6 matches found
Symantec Web Gateway dbutils.php SQL Injection (CVE-2014-1651)
An SQL injection vulnerability exists in Symantec Web Gateway. The vulnerability is due to lack of proper sanitization of the "hostname" HTTP parameter passed to some PHP pages. A remote, authenticated attacker could exploit this vulnerability by sending a crafted HTTP request to the vulnerable...
Symantec Web Gateway < 5.2.1 Multiple Vulnerabilities (SYM14-010)
According to its self-reported version number, the remote web server is hosting a version of Symantec Web Gateway prior to version 5.2.1. It is, therefore, affected by the following vulnerabilities : - A remote command execution flaw exists with the 'SNMPConfig.php' where user input is not proper...
CVE-2014-1651
SQL injection vulnerability in clientreport.php in the management console in Symantec Web Gateway SWG before 5.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2014-1651
SQL injection vulnerability in clientreport.php in the management console in Symantec Web Gateway SWG before 5.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2014-1651
CVE-2014-1651 affects Symantec Web Gateway (SWG) management console: SQL injection in clientreport.php allows a remote attacker to execute arbitrary SQL commands before version 5.2. The issue is tied to improper input handling (hostname parameter). Remediation per SYM14-010 is to upgrade to SWG 5...
Symantec Web Gateway Security Issues
SUMMARY Symantec Web Gateway SWG 5.2 Appliance management console is susceptible to security issues. Successful exploitation could result in unauthorized command execution on or access to the management console. There is also potential for unauthorized backend database manipulation. AFFECTED...