CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 0CVE-2017-6325
https://notcve.org/view.php?id=CVE-2017-6325
26 Jun 2017 — The Symantec Messaging Gateway can encounter a file inclusion vulnerability, which is a type of vulnerability that is most commonly found to affect web applications that rely on a scripting run time. This issue is caused when an application builds a path to executable code using an attacker-controlled variable in a way that allows the attacker to control which file is executed at run time. This file inclusion vulnerability subverts how an application loads code for execution. Successful exploitation of a fi... • http://www.securityfocus.com/bid/98890 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-6324
https://notcve.org/view.php?id=CVE-2017-6324
26 Jun 2017 — The Symantec Messaging Gateway, when processing a specific email attachment, can allow a malformed or corrupted Word file with a potentially malicious macro through despite the administrator having the 'disarm' functionality enabled. This constitutes a 'bypass' of the disarm functionality resident to the application. El producto Symantec Messaging Gateway, cuando procesa un archivo adjunto de correo electrónico específico, puede permitir que un archivo de Word malformado o corrupto con una macro potencialme... • http://www.securityfocus.com/bid/98889 •
CVSS: 10.0EPSS: 60%CPEs: 1EXPL: 2CVE-2017-6326 – Symantec Messaging Gateway 10.6.2-7 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2017-6326
24 Jun 2017 — The Symantec Messaging Gateway can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machine or in a target process. El producto Symantec Messaging Gateway, puede detectar un problema de ejecución de código remota, que describe una situación en la que un individuo puede obtener la capacidad de ejecutar comandos remotamente en un equipo destino o en un proceso destino. • https://packetstorm.news/files/id/143129 •
CVSS: 5.5EPSS: 0%CPEs: 43EXPL: 2CVE-2016-5309 – Symantec RAR Decomposer Engine (Multiple Products) - Out-of-Bounds Read / Out-of-Bounds Write
https://notcve.org/view.php?id=CVE-2016-5309
14 Apr 2017 — The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec Endpoint Protection (SEP) for Windows before 12.1.6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1.6 MP6; Symantec Endpoint Protection for Small Business Enterprise (SEP SBE/SEP.Cloud); Symantec Endpoint Protection Cloud (SEPC) for Windows/Mac; Symantec ... • https://www.exploit-db.com/exploits/40405 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 43EXPL: 2CVE-2016-5310 – Symantec RAR Decomposer Engine (Multiple Products) - Out-of-Bounds Read / Out-of-Bounds Write
https://notcve.org/view.php?id=CVE-2016-5310
14 Apr 2017 — The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec Endpoint Protection (SEP) for Windows before 12.1.6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1.6 MP6; Symantec Endpoint Protection for Small Business Enterprise (SEP SBE/SEP.Cloud); Symantec Endpoint Protection Cloud (SEPC) for Windows/Mac; Symantec ... • https://www.exploit-db.com/exploits/40405 • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 90%CPEs: 1EXPL: 4CVE-2016-5312 – Symantec Messaging Gateway 10.6.1 - Directory Traversal
https://notcve.org/view.php?id=CVE-2016-5312
28 Sep 2016 — Directory traversal vulnerability in the charting component in Symantec Messaging Gateway before 10.6.2 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the sn parameter to brightmail/servlet/com.ve.kavachart.servlet.ChartStream. La vulnerabilidad de desplazamiento de directorios en el componente de creación de gráficos en Symantec Messaging Gateway en versiones anteriores a 10.6.2 permite a los usuarios autenticados remotos leer archivos arbitrarios a través de .. (punto punt... • https://packetstorm.news/files/id/138891 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.2EPSS: 0%CPEs: 7EXPL: 0CVE-2016-2204
https://notcve.org/view.php?id=CVE-2016-2204
22 Apr 2016 — The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to obtain root-shell access via crafted terminal-window input. La consola de gestión en dispositivos Symantec Messaging Gateway (SMG) Appliance en versiones anteriores a 10.6.1 permite a usuarios locales obtener acceso root-shell a través de la entrada en ventana de terminal manipulada. • http://www.securityfocus.com/bid/86138 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 5CVE-2016-2203 – Symantec Brightmail 10.6.0-7 - LDAP Credentials Disclosure
https://notcve.org/view.php?id=CVE-2016-2203
21 Apr 2016 — The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to discover an encrypted AD password by leveraging certain read privileges. La consola de gestión en dispositivos Symantec Messaging Gateway (SMG) Appliance en versiones anteriores a 10.6.1 permite a usuarios locales descubrir una contraseña AD cifrada aprovechando determinados privilegios de lectura. Symantec Brightmail versions 10.6.0-7 and below save the AD password in a place where it can be ret... • https://packetstorm.news/files/id/181136 • CWE-255: Credentials Management Errors •
CVSS: 6.1EPSS: 38%CPEs: 6EXPL: 2CVE-2014-1648 – Symantec Messaging Gateway 10.5.1 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2014-1648
22 Apr 2014 — Cross-site scripting (XSS) vulnerability in brightmail/setting/compliance/DlpConnectFlow$view.flo in the management console in Symantec Messaging Gateway 10.x before 10.5.2 allows remote attackers to inject arbitrary web script or HTML via the displayTab parameter. Vulnerabilidad de XSS en brightmail/setting/compliance/DlpConnectFlow$view.flo en la consola de gestión en Symantec Messaging Gateway 10.x anterior a 10.5.2 permite a atacantes remotos inyectar script Web o HTML arbitrarios a través del parámetro... • https://packetstorm.news/files/id/126264 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 85%CPEs: 5EXPL: 3CVE-2012-4347 – Symantec Messaging Gateway 9.5.3-3 - Arbitrary File Download
https://notcve.org/view.php?id=CVE-2012-4347
05 Dec 2012 — Multiple directory traversal vulnerabilities in the management console in Symantec Messaging Gateway (SMG) 9.5.x allow remote authenticated users to read arbitrary files via a .. (dot dot) in the (1) logFile parameter in a logs action to brightmail/export or (2) localBackupFileSelection parameter in an APPLIANCE restoreSource action to brightmail/admin/restore/download.do. Múltiples vulnerabilidades de salto de directorio en Symantec Messaging Gateway v9.5 y v9.5.1 permite a atacantes leer ficheros arbitrar... • https://packetstorm.news/files/id/181091 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •