CVSS: 6.5EPSS: 96%CPEs: 1EXPL: 3CVE-2016-5312 – Symantec Messaging Gateway 10.6.1 - Directory Traversal
https://notcve.org/view.php?id=CVE-2016-5312
Directory traversal vulnerability in the charting component in Symantec Messaging Gateway before 10.6.2 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the sn parameter to brightmail/servlet/com.ve.kavachart.servlet.ChartStream. La vulnerabilidad de desplazamiento de directorios en el componente de creación de gráficos en Symantec Messaging Gateway en versiones anteriores a 10.6.2 permite a los usuarios autenticados remotos leer archivos arbitrarios a través de .. (punto punto) en el parámetro sn a brightmail/servlet/com.ve.kavachart.servlet.ChartStream. Symantec Messaging Gateway versions 10.6.1 and below suffer from a directory traversal vulnerability. • https://www.exploit-db.com/exploits/40437 http://packetstormsecurity.com/files/138891/Symantec-Messaging-Gateway-10.6.1-Directory-Traversal.html http://seclists.org/fulldisclosure/2016/Sep/71 http://www.securityfocus.com/bid/93148 http://www.securitytracker.com/id/1036908 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160927_00 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.2EPSS: 0%CPEs: 7EXPL: 0CVE-2016-2204
https://notcve.org/view.php?id=CVE-2016-2204
The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to obtain root-shell access via crafted terminal-window input. La consola de gestión en dispositivos Symantec Messaging Gateway (SMG) Appliance en versiones anteriores a 10.6.1 permite a usuarios locales obtener acceso root-shell a través de la entrada en ventana de terminal manipulada. • http://www.securityfocus.com/bid/86138 http://www.securitytracker.com/id/1035609 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160418_00 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 5.0EPSS: 91%CPEs: 5EXPL: 2CVE-2012-4347 – Symantec Messaging Gateway 9.5.3-3 - Arbitrary File Download
https://notcve.org/view.php?id=CVE-2012-4347
Multiple directory traversal vulnerabilities in the management console in Symantec Messaging Gateway (SMG) 9.5.x allow remote authenticated users to read arbitrary files via a .. (dot dot) in the (1) logFile parameter in a logs action to brightmail/export or (2) localBackupFileSelection parameter in an APPLIANCE restoreSource action to brightmail/admin/restore/download.do. Múltiples vulnerabilidades de salto de directorio en Symantec Messaging Gateway v9.5 y v9.5.1 permite a atacantes leer ficheros arbitrarios mediante un .. (punto punto) en el (1) parámetro logFile en una acción de guardar la acción en brightmail/export o (2) parámetro localBackupFileSelection en una acción APPLIANCE restoreSource para brightmail/admin/restore/download.do. • https://www.exploit-db.com/exploits/23110 http://www.securityfocus.com/bid/56789 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120827_00 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.8EPSS: 3%CPEs: 6EXPL: 1CVE-2012-0308 – Symantec Messaging Gateway 9.5.3-3 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2012-0308
Cross-site request forgery (CSRF) vulnerability in Symantec Messaging Gateway (SMG) before 10.0 allows remote attackers to hijack the authentication of administrators. Vulnerabilidad de falsificación de peticiones en sitios cruzados (CSRF) en Symantec Messaging Gateway anterior a v10.0 permite a atacantes remotos secuestrar la autenticación de los administradores • https://www.exploit-db.com/exploits/23109 http://www.securityfocus.com/bid/55137 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120827_00 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 1%CPEs: 5EXPL: 0CVE-2012-0307
https://notcve.org/view.php?id=CVE-2012-0307
Multiple cross-site scripting (XSS) vulnerabilities in Symantec Messaging Gateway (SMG) before 10.0 allow remote attackers to inject arbitrary web script or HTML via (1) web content or (2) e-mail content. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Symantec Messaging Gateway anterior a v10.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de contenido web (1) o (2) el contenido de e-mail. • http://www.securityfocus.com/bid/55138 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120827_00 https://exchange.xforce.ibmcloud.com/vulnerabilities/78031 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •