CVSS: 5.5EPSS: 7%CPEs: 43EXPL: 2CVE-2016-5309 – Symantec RAR Decomposer Engine (Multiple Products) - Out-of-Bounds Read / Out-of-Bounds Write
https://notcve.org/view.php?id=CVE-2016-5309
14 Apr 2017 — The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec Endpoint Protection (SEP) for Windows before 12.1.6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1.6 MP6; Symantec Endpoint Protection for Small Business Enterprise (SEP SBE/SEP.Cloud); Symantec Endpoint Protection Cloud (SEPC) for Windows/Mac; Symantec ... • https://www.exploit-db.com/exploits/40405 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 9%CPEs: 43EXPL: 2CVE-2016-5310 – Symantec RAR Decomposer Engine (Multiple Products) - Out-of-Bounds Read / Out-of-Bounds Write
https://notcve.org/view.php?id=CVE-2016-5310
14 Apr 2017 — The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec Endpoint Protection (SEP) for Windows before 12.1.6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1.6 MP6; Symantec Endpoint Protection for Small Business Enterprise (SEP SBE/SEP.Cloud); Symantec Endpoint Protection Cloud (SEPC) for Windows/Mac; Symantec ... • https://www.exploit-db.com/exploits/40405 • CWE-787: Out-of-bounds Write •
CVSS: 9.0EPSS: 25%CPEs: 1EXPL: 2CVE-2016-5313 – Symantec Web Gateway 5.2.2 OS Command Injection
https://notcve.org/view.php?id=CVE-2016-5313
06 Oct 2016 — Symantec Web Gateway (SWG) before 5.2.5 allows remote authenticated users to execute arbitrary OS commands. Symantec Web Gateway (SWG) en versiones anteriores a 5.2.5 permite a usuarios remotos autenticados a ejecutar comandos arbitrarios OS. Symantec Web Gateway versions 5.2.2 and below suffer from an OS command injection vulnerability in new_whitelist.php. • https://packetstorm.news/files/id/139006 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2015-6547
https://notcve.org/view.php?id=CVE-2015-6547
20 Sep 2015 — The management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to execute arbitrary commands at boot time via unspecified vectors. Vulnerabilidad en la consola de gestión en Symantec Web Gateway (SWG) en dispositivos con software en versiones anteriores a 5.2.2 DB 5.0.0.1277, permite a usuarios remotos autenticados ejecutar comandos arbitrarios en tiempo de arranque a través de vectores no especificados. • http://www.securityfocus.com/bid/76730 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2015-6548
https://notcve.org/view.php?id=CVE-2015-6548
20 Sep 2015 — Multiple SQL injection vulnerabilities in a PHP script in the management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL múltiple en el script PHP en la consola de gestión en Symantec Web Gateway (SWG) en aparatos con software en versiones anteriores a 5.2.2 DB 5.0.0.1277, permite a usuarios remotos autenticados ejecutar comandos SQL arbitrario... • http://www.securityfocus.com/bid/76729 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5690 – Symantec Web Gateway Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-5690
16 Sep 2015 — The management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to bypass intended access restrictions and execute arbitrary commands by leveraging a "redirect." Vulnerabilidad en la consola de gestión en Symantec Web Gateway (SWG) en dispositivos con software en versiones anteriores a 5.2.2 DB 5.0.0.1277, permite a usuarios remotos autenticados eludir las restricciones destinadas al acceso y ejecutar comandos arbitarios mediante el ... • http://www.securityfocus.com/bid/76725 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.5EPSS: 1%CPEs: 1EXPL: 0CVE-2015-5691 – Symantec Web Gateway Arbitrary PHP File Upload Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-5691
16 Sep 2015 — Multiple cross-site scripting (XSS) vulnerabilities in PHP scripts in the management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, as demonstrated an attack against admin_messages.php. Múltiples vulnerabilidades de XSS en scripts PHP en la consola de gestión en Symantec Web Gateway (SWG) en dispositivos con software en versiones anteriores a 5.2.2 DB 5.0.0.1277, permite a atacan... • http://www.securityfocus.com/bid/76728 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 7%CPEs: 1EXPL: 0CVE-2015-5692 – Symantec Web Gateway Arbitrary PHP File Upload Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-5692
16 Sep 2015 — admin_messages.php in the management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to execute arbitrary code by uploading a file with a safe extension and content type, and then leveraging an improper Sudo configuration to make this a setuid-root file. Vulnerabilidad en admin_messages.php en la consola de gestión en Symantec Web Gateway (SWG) en dispositivos con software en versiones anteriores a 5.2.2 DB 5.0.0.1277, permite a usu... • http://www.securityfocus.com/bid/76726 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 1%CPEs: 1EXPL: 0CVE-2015-5693 – Symantec Web Gateway Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-5693
16 Sep 2015 — The management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to execute arbitrary commands via vectors related to "traffic capture." Vulnerabilidad en la consola de gestión en Symantec Web Gateway (SWG) en dispositivos con software en versiones anteriores a 5.2.2 DB 5.0.0.1277, permite a usuarios remotos autenticados ejecutar comandos arbitrarios a través de vectores relacionados con la 'captura de tráfico'. This vulnerability all... • http://www.securityfocus.com/bid/76731 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 70%CPEs: 1EXPL: 4CVE-2014-7285 – Symantec Web Gateway 5 - 'restore.php' (Authenticated) Command Injection
https://notcve.org/view.php?id=CVE-2014-7285
17 Dec 2014 — The management console on the Symantec Web Gateway (SWG) appliance before 5.2.2 allows remote authenticated users to execute arbitrary OS commands by injecting command strings into unspecified PHP scripts. La consola de gestión de en el dispositivo Symantec Web Gateway (SWG) anterior a 5.2.2 permite a usuarios remotos autenticados ejecutar comandos del sistema operativo arbitrarios mediante la inyección de cadenas de comandos en secuencias de comandos PHP no especificadas. Symantec Web Gateway versions 5.2.... • https://packetstorm.news/files/id/129780 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •