20 matches found
Symantec Web Gateway 5.0.2.8 Command Execution Vulnerability
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...
Symantec Web Gateway Management Console Remote Shell Command Execution (CVE-2012-0297)
A remote command execution vulnerability has been reported in Symantec Web Gateway. The vulnerability is due to improper input validation by the web server. A remote attacker can exploit this issue by sending a specially crafted HTTP request to the affected server. Successful exploitation could...
Symantec Web Gateway 5.0.2.8 Multiple Vulnerabilities
Exploit for linux platform in category web applications Software: Symantec Web Gateway Current Software Version: 5.0.2.8 Product homepage: www.symantec.com Author: S2 Crew Hungary CVE: CVE-2012-0297, CVE-2012-0298, ??? File include:...
Symantec Web Gateway 5.0.28 LFI / Code Execution
Software: Symantec Web Gateway Current Software Version: 5.0.2.8 Product homepage: www.symantec.com Author: S2 Crew Hungary CVE: CVE-2012-0297, CVE-2012-0298, ??? File include: https://192.168.82.207/spywall/previewProxyError.php?err=../../../../../../../../etc/passwd File include and OS command...
ZDI-12-090 : Symantec Web Gateway Shell Command Injection Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-090 : Symantec Web Gateway Shell Command Injection Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-090 June 8, 2012 - -- CVE ID: CVE-2012-0297 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected...
Symantec Web Gateway 5.0.2.8 - 'ipchange.php' Command Injection (Metasploit)
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "Symantec Web...
Symantec Web Gateway access_log PHP Injection
Added: 06/11/2012 CVE: CVE-2012-0297 BID: 53444 OSVDB: 82023 Background Symantec Web Gateway protects organizations against multiple types of Web-based malware and prevents data loss over the Web. Problem Symantec Web Gateway fails to properly sanitize user-supplied input passed to...
Symantec Web Gateway access_log PHP Injection
Added: 06/11/2012 CVE: CVE-2012-0297 BID: 53444 OSVDB: 82023 Background Symantec Web Gateway protects organizations against multiple types of Web-based malware and prevents data loss over the Web. Problem Symantec Web Gateway fails to properly sanitize user-supplied input passed to...
Symantec Web Gateway 5.0.2.8 ipchange.php Command Injection
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "Symantec Web...
Symantec Web Gateway access_log PHP Injection
Added: 06/11/2012 CVE: CVE-2012-0297 BID: 53444 OSVDB: 82023 Background Symantec Web Gateway protects organizations against multiple types of Web-based malware and prevents data loss over the Web. Problem Symantec Web Gateway fails to properly sanitize user-supplied input passed to...
Symantec Web Gateway access_log PHP Injection
Added: 06/11/2012 CVE: CVE-2012-0297 BID: 53444 OSVDB: 82023 Background Symantec Web Gateway protects organizations against multiple types of Web-based malware and prevents data loss over the Web. Problem Symantec Web Gateway fails to properly sanitize user-supplied input passed to...
Symantec Web Gateway 5.0.2.8 ipchange.php Command Injection
This module exploits a command injection vulnerability found in Symantec Web Gateway's HTTP service due to the insecure usage of the exec function. This module abuses the spywall/ipchange.php file to execute arbitrary OS commands without authentication. This module requires Metasploit:...
Symantec Web Gateway 5.0.2.8 Command Execution
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...
Symantec Web Gateway 5.0.2.8 relfile File Inclusion Vulnerability
This module exploits a vulnerability found in Symantec Web Gateway's HTTP service. By injecting PHP code in the access log, it is possible to load it with a directory traversal flaw, which allows remote code execution under the context of 'apache'. Please note that it may take up to several minut...
Symantec Web Gateway 5.0.2.8 Command Execution
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "Symantec Web...
Symantec Web Gateway 5.0.2.8 Command Execution
Exploit for linux platform in category remote exploits This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/...
CVE-2012-0297
creationtimestamp| type| source ---|---|--- 2012-05-26 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/18932 2012-05-28 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/18942 2012-06-12 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/19065 2012-06-27...
DSquare Exploit Pack: D2SEC_SYMWEBGW
Name| d2secsymwebgw ---|--- CVE| CVE-2012-0297 Exploit Pack| D2ExploitPack Description| Symantec Web Gateway 5.0.2 Local File Include Vulnerability Notes|...
CVE-2012-0297
The management GUI in Symantec Web Gateway 5.0.x before 5.0.3 does not properly restrict access to application scripts, which allows remote attackers to execute arbitrary code by 1 injecting crafted data or 2 including crafted data...
CVE-2012-0297
Symantec Web Gateway 5.0.x (pre-5.0.3) exposes a remote command injection/remote code execution vulnerability in the HTTP service (spywall/ipchange.php and related endpoints). The core issue is improper input handling and insecure usage of server-side scripts that allows an attacker to inject or ...