CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-2770
https://notcve.org/view.php?id=CVE-2015-2770
Cross-site request forgery (CSRF) vulnerability in the command line page in Websense TRITON V-Series appliances before 8.0.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. Vulnerabilidad de CSRF en la página de líneas de comandos en los dispositivos de la serie V de Websense TRITON anterior a 8.0.0 permite a atacantes remotos secuestrar la autenticación de victimas no especificadas a través de vectores desconocidos. • http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2015-2771
https://notcve.org/view.php?id=CVE-2015-2771
The Mail Server in Websense TRITON AP-EMAIL and V-Series appliances before 8.0.0 uses plaintext credentials, which allows remote attackers to obtain sensitive information via unspecified vectors. Mail Server en Websense TRITON AP-EMAIL y dispositivos de la serie V anterior a 8.0.0 utiliza credenciales de texto plano, lo que permite a atacantes remotos obtener información sensible a través de vectores no especificados. • http://www.securityfocus.com/bid/73428 http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2014-9712
https://notcve.org/view.php?id=CVE-2014-9712
Websense TRITON V-Series appliances before 7.8.3 Hotfix 03 and 7.8.4 before Hotfix 01 allow remote administrators to read arbitrary files and obtain passwords via a crafted path. Accesorios Websense TRITON V-Series en versiones anteriores a 7.8.3 Hotfix 03 y 7.8.4 en versiones anteriores a Hotfix 01 permiten a administradores remotos leer archivos arbitrarios y obtener contraseñas a través de una ruta manipulada. • http://www.securityfocus.com/bid/73417 http://www.websense.com/support/article/kbarticle/v7-8-3-About-Hotfix-03-for-V-Series-Appliance http://www.websense.com/support/article/kbarticle/v7-8-4-About-Hotfix-01-for-V-Series-Appliance • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-2772
https://notcve.org/view.php?id=CVE-2015-2772
SVM in Websense TRITON V-Series appliances before 8.0.0 allows attackers to upload arbitrary files via unspecified vectors. SVM en los dispositivos de la serie V de Websense TRITON anterior a 8.0.0 permite a atacantes subir ficheros arbitrarios a través de vectores no especifcados. • http://www.securityfocus.com/bid/73439 http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0 •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2015-2768
https://notcve.org/view.php?id=CVE-2015-2768
Cross-site scripting (XSS) vulnerability in Websense TRITON AP-EMAIL before 8.0.0 and V-Series 7.7 appliances allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en Websense TRITON AP-EMAIL anterior a 8.0.0 y los dispositivos de la serie V 7.7 permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través de vectores no especificados. • http://www.securityfocus.com/bid/73429 http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •