Vulnerabilities > Cyberoam
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-09-04 | CVE-2015-6811 | SQL Injection vulnerability in Cyberoam Cyberoamos 10.6.2 SQL injection vulnerability in the Sophos Cyberoam CR500iNG-XP firewall appliance with CyberoamOS 10.6.2 MR-1 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter to login.xml. | 7.5 |
2014-10-07 | CVE-2014-5503 | SQL Injection vulnerability in Cyberoam OS SQL injection vulnerability in the Guest Login Portal in the Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote attackers to execute arbitrary SQL commands via the add_guest_user opcode. | 10.0 |
2014-10-07 | CVE-2014-5502 | OS Command Injection vulnerability in Cyberoam OS The Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote authenticated users to inject arbitrary commands via a (1) checkcert_key, (2) webclient_portal_settings, (3) sslvpn_liveuser_delete, or (4) ccc_flush_sql_file opcode. | 9.0 |
2014-10-07 | CVE-2014-5501 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cyberoam OS Stack-based buffer overflow in the diagnose service in the Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote attackers to execute arbitrary code via a crafted webpage or file. | 9.3 |
2012-02-12 | CVE-2012-1047 | Path Traversal vulnerability in Cyberoam Central Console 2.00.2 Directory traversal vulnerability in the WWWHELP Service (js/html/wwhelp.htm) in Cyberoam Central Console (CCC) 2.00.2 allows remote attackers to include and execute arbitrary local files via a .. | 7.5 |