Symantec Messaging Gateway Save.do Cross Site Request Forgery - Improved Performance (CVE-2012-0308)

A cross-site request forgery CSRF vulnerability has been reported in Symantec Messaging Gateway. The vulnerability is due to errors while validating user input. A remote attacker can exploit this vulnerability by enticing a user to open a specially crafted URI. Successful exploitation would allow...

Symantec Messaging Gateway 9.5.x Multiple Vulnerabilities (SYM12-013)

According to its self-reported version number, the version of Symantec Messaging Gateway running on the remote host is 9.5.x and has the following vulnerabilities : - Multiple XSS vulnerabilities exist. CVE-2012-0307 - Lack of password protection on sensitive functions as well as of CSRF protecti...

CVE-2012-0308

Summary (CVE-2012-0308): Symantec Messaging Gateway (SMG) prior to version 10.0 is vulnerable to a Cross-Site Request Forgery (CSRF) that can hijack the authentication of administrators. The issue stems from insufficient input validation, enabling a remote attacker to entice a logged-in admin to ...