CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2005-0817
https://notcve.org/view.php?id=CVE-2005-0817
20 Mar 2005 — Unknown vulnerability in the DNSd proxy, as used in Symantec Gateway Security 5400 2.x and 5300 1.x, Enterprise Firewall 7.0.x and 8.x, and VelociRaptor 1100/1200/1300 1.5, allows remote attackers to poison the DNS cache and redirect users to malicious sites. • http://archives.neohapsis.com/archives/bugtraq/2004-06/0225.html •
CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 0CVE-2005-0618
https://notcve.org/view.php?id=CVE-2005-0618
02 Mar 2005 — The SMTP binding function in Symantec Firewall/VPN Appliance 200/200R firmware after 1.5Z and before 1.68, Gateway Security 360/360R and 460/460R firmware before vuild 858, and Nexland Pro800turbo, when configured for load balancing between two WANs, might send SMTP traffic to a trusted network through an untrusted network. • http://secunia.com/advisories/14428 •
CVSS: 8.8EPSS: 10%CPEs: 49EXPL: 0CVE-2005-0249
https://notcve.org/view.php?id=CVE-2005-0249
08 Feb 2005 — Heap-based buffer overflow in the DEC2EXE module for Symantec AntiVirus Library allows remote attackers to execute arbitrary code via a UPX compressed file containing a negative virtual offset to a crafted PE header. • http://securitytracker.com/id?1013133 •
CVSS: 9.8EPSS: 8%CPEs: 9EXPL: 0CVE-2004-0369
https://notcve.org/view.php?id=CVE-2004-0369
31 Dec 2004 — Buffer overflow in Entrust LibKmp ISAKMP library, as used by Symantec Enterprise Firewall 7.0 through 8.0, Gateway Security 5300 1.0, Gateway Security 5400 2.0, and VelociRaptor 1.5, allows remote attackers to execute arbitrary code via a crafted ISAKMP payload. • http://securityresponse.symantec.com/avcenter/security/Content/2004.08.26.html •
CVSS: 7.5EPSS: 5%CPEs: 12EXPL: 0CVE-2004-1472
https://notcve.org/view.php?id=CVE-2004-1472
31 Dec 2004 — Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running firmware before 1.63 allow remote attackers to cause a denial of service (device freeze) via a fast UDP port scan on the WAN interface. • http://marc.info/?l=bugtraq&m=109588376426070&w=2 •
CVSS: 9.1EPSS: 4%CPEs: 12EXPL: 0CVE-2004-1474
https://notcve.org/view.php?id=CVE-2004-1474
31 Dec 2004 — Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running firmware before 1.63 and Gateway Security 320, 360, and 360R running firmware before 622 uses a default read/write SNMP community string, which allows remote attackers to alter the firewall's configuration file. • http://marc.info/?l=bugtraq&m=109588376426070&w=2 •
CVSS: 9.8EPSS: 3%CPEs: 12EXPL: 0CVE-2004-1473
https://notcve.org/view.php?id=CVE-2004-1473
31 Dec 2004 — Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running firmware before 1.63 and Gateway Security 320, 360, and 360R running firmware before 622 allow remote attackers to bypass filtering and determine whether the device is running services such as tftpd, snmpd, or isakmp via a UDP port scan with a source port of UDP 53. • http://marc.info/?l=bugtraq&m=109588376426070&w=2 •
CVSS: 9.8EPSS: 35%CPEs: 157EXPL: 1CVE-2004-1029 – Sun Java Runtime Environment 1.x Java Plugin - JavaScript Security Restriction Bypass
https://notcve.org/view.php?id=CVE-2004-1029
24 Nov 2004 — The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute arbitrary code by using the reflection API to access private Java packages. • https://www.exploit-db.com/exploits/24763 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 4%CPEs: 11EXPL: 3CVE-2004-1754 – Symantec Enterprise Firewall 7.0/8.0 - DNSD DNS Cache Poisoning
https://notcve.org/view.php?id=CVE-2004-1754
15 Jun 2004 — The DNS proxy (DNSd) for multiple Symantec Gateway Security products allows remote attackers to poison the DNS cache via a malicious DNS server query response that contains authoritative or additional records. • https://www.exploit-db.com/exploits/24218 •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 2CVE-2004-0192 – Symantec Gateway Security 5400 Series 2.0 - Error Page Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2004-0192
04 Mar 2004 — Cross-site scripting (XSS) vulnerability in the Management Service for Symantec Gateway Security 2.0 allows remote attackers to steal cookies and hijack a management session via a /sgmi URL that contains malicious script, which is not quoted in the resulting error page. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el Servicio de Administración de Symantec Gateway Security 2.0 permite a atacantes remotos robar cookies y secuestrar una sesión de administración mediante una URL /smgi qu... • https://www.exploit-db.com/exploits/23764 •