CVE-2016-2204
https://notcve.org/view.php?id=CVE-2016-2204
The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to obtain root-shell access via crafted terminal-window input. La consola de gestión en dispositivos Symantec Messaging Gateway (SMG) Appliance en versiones anteriores a 10.6.1 permite a usuarios locales obtener acceso root-shell a través de la entrada en ventana de terminal manipulada. • http://www.securityfocus.com/bid/86138 http://www.securitytracker.com/id/1035609 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160418_00 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVE-2016-2203 – Symantec Brightmail 10.6.0-7 - LDAP Credentials Disclosure
https://notcve.org/view.php?id=CVE-2016-2203
The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to discover an encrypted AD password by leveraging certain read privileges. La consola de gestión en dispositivos Symantec Messaging Gateway (SMG) Appliance en versiones anteriores a 10.6.1 permite a usuarios locales descubrir una contraseña AD cifrada aprovechando determinados privilegios de lectura. Symantec Brightmail versions 10.6.0-7 and below save the AD password in a place where it can be retrieved. • https://www.exploit-db.com/exploits/39715 http://packetstormsecurity.com/files/136758/Symantec-Brightmail-10.6.0-7-LDAP-Credential-Grabber.html http://www.securityfocus.com/bid/86137 http://www.securitytracker.com/id/1035609 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160418_00 https://www.broadcom.com/support/security-center/securityupdates/detail?fid=security_advisory&pvid=security_advisory&suid=20160418_00&year= • CWE-255: Credentials Management Errors •