Page 7 of 38 results (0.010 seconds)

CVSS: 5.0EPSS: 1%CPEs: 4EXPL: 2

The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to change arbitrary passwords via crafted input to an application script. La consola de gestión en Symantec Web Gateway v5.0.x anteriores a v5.0.3.18 permite a atacantes remotos a cambiar contraseñas a través de una entrada manipulada sobre una secuencia de comandos (script) de aplicación. • https://www.exploit-db.com/exploits/20707 https://www.exploit-db.com/exploits/20706 http://www.kb.cert.org/vuls/id/108471 http://www.securityfocus.com/bid/54430 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120720_00 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.5EPSS: 89%CPEs: 4EXPL: 1

SQL injection vulnerability in the management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en la consola de gestión en Symantec Web Gateway v5.0.x anteriores a v5.0.3.18, permite a atacantes remotos ejecutar comandos SQL de su elección a través de vectores no especificados. Symantec Web Gateway version 5.0.3.18 suffers from a remote blind SQL injection backdoor via MySQL triggers. • https://www.exploit-db.com/exploits/20044 http://www.kb.cert.org/vuls/id/108471 http://www.securityfocus.com/bid/54425 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120720_00 https://exchange.xforce.ibmcloud.com/vulnerabilities/77116 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 4.3EPSS: 66%CPEs: 3EXPL: 1

Multiple cross-site scripting (XSS) vulnerabilities in the management GUI in Symantec Web Gateway 5.0.x before 5.0.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en la gestión del GUI en Symantec Web Gateway v5.0.x anteriores a v5.0.3, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través vectores no especificados. • http://www.securityfocus.com/bid/53396 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120517_00 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 10.0EPSS: 97%CPEs: 3EXPL: 4

The management GUI in Symantec Web Gateway 5.0.x before 5.0.3 does not properly restrict access to application scripts, which allows remote attackers to execute arbitrary code by (1) injecting crafted data or (2) including crafted data. La interfaz de gestión en Symantec Web Gateway v5.0.x anteriores a v5.0.3 no restringe adecuadamente el acceso a los scripts de aplicaciones, lo que permite a atacantes remotos ejecutar código de su elección mediante (1) inyección de datos manipulados o (2) inclusión de datos manipulados. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Web Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists due to insufficiently filtered user-supplied data used in a call to exec() in multiple script pages. The affected scripts are located in '/spywall/ipchange.php' and 'network.php'. • https://www.exploit-db.com/exploits/18942 https://www.exploit-db.com/exploits/19406 https://www.exploit-db.com/exploits/18932 https://www.exploit-db.com/exploits/19065 http://www.securityfocus.com/bid/53444 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120517_00 https://exchange.xforce.ibmcloud.com/vulnerabilities/75731 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 1

The file-management scripts in the management GUI in Symantec Web Gateway 5.0.x before 5.0.3 allow remote attackers to (1) read or (2) delete arbitrary files via unspecified vectors. Los scripts de gestión de archivos de la GUI de gestión de Symantec Web Gateway 5.0.x anteriores a 5.0.3 permite a atacantes remotos (1) leer o (2) borrar archivos arbitrarios a través de vectores sin especificar. Symantec Web Gateway version 5.0.2.8 suffers from local file inclusion, remote command execution, and arbitrary file deletion vulnerabilities. • https://www.exploit-db.com/exploits/19406 http://www.securityfocus.com/bid/53442 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120517_00 https://exchange.xforce.ibmcloud.com/vulnerabilities/75732 • CWE-264: Permissions, Privileges, and Access Controls •