Websense Content Gateway error messages are vulnerable to cross site scripting.
58f600eaed898f1ca351c4b8d1cbec131fbfe943f225520c81a41f29a0067a03Websense Reporting suffers from multiple cross site scripting vulnerabilities.
19b2dc3d78140a923b9085dab9d45e139e61f79e70bb9f569bc419899ca2710bWebsense Explorer's report scheduler suffers from a cross site scripting vulnerability.
437a9f75eca191601c80ffa7f7c81146dc40026d999f157af7aa5fa4635d9461It was discovered that the Websense Data Security block page processes user-controllable data insecurely, rendering the block page vulnerable to cross site scripting.
f3ceee1d1b8d8314759c25514da344340d509358c90fe5b334a3fee4673a6305It was discovered that no access control is enforced on the explorer_wse path, which is exposed through the web server. An attacker can abuse this issue to download any file exposed by this path, including security reports and Websense Explorer configuration files.
ec6c438270cff0bddf53b78da134f39a1f995ed0021b3fa3dc986797bb9d28eaWebsense Triton is affected by a source code disclosure vulnerability. By appending a double quote character after JSP URLs, Websense will return the source code of the JSP instead of executing the JSP. An attacker can use this issue to inspect parts of Websense's source code in order to gain more knowledge about Websense's internals.
bea41cc67f2ff2025f34ba87479f5525c6c77dbe1476e500ef73fac0a668a4a3A command injection vulnerability was found in Websense Appliance Manager that allows an attacker to execute arbitrary code on the appliance. This issue can be combined with other vulnerabilities, like cross site scripting, to perform a remote unauthenticated attacks to compromise the appliance.
46837dcf6a5d28dc59eaab3be3f8b5c988bf22906dd8c40892e389c43e23257bUsers of Websense Data Security that are reviewing DLP incidents can be attacked via cross site scripting. This issue can be exploited using a specially crafted email, or by sending a specially crafted HTTP request through the Websense proxy. The attacker-supplied code can perform a wide variety of attacks, such as stealing session tokens, login credentials, performing arbitrary actions as victims, or logging victims' keystrokes.
cb8568eb68202e34f2c399915ab08eac2ec81901bfe2ce84f46fd344875d3129Users of Websense Data Security that are reviewing DLP incidents can be attacked via cross site scripting. This issue can be exploited using a specially crafted email, or by sending a specially crafted HTTP request through the Websense proxy. The attacker-supplied code can perform a wide variety of attacks, such as stealing session tokens, login credentials, performing arbitrary actions as victims, or logging victims' keystrokes.
b9766eb5d33d72228778743de93441e682ea519fe27c250aec98a6ce1f397474EMC Secure Remote Services Virtual Edition (ESRS VE) suffers from GHOST, remote SQL injection, and command injection vulnerabilities. Affected products include versions 3.02 and 3.03.
6b3ffdb9909af633f358b0989f2fbd7d173162224f69793af11938be23147164
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed