CVSS: 6.5EPSS: 95%CPEs: 1EXPL: 3CVE-2016-5312 – Symantec Messaging Gateway 10.6.1 - Directory Traversal
https://notcve.org/view.php?id=CVE-2016-5312
Directory traversal vulnerability in the charting component in Symantec Messaging Gateway before 10.6.2 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the sn parameter to brightmail/servlet/com.ve.kavachart.servlet.ChartStream. La vulnerabilidad de desplazamiento de directorios en el componente de creación de gráficos en Symantec Messaging Gateway en versiones anteriores a 10.6.2 permite a los usuarios autenticados remotos leer archivos arbitrarios a través de .. (punto punto) en el parámetro sn a brightmail/servlet/com.ve.kavachart.servlet.ChartStream. Symantec Messaging Gateway versions 10.6.1 and below suffer from a directory traversal vulnerability. • https://www.exploit-db.com/exploits/40437 http://packetstormsecurity.com/files/138891/Symantec-Messaging-Gateway-10.6.1-Directory-Traversal.html http://seclists.org/fulldisclosure/2016/Sep/71 http://www.securityfocus.com/bid/93148 http://www.securitytracker.com/id/1036908 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160927_00 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.2EPSS: 0%CPEs: 7EXPL: 0CVE-2016-2204
https://notcve.org/view.php?id=CVE-2016-2204
The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to obtain root-shell access via crafted terminal-window input. La consola de gestión en dispositivos Symantec Messaging Gateway (SMG) Appliance en versiones anteriores a 10.6.1 permite a usuarios locales obtener acceso root-shell a través de la entrada en ventana de terminal manipulada. • http://www.securityfocus.com/bid/86138 http://www.securitytracker.com/id/1035609 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160418_00 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 5.0EPSS: 90%CPEs: 5EXPL: 2CVE-2012-4347 – Symantec Messaging Gateway 9.5.3-3 - Arbitrary File Download
https://notcve.org/view.php?id=CVE-2012-4347
Multiple directory traversal vulnerabilities in the management console in Symantec Messaging Gateway (SMG) 9.5.x allow remote authenticated users to read arbitrary files via a .. (dot dot) in the (1) logFile parameter in a logs action to brightmail/export or (2) localBackupFileSelection parameter in an APPLIANCE restoreSource action to brightmail/admin/restore/download.do. Múltiples vulnerabilidades de salto de directorio en Symantec Messaging Gateway v9.5 y v9.5.1 permite a atacantes leer ficheros arbitrarios mediante un .. (punto punto) en el (1) parámetro logFile en una acción de guardar la acción en brightmail/export o (2) parámetro localBackupFileSelection en una acción APPLIANCE restoreSource para brightmail/admin/restore/download.do. • https://www.exploit-db.com/exploits/23110 http://www.securityfocus.com/bid/56789 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120827_00 https://www.broadcom.com/support/security-center/securityupdates/detail?fid=security_advisory&pvid=security_advisory&suid=20120827_00&year=2012 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 3.3EPSS: 0%CPEs: 5EXPL: 0CVE-2012-3581
https://notcve.org/view.php?id=CVE-2012-3581
Symantec Messaging Gateway (SMG) before 10.0 allows remote attackers to obtain potentially sensitive information about component versions via unspecified vectors. Symantec Messaging Gateway anterior a v10.0 permite a atacantes remotos obtener información potencialmente sensible sobre versiones de componentes a través de vectores no especificados. • http://www.securityfocus.com/bid/55142 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120827_00 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.7EPSS: 0%CPEs: 5EXPL: 0CVE-2012-3580
https://notcve.org/view.php?id=CVE-2012-3580
Symantec Messaging Gateway (SMG) before 10.0 allows remote authenticated users to modify the web application by leveraging access to the management interface. Symantec Messaging Gateway anterior a v10.0 permite a usuarios autenticados de forma remota modificar la aplicación web aprovechando el acceso a la interfaz de gestión. • http://www.securityfocus.com/bid/55141 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120827_00 https://exchange.xforce.ibmcloud.com/vulnerabilities/78032 •