Web Appliance Firmware
Approved changes feed: RSS · Atom
cpe:2.3:o:sophos:web_appliance_firmware:*:*:*:*:*:*:*:*
part: o version: * update: *
| Vendor | Sophos (a481dca1-298d-56ee-9d5c-373f6e8cead2) |
|---|---|
| Product | Web Appliance Firmware (7cafd3d1-59cd-52ab-9d2c-90d3f36e3f6d) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2014-2850 |
vulnerable | 2026-06-03 14:33:51.925447 |
Details available
The network interface configuration page (netinterface) in Sophos Web Appliance before 3.8.2 allows remote administrators to execute arbitrary commands via shell metacharacters in the address parameter.
Published: 2014-04-11T15:00:00.000Z
Updated: 2024-09-16T23:21:40.393Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2014-2849 |
vulnerable | 2026-06-03 14:33:51.885710 |
Details available
The Change Password dialog box (change_password) in Sophos Web Appliance before 3.8.2 allows remote authenticated users to change the admin user password via a crafted request.
Published: 2014-04-11T15:00:00.000Z
Updated: 2024-09-16T17:34:14.156Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2013-4983 |
vulnerable | 2026-06-03 14:33:20.213695 |
Details available
The get_referers function in /opt/ws/bin/sblistpack in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to end-user/index.php.
Published: 2013-09-10T10:00:00.000Z
Updated: 2024-09-17T03:02:50.133Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2013-2643 |
vulnerable | 2026-06-03 14:33:03.182255 |
Details available
Multiple cross-site scripting (XSS) vulnerabilities in Sophos Web Appliance before 3.7.8.2 allow remote attackers to inject arbitrary web script or HTML via the (1) xss parameter in an allow action to rss.php, (2) msg parameter to end-user/errdoc.php, (3) h parameter to end-user/ftp_redirect.php, or (4) threat parameter to the Blocked component.
Published: 2014-03-18T14:00:00.000Z
Updated: 2024-08-06T15:44:32.619Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2013-2642 |
vulnerable | 2026-06-03 14:33:03.181924 |
Details available
Sophos Web Appliance before 3.7.8.2 allows (1) remote attackers to execute arbitrary commands via shell metacharacters in the client-ip parameter to the Block page, when using the user_workstation variable in a customized template, and remote authenticated users to execute arbitrary commands via shell metacharacters in the (2) url parameter to the Diagnostic Tools functionality or (3) entries parameter to the Local Site List functionality.
Published: 2014-03-18T14:00:00.000Z
Updated: 2024-08-06T15:44:32.663Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2013-2641 |
vulnerable | 2026-06-03 14:33:03.180933 |
Details available
Directory traversal vulnerability in patience.cgi in Sophos Web Appliance before 3.7.8.2 allows remote attackers to read arbitrary files via the id parameter.
Published: 2014-03-18T14:00:00.000Z
Updated: 2024-08-06T15:44:32.610Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.