • https://www.sophos.com/en-us/security-advisories/sophos-sa-20230404-swa-rce • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 96%CPEs: 1EXPL: 5

A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code. Sophos Web Appliance version 4.3.10.4 suffers from a pre-authentication command injection vulnerability. Sophos Web Appliance contains a command injection vulnerability in the warn-proceed handler that allows for remote code execution. • https://www.exploit-db.com/exploits/51396 https://github.com/W01fh4cker/CVE-2023-1671-POC https://github.com/ohnonoyesyes/CVE-2023-1671 https://github.com/behnamvanda/CVE-2023-1671 http://packetstormsecurity.com/files/172016/Sophos-Web-Appliance-4.3.10.4-Command-Injection.html https://www.sophos.com/en-us/security-advisories/sophos-sa-20230404-swa-rce • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

The Sophos Web Appliance before 4.3.2 has XSS in the FTP redirect page, aka NSWA-1342. El producto Sophos Web Appliance versiones anteriores a 4.3.2, presenta un problema de tipo XSS en la página de redireccionamiento FTP, también se conoce como NSWA-1342. • http://swa.sophos.com/rn/swa/concepts/ReleaseNotes_4.3.2.html http://www.securityfocus.com/bid/99016 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 6%CPEs: 1EXPL: 1

In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via functions, aka NSWA-1304. En Sophos Web Appliance (SWA) en versiones anteriores a 4.3.1.2, una sección de la interfaz de la máquina responsable de generar informes era vulnerable a la inyección de comandos remotos a través de funciones, vulnerabilidad también conocida como NSWA-1304. • https://www.exploit-db.com/exploits/42332 http://wsa.sophos.com/rn/swa/concepts/ReleaseNotes_4.3.1.2.html http://www.securityfocus.com/bid/97261 https://community.sophos.com/products/web-appliance/b/blog/posts/release-of-swa-v4-3-1-2 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •