Page 5 of 24 results (0.009 seconds)

CVSS: 7.7EPSS: 0%CPEs: 5EXPL: 0

Symantec Messaging Gateway (SMG) before 10.0 allows remote authenticated users to modify the web application by leveraging access to the management interface. Symantec Messaging Gateway anterior a v10.0 permite a usuarios autenticados de forma remota modificar la aplicación web aprovechando el acceso a la interfaz de gestión. • http://www.securityfocus.com/bid/55141 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120827_00 https://exchange.xforce.ibmcloud.com/vulnerabilities/78032 •

CVSS: 4.3EPSS: 1%CPEs: 5EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in Symantec Messaging Gateway (SMG) before 10.0 allow remote attackers to inject arbitrary web script or HTML via (1) web content or (2) e-mail content. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Symantec Messaging Gateway anterior a v10.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de contenido web (1) o (2) el contenido de e-mail. • http://www.securityfocus.com/bid/55138 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120827_00 https://exchange.xforce.ibmcloud.com/vulnerabilities/78031 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.8EPSS: 3%CPEs: 6EXPL: 1

Cross-site request forgery (CSRF) vulnerability in Symantec Messaging Gateway (SMG) before 10.0 allows remote attackers to hijack the authentication of administrators. Vulnerabilidad de falsificación de peticiones en sitios cruzados (CSRF) en Symantec Messaging Gateway anterior a v10.0 permite a atacantes remotos secuestrar la autenticación de los administradores • https://www.exploit-db.com/exploits/23109 http://www.securityfocus.com/bid/55137 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120827_00 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 7.9EPSS: 18%CPEs: 5EXPL: 1

Symantec Messaging Gateway (SMG) before 10.0 has a default password for an unspecified account, which makes it easier for remote attackers to obtain privileged access via an SSH session. Symantec Messaging Gateway anterior a v10.0 tiene por defecto una contraseña para una cuenta no especificada, lo que hace más fácil para atacantes remotos obtener privilegios de acceso a través de una sesión SSH. • https://www.exploit-db.com/exploits/21136 http://packetstormsecurity.com/files/116277/Symantec-Messaging-Gateway-9.5-Default-SSH-Password.html http://www.securityfocus.com/bid/55143 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120827_00 https://exchange.xforce.ibmcloud.com/vulnerabilities/78034 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&suid=20120827_00 • CWE-264: Permissions, Privileges, and Access Controls •