CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2009-5131
https://notcve.org/view.php?id=CVE-2009-5131
26 Aug 2012 — The Receive Service in Websense Email Security before 7.1 does not recognize domain extensions in the blacklist, which allows remote attackers to bypass intended access restrictions and send e-mail messages via an SMTP session. Receive Service en Websense Email Security anterior a v7.1 no reconoce las extensiones de dominio en una lista negra (blacklist), lo cual permite a atacantes remotos saltarse las restricciones de acceso establecidas y enviar mensajes de correo electrónico a través de una sesión SMTP. • http://www.websense.com/support/article/t-kbarticle/Release-Notes-for-Websense-Email-Security-v7-1 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2009-5130
https://notcve.org/view.php?id=CVE-2009-5130
26 Aug 2012 — The Rules Service in Websense Email Security before 7.1 allows remote attackers to cause a denial of service (service crash) via an attachment with a crafted size. Rules Service en Websense Email Security anterior a v7.1 permite a atacantes remotos causar una denegación de servicio (caída del servicio) a través de un adjunto con un tamaño manipulado. • http://www.websense.com/support/article/t-kbarticle/Release-Notes-for-Websense-Email-Security-v7-1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2012-4605
https://notcve.org/view.php?id=CVE-2012-4605
23 Aug 2012 — The default configuration of the SMTP component in Websense Email Security 6.1 through 7.3 enables weak SSL ciphers in the "SurfControl plc\SuperScout Email Filter\SMTP" registry key, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data. La configuración por defecto en el componente SMTP en Websense Email Security v6.1 hasta la v7.3 utiliza cifrado SSL débil en la clave de registro en "SurfC... • http://www.securityfocus.com/bid/64758 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2009-5122
https://notcve.org/view.php?id=CVE-2009-5122
23 Aug 2012 — The Personal Email Manager component in Websense Email Security before 7.2 allows remote attackers to obtain potentially sensitive information from the JBoss status page via an unspecified query. El componente Personal Email Manager en Websense Email Security anterior a v7.2 permite a atacantes remotos obtener información sensible de la página de estado de JBoss a través de una consulta sin especificar. • http://www.websense.com/content/support/library/email/v72wes/release_notes/WES72_ReleaseNotes.pdf • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2009-5121
https://notcve.org/view.php?id=CVE-2009-5121
23 Aug 2012 — Websense Email Security 7.1 before Hotfix 4 allows remote attackers to bypass the sender-based blacklist by using the 8BITMIME EHLO keyword in the SMTP session. Websense Email Security anterior a v7.1 Hotfix 4 permite a atacantes remotos evitar la lista negra de remitentes utilizando la palabra clave 8BITMIME EHLO en la sesión SMTP. • http://www.websense.com/support/article/t-kbarticle/Hotfix-4-for-Websense-Email-Security-v7-1 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 3CVE-2009-3748 – Websense Email Security - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2009-3748
22 Oct 2009 — Multiple cross-site scripting (XSS) vulnerabilities in the Web Administrator in Websense Personal Email Manager 7.1 before Hotfix 4 and Email Security 7.1 before Hotfix 4 allow remote attackers to inject arbitrary web script or HTML via the (1) FileName, (2) IsolatedMessageID, (3) ServerName, (4) Dictionary, (5) Scoring, and (6) MessagePart parameters to web/msgList/viewmsg/actions/msgAnalyse.asp; the (7) Queue, (8) FileName, (9) IsolatedMessageID, and (10) ServerName parameters to actions/msgForwardToRiskF... • https://www.exploit-db.com/exploits/9981 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •