CVE-2015-5692

adminmessages.php in the management console on Symantec Web Gateway SWG appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to execute arbitrary code by uploading a file with a safe extension and content type, and then leveraging an improper Sudo configuration to...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in PHP scripts in the management console on Symantec Web Gateway SWG appliances with software before 5.2.2 DB 5.0.0.1277 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, as demonstrated an attack against...

CVE-2015-5692

Symantec Web Gateway (SWG) management console prior to SWG 5.2.2 with DB 5.0.0.1277 is affected by CVE-2015-5692. The issue resides in admin_messages.php, where improper sanitization of uploaded files and a weak sudo configuration allow an authenticated attacker to upload a safe file and leverage...

CVE-2015-5692

adminmessages.php in the management console on Symantec Web Gateway SWG appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to execute arbitrary code by uploading a file with a safe extension and content type, and then leveraging an improper Sudo configuration to...

Symantec Web Gateway Arbitrary PHP File Upload Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Web Gateway. Authentication is required to exploit this vulnerability, however it can be bypassed via reflected cross-site scripting. The specific flaw exists within the adminmessages.php...