Page 2 of 13 results (0.012 seconds)

CVSS: 5.0EPSS: 0%CPEs: 15EXPL: 0

The proxy DNS service in Symantec Gateway Security (SGS) allows remote attackers to make arbitrary DNS queries to third-party DNS servers, while hiding the source IP address of the attacker. NOTE: another researcher has stated that the default configuration does not proxy DNS queries received on the external interface ** DISCUTIDO ** El servicio proxy DNS en Symantec Gateway Security (SGS) permite a un atacante remoto hacer consultas DNS de su elección a los servidores DNS de terceras personas, mientras se ocultan la dirección IP de origen del atacante. NOTA: otro investigador ha señalado que la configuración por defecto no recibe consultas proxy DNS sobre una interfaz externa. • http://www.securityfocus.com/archive/1/444114/100/100/threaded http://www.securityfocus.com/archive/1/444134/100/100/threaded http://www.securityfocus.com/archive/1/444135/100/100/threaded http://www.securityfocus.com/archive/1/444330/100/0/threaded •

CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 0

Buffer overflow in the Internet Key Exchange version 1 (IKEv1) implementation in Symantec Dynamic VPN Services, as used in Enterprise Firewall, Gateway Security, and Firewall /VPN Appliance products, allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. • http://secunia.com/advisories/17684 http://securityresponse.symantec.com/avcenter/security/Content/2005.11.21.html http://securitytracker.com/id?1015247 http://securitytracker.com/id?1015248 http://securitytracker.com/id?1015249 http://www.vupen.com/english/advisories/2005/2517 •

CVSS: 5.0EPSS: 41%CPEs: 5EXPL: 0

Unknown vulnerability in the DNSd proxy, as used in Symantec Gateway Security 5400 2.x and 5300 1.x, Enterprise Firewall 7.0.x and 8.x, and VelociRaptor 1100/1200/1300 1.5, allows remote attackers to poison the DNS cache and redirect users to malicious sites. • http://archives.neohapsis.com/archives/bugtraq/2004-06/0225.html http://secunia.com/advisories/14595 http://securityresponse.symantec.com/avcenter/security/Content/2005.03.15.html http://securitytracker.com/id?1013451 http://www.isc.sans.org/diary.php?date=2005-03-04 https://exchange.xforce.ibmcloud.com/vulnerabilities/16423 https://exchange.xforce.ibmcloud.com/vulnerabilities/44530 •

CVSS: 7.5EPSS: 0%CPEs: 49EXPL: 0

Heap-based buffer overflow in the DEC2EXE module for Symantec AntiVirus Library allows remote attackers to execute arbitrary code via a UPX compressed file containing a negative virtual offset to a crafted PE header. • http://securitytracker.com/id?1013133 http://www.kb.cert.org/vuls/id/107822 http://www.symantec.com/avcenter/security/Content/2005.02.08.html http://xforce.iss.net/xforce/alerts/id/187 https://exchange.xforce.ibmcloud.com/vulnerabilities/18869 •

CVSS: 9.3EPSS: 19%CPEs: 157EXPL: 1

The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute arbitrary code by using the reflection API to access private Java packages. • https://www.exploit-db.com/exploits/24763 http://jouko.iki.fi/adv/javaplugin.html http://lists.apple.com/archives/security-announce/2005/Feb/msg00000.html http://rpmfind.net/linux/RPM/suse/updates/9.3/i386/rpm/i586/java-1_4_2-sun-src-1.4.2.08-0.1.i586.html http://secunia.com/advisories/13271 http://secunia.com/advisories/29035 http://securityreason.com/securityalert/61 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101523-1 http://sunsolve.sun.co • CWE-264: Permissions, Privileges, and Access Controls •