CVE-2015-5691 – Symantec Web Gateway Arbitrary PHP File Upload Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-5691
Multiple cross-site scripting (XSS) vulnerabilities in PHP scripts in the management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, as demonstrated an attack against admin_messages.php. Múltiples vulnerabilidades de XSS en scripts PHP en la consola de gestión en Symantec Web Gateway (SWG) en dispositivos con software en versiones anteriores a 5.2.2 DB 5.0.0.1277, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados, según lo demostrado en un ataque contra admin_messages.php. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Web Gateway. Authentication is required to exploit this vulnerability, however it can be bypassed via reflected cross-site scripting. The specific flaw exists within the admin_messages.php file which relies on mimetypes and file extensions to block potentially dangerous file uploads. An attacker can exploit this condition to upload arbitrary files as the apache user. • http://www.securityfocus.com/bid/76728 http://www.securitytracker.com/id/1033625 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150916_00 http://www.zerodayinitiative.com/advisories/ZDI-15-443 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2015-5690 – Symantec Web Gateway Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-5690
The management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to bypass intended access restrictions and execute arbitrary commands by leveraging a "redirect." Vulnerabilidad en la consola de gestión en Symantec Web Gateway (SWG) en dispositivos con software en versiones anteriores a 5.2.2 DB 5.0.0.1277, permite a usuarios remotos autenticados eludir las restricciones destinadas al acceso y ejecutar comandos arbitarios mediante el aprovechamiento de un 'redirect'. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Web Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists within the path processing for command URLs accessed through the management port of the gateway. A crafted URL can cause the Web Gateway to execute a command that should not be available externally. • http://www.securityfocus.com/bid/76725 http://www.securitytracker.com/id/1033625 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150916_00 http://www.zerodayinitiative.com/advisories/ZDI-15-444 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2014-7285 – Symantec Web Gateway 5 - 'restore.php' (Authenticated) Command Injection
https://notcve.org/view.php?id=CVE-2014-7285
The management console on the Symantec Web Gateway (SWG) appliance before 5.2.2 allows remote authenticated users to execute arbitrary OS commands by injecting command strings into unspecified PHP scripts. La consola de gestión de en el dispositivo Symantec Web Gateway (SWG) anterior a 5.2.2 permite a usuarios remotos autenticados ejecutar comandos del sistema operativo arbitrarios mediante la inyección de cadenas de comandos en secuencias de comandos PHP no especificadas. Symantec Web Gateway versions 5.2.1 and below suffer from a remote OS command injection vulnerability. • https://www.exploit-db.com/exploits/36263 http://karmainsecurity.com/KIS-2014-19 http://osvdb.org/show/osvdb/116009 http://packetstormsecurity.com/files/130612/Symantec-Web-Gateway-5-restore.php-Command-Injection.html http://www.exploit-db.com/exploits/36263 http://www.securityfocus.com/bid/71620 http://www.securitytracker.com/id/1031386 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20141216_00 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2014-1650
https://notcve.org/view.php?id=CVE-2014-1650
SQL injection vulnerability in user.php in the management console in Symantec Web Gateway (SWG) before 5.2.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en user.php en la consola de gestión en Symantec Web Gateway (SWG) anterior a 5.2.1 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través de vectores no especificados. • http://www.securityfocus.com/bid/67753 http://www.securitytracker.com/id/1030443 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=securit%20y_advisory&pvid=security_advisory&year=&suid=20140616_00 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2014&suid=20140616_00 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2014-1652
https://notcve.org/view.php?id=CVE-2014-1652
Multiple cross-site scripting (XSS) vulnerabilities in the management console in Symantec Web Gateway (SWG) before 5.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified report parameters. Múltiples vulnerabilidades de XSS en la consola de gestión en Symantec Web Gateway (SWG) anterior a 5.2 permiten a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de parámetros report manipulados. • http://www.kb.cert.org/vuls/id/719172 http://www.securityfocus.com/bid/67755 http://www.securitytracker.com/id/1030443 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=securit%20y_advisory&pvid=security_advisory&year=&suid=20140616_00 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2014&suid=20140616_00 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •