NotCVE - vendor:"Symantec"

Page 53 of 598 results (0.005 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 3

CVE-2012-4178 – Symantec Web Gateway 5.0.3.18 - 'deptUploads_data.php?groupid' Blind SQL Injection

https://notcve.org/view.php?id=CVE-2012-4178

SQL injection vulnerability in spywall/includes/deptUploads_data.php in Symantec Web Gateway 5.0.3.18 allows remote attackers to execute arbitrary SQL commands via the groupid parameter. Vulnerabilidad de inyección SQL en sywall/includes/deptUploads_data.php en Symantec Web Gateway v5.0.3.18 que permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro groupid. • https://www.exploit-db.com/exploits/20123 http://www.exploit-db.com/exploits/20123 http://www.securityfocus.com/bid/54721 http://www.securitytracker.com/id?1027358 https://exchange.xforce.ibmcloud.com/vulnerabilities/77264 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.2EPSS: 95%CPEs: 4EXPL: 1

CVE-2012-2957 – Symantec Web Gateway 5.0.3.18 - Local/Remote File Inclusion / Remote Command Execution

https://notcve.org/view.php?id=CVE-2012-2957

The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows local users to gain privileges by modifying files, related to a "file inclusion" issue. La consola de gestión en Symantec Web Gateway v5.0.x anterior a v5.0.3.18 permite a usuarios locales obtener privilegios modificando ficheros, relacionado con inclusión de ficheros (file inclusión). • https://www.exploit-db.com/exploits/20064 http://www.kb.cert.org/vuls/id/108471 http://www.securityfocus.com/bid/54429 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120720_00 https://exchange.xforce.ibmcloud.com/vulnerabilities/77113 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 10.0EPSS: 95%CPEs: 4EXPL: 2

CVE-2012-2953 – Symantec Web Gateway 5.0.2.18 - 'pbcontrol.php' Command Injection

https://notcve.org/view.php?id=CVE-2012-2953

The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary commands via crafted input to application scripts. La consola de gestión en Symantec Web Gateway v5.0.x anteriores a v5.0.3.18 permite a atacantes remotos ejecutar comandos a través de una entrada manipulada a una secuencia de comandos de aplicación. • https://www.exploit-db.com/exploits/20113 https://www.exploit-db.com/exploits/20088 http://www.kb.cert.org/vuls/id/108471 http://www.securityfocus.com/bid/54426 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120720_00 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 4.4EPSS: 0%CPEs: 3EXPL: 0

CVE-2012-0305

https://notcve.org/view.php?id=CVE-2012-0305

Untrusted search path vulnerability in Symantec System Recovery 2011 before SP2 and Backup Exec System Recovery 2010 before SP5 allows local users to gain privileges via a Trojan horse DLL in the current working directory. Vulnerabilidad de path de búsqueda no confiable en Symantec System Recovery 2011 anteriores a SP2 y Backup Exec System Recovery 2010 anteriores a SP5, podría permitir a usuario locales obtener privilegios a través de una DLL troyanizada en el directorio de trabajo actual. • http://www.securityfocus.com/bid/54594 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120720_01 •

CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0

CVE-2012-2976

https://notcve.org/view.php?id=CVE-2012-2976

The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary shell commands via crafted input to application scripts, related to an "injection" issue. La consola de gestión en Symantec Web Gateway v5.0.x anteriores a v5.0.3.18 permite a atacantes remotos ejecutar comandos del sistema a través de una entrada manipulada sobre secuencias de comandos (script) de aplicación, relacionado con una característica de "injection". • http://www.kb.cert.org/vuls/id/108471 http://www.securityfocus.com/bid/54427 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120720_00 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

1...51 52 53 54 55