Lucene search
K

3 matches found

seebug.org
seebug.org
added 2011/01/19 12:0 a.m.28 views

Symantec Web Gateway Management GUI远程SQL注入漏洞

BUGTRAQ ID: 45742 CVE ID: CVE-2010-0115 Symantec Web Gateway是赛门铁克企业级网页威胁防护解决方案。 Symantec Web Gateway在SQL查询中使用用户提供的数据前没有正确过滤,在实现上存在安全漏洞,远程攻击者可利用此漏洞控制设备、访问或修改数据或利用基础数据库中的潜在漏洞。 在向login.php页面发送解析请求时,进程未正确过滤USERNAME POST参数。提供发送特制的字符串,远程攻击者可利用此漏洞向服务器上的后端数据库注入任意SQL。 Symantec Web Gateway 4.5 厂商补丁: Symant...

7.5CVSS6.4AI score0.02364EPSS
Exploits1
CVE
CVE
added 2011/01/14 10:0 p.m.62 views

CVE-2010-0115

Symantec Web Gateway 4.5 (before 4.5.0.376) contains a SQL injection in login.php’s USERNAME parameter in the GUI management console. The vulnerability allows remote attackers to inject arbitrary SQL into backend queries, potentially affecting data confidentiality, integrity, and availability. So...

7.5CVSS8.6AI score0.02364EPSS
Exploits1References8Affected Software1
Symantec
Symantec
added 2011/01/12 8:0 a.m.39 views

Symantec Web Gateway Blind SQL Injection

SUMMARY Symantecs Web Gateway management GUI is susceptible to a blind SQL injection attack which could result in injection of arbitrary code into the backend database. AFFECTED PRODUCTS Product | Version | Solution ---|---|--- Symantec Web Gateway | 4.5 | Apply DB update 4.5.0.376 ISSUES Severit...

7.5CVSS0.3AI score0.02364EPSS
Exploits1Affected Software1
Rows per page
Query Builder