CVSS: 7.5EPSS: 12%CPEs: 2EXPL: 6CVE-2015-5452 – Watchguard XCS - Remote Command Execution
https://notcve.org/view.php?id=CVE-2015-5452
SQL injection vulnerability in Watchguard XCS 9.2 and 10.0 before build 150522 allows remote attackers to execute arbitrary SQL commands via the sid cookie, as demonstrated by a request to borderpost/imp/compose.php3. Vulnerabilidad de inyección SQL en Watchguard XCS 9.2 y 10.0 anterior a build 150522 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de la cookie sid, tal y como fue demostrado por una solicitud a borderpost/imp/compose.php3. • https://www.exploit-db.com/exploits/38346 https://www.exploit-db.com/exploits/37440 http://packetstormsecurity.com/files/132498/Watchguard-XCS-10.0-SQL-Injection-Command-Execution.html http://packetstormsecurity.com/files/133721/Watchguard-XCS-Remote-Command-Execution.html http://www.rapid7.com/db/modules/exploit/freebsd/http/watchguard_cmd_exec http://www.security-assessment.com/files/documents/advisory/Watchguard-XCS-final.pdf http://www.securityfocus.com/bid/75516 http://www.watchguard.com/support • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 2%CPEs: 2EXPL: 4CVE-2015-5453 – Watchguard XCS - Remote Command Execution
https://notcve.org/view.php?id=CVE-2015-5453
Watchguard XCS 9.2 and 10.0 before build 150522 allow remote authenticated users to execute arbitrary commands via shell metacharacters in the id parameter to ADMIN/mailqueue.spl. Watchguard XCS 9.2 y 10.0 en versiones anteriores a build 150522 permite a usuarios remotos autenticados ejecutar comandos arbitrarios a través de metacarácteres de shell en el paramétro id en ADMIN/mailqueue.spl. • https://www.exploit-db.com/exploits/38346 http://packetstormsecurity.com/files/132498/Watchguard-XCS-10.0-SQL-Injection-Command-Execution.html http://packetstormsecurity.com/files/133721/Watchguard-XCS-Remote-Command-Execution.html http://www.rapid7.com/db/modules/exploit/freebsd/http/watchguard_cmd_exec http://www.security-assessment.com/files/documents/advisory/Watchguard-XCS-final.pdf http://www.securityfocus.com/bid/75516 http://www.watchguard.com/support/release-notes/xcs/10/en-US/EN_Release_No • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 1CVE-2011-2165 – Watchguard XCS 10.0 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2011-2165
The STARTTLS implementation in WatchGuard XCS 9.0 and 9.1 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411. La implementación de STARTTLS en WatchGuard XCS v9.0 y v9.1 no restringe de forma correcta el búfer de I/O, lo que permite que mediante ataques de "hombre en medio", se inserten comandos el las sesiones SMTP cifradas, enviando un comando en texto plano, que es procesado después de TLS en su lugar, en relación a una " inyección de comandos de texto claro " ataque, un problema similar a CVE-2011-0411. • https://www.exploit-db.com/exploits/37440 http://secunia.com/advisories/44753 http://www.kb.cert.org/vuls/id/555316 http://www.kb.cert.org/vuls/id/MAPG-8D9M75 http://www.watchguard.com/support/release-notes/xcs/9/en-US/EN_ReleaseNotes_XCS_9_1_1/EN_ReleaseNotes_WG_XCS_9_1_TLS_Hotfix.pdf https://exchange.xforce.ibmcloud.com/vulnerabilities/67729 • CWE-264: Permissions, Privileges, and Access Controls •