3 matches found
Symantec Web Gateway Management GUI远程SQL注入漏洞
BUGTRAQ ID: 45742 CVE ID: CVE-2010-0115 Symantec Web Gateway是赛门铁克企业级网页威胁防护解决方案。 Symantec Web Gateway在SQL查询中使用用户提供的数据前没有正确过滤,在实现上存在安全漏洞,远程攻击者可利用此漏洞控制设备、访问或修改数据或利用基础数据库中的潜在漏洞。 在向login.php页面发送解析请求时,进程未正确过滤USERNAME POST参数。提供发送特制的字符串,远程攻击者可利用此漏洞向服务器上的后端数据库注入任意SQL。 Symantec Web Gateway 4.5 厂商补丁: Symant...
CVE-2010-0115
Symantec Web Gateway 4.5 (before 4.5.0.376) contains a SQL injection in login.php’s USERNAME parameter in the GUI management console. The vulnerability allows remote attackers to inject arbitrary SQL into backend queries, potentially affecting data confidentiality, integrity, and availability. So...
Symantec Web Gateway Blind SQL Injection
SUMMARY Symantecs Web Gateway management GUI is susceptible to a blind SQL injection attack which could result in injection of arbitrary code into the backend database. AFFECTED PRODUCTS Product | Version | Solution ---|---|--- Symantec Web Gateway | 4.5 | Apply DB update 4.5.0.376 ISSUES Severit...