Vulnerabilities > Websense > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-08-26 | CVE-2009-5131 | Permissions, Privileges, and Access Controls vulnerability in Websense Email Security 6.1/7.0 The Receive Service in Websense Email Security before 7.1 does not recognize domain extensions in the blacklist, which allows remote attackers to bypass intended access restrictions and send e-mail messages via an SMTP session. | 5.0 |
| 2012-08-26 | CVE-2009-5130 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Websense Email Security 6.1/7.0 The Rules Service in Websense Email Security before 7.1 allows remote attackers to cause a denial of service (service crash) via an attachment with a crafted size. | 4.3 |
| 2012-08-26 | CVE-2009-5129 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Websense V10000 The Websense V10000 appliance before 1.0.1 allows remote attackers to cause a denial of service (intermittent LDAP authentication outage) via a login attempt with an incorrect password. | 5.0 |
| 2012-08-26 | CVE-2009-5128 | Buffer Errors vulnerability in Websense V10000 1.0.0 The Websense V10000 appliance before 1.0.1 allows remote attackers to cause a denial of service (memory consumption and process crash) via a large file that is not properly handled during buffering. | 5.0 |
| 2012-08-24 | CVE-2012-2984 | Cross-Site Scripting vulnerability in Websense Content Gateway 7.7 Multiple cross-site scripting (XSS) vulnerabilities in monitor/m_overview.ink in Websense Content Gateway before 7.7.3 allow remote attackers to inject arbitrary web script or HTML via the (1) menu or (2) item parameter. | 4.3 |
| 2012-08-23 | CVE-2012-4605 | Information Exposure vulnerability in Websense Email Security The default configuration of the SMTP component in Websense Email Security 6.1 through 7.3 enables weak SSL ciphers in the "SurfControl plc\SuperScout Email Filter\SMTP" registry key, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data. | 5.0 |
| 2012-08-23 | CVE-2012-4604 | Improper Authentication vulnerability in Websense web Security The TRITON management console in Websense Web Security before 7.6 Hotfix 24 allows remote attackers to bypass authentication and read arbitrary reports via a crafted uid field, in conjunction with a crafted userRoles field, in a cookie, as demonstrated by a request to explorer_wse/favorites.exe. | 4.3 |
| 2012-08-23 | CVE-2010-5149 | Denial-Of-Service vulnerability in Websense Web Security Websense Web Security and Web Filter before 6.3.3 Hotfix 27 and 7.x before 7.1.1 allow remote attackers to cause a denial of service (Blue Coat appliance integration outage) via a long URL. | 5.0 |
| 2012-08-23 | CVE-2010-5148 | Remote Security vulnerability in Websense Web Security Websense Web Security and Web Filter before 7.1 Hotfix 21 do not set the secure flag for the Encrypted Session (SSL) cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | 5.0 |
| 2012-08-23 | CVE-2010-5147 | Denial-Of-Service vulnerability in Websense Web Security The Remote Filtering component in Websense Web Security and Web Filter before 6.3.3 Hotfix 18 and 7.x before 7.1.1 allows remote attackers to cause a denial of service (daemon exit) via a large volume of traffic. | 5.0 |