CVE-2012-2976
https://notcve.org/view.php?id=CVE-2012-2976
The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary shell commands via crafted input to application scripts, related to an "injection" issue. La consola de gestión en Symantec Web Gateway v5.0.x anteriores a v5.0.3.18 permite a atacantes remotos ejecutar comandos del sistema a través de una entrada manipulada sobre secuencias de comandos (script) de aplicación, relacionado con una característica de "injection". • http://www.kb.cert.org/vuls/id/108471 http://www.securityfocus.com/bid/54427 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120720_00 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2012-2574 – Symantec Web Gateway 5.0.2 - 'blocked.php?id' Blind SQL Injection
https://notcve.org/view.php?id=CVE-2012-2574
SQL injection vulnerability in the management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to a "blind SQL injection" issue. Vulnerabilidad de inyección SQL en la consola de gestión en Symantec Web Gateway v5.0.x anteriores a v5.0.3.18, permite a atacantes remotos ejecutar comandos SQL de su elección a través de vectores desconocidos, relacionado con "blind SQL injection". Symantec Web Gateway version 5.0.2 suffers from a remote blind SQL injection vulnerability. • https://www.exploit-db.com/exploits/20038 http://www.kb.cert.org/vuls/id/108471 http://www.securityfocus.com/bid/54424 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120720_00 https://exchange.xforce.ibmcloud.com/vulnerabilities/77112 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2012-2977 – Symantec Web Gateway 5.0.3.18 - Arbitrary Password Change
https://notcve.org/view.php?id=CVE-2012-2977
The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to change arbitrary passwords via crafted input to an application script. La consola de gestión en Symantec Web Gateway v5.0.x anteriores a v5.0.3.18 permite a atacantes remotos a cambiar contraseñas a través de una entrada manipulada sobre una secuencia de comandos (script) de aplicación. • https://www.exploit-db.com/exploits/20707 https://www.exploit-db.com/exploits/20706 http://www.kb.cert.org/vuls/id/108471 http://www.securityfocus.com/bid/54430 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120720_00 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2012-2961 – Symantec Web Gateway 5.0.3.18 - Blind SQL Injection Backdoor via MySQL Triggers
https://notcve.org/view.php?id=CVE-2012-2961
SQL injection vulnerability in the management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en la consola de gestión en Symantec Web Gateway v5.0.x anteriores a v5.0.3.18, permite a atacantes remotos ejecutar comandos SQL de su elección a través de vectores no especificados. Symantec Web Gateway version 5.0.3.18 suffers from a remote blind SQL injection backdoor via MySQL triggers. • https://www.exploit-db.com/exploits/20044 http://www.kb.cert.org/vuls/id/108471 http://www.securityfocus.com/bid/54425 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120720_00 https://exchange.xforce.ibmcloud.com/vulnerabilities/77116 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2012-0296
https://notcve.org/view.php?id=CVE-2012-0296
Multiple cross-site scripting (XSS) vulnerabilities in the management GUI in Symantec Web Gateway 5.0.x before 5.0.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en la gestión del GUI en Symantec Web Gateway v5.0.x anteriores a v5.0.3, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través vectores no especificados. • http://www.securityfocus.com/bid/53396 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120517_00 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •