Full title: Sophos Web Protection Appliance sblistpack Arbitrary Command Execution 
Category: remote exploits
Platform: linux
This Metasploit module exploits a command injection vulnerability on Sophos Web Protection Appliance 3.7.9, 3.8.0 and 3.8.1. The vulnerability exists on the sblistpack component, reachable from the web interface without authentication. This Metasploit module has been tested successfully on Sophos Virtual Web Appliance 3.7.0.

# 0day.today @ http://0day.today/