11 matches found
Symantec Web Gateway OS Command Injection (CVE-2014-7285; CVE-2016-5313)
A remote command execution vulnerability has been reported in Symantec Web Gateway. The vulnerability is due to improper input validation. A remote attacker can exploit this issue by sending a malicious HTTP request containing a specially crafted parameter to the target server...
CVE-2014-7285
creationtimestamp| type| source ---|---|--- 2015-03-04 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/36263 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/symantecwebgatewayrestore.rb 2025-02-06 03:13:42+00:0...
Symantec Web Gateway 5 restore.php Command Injection
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 "Symantec Web Gateway 5 restore.php Post Authentication Command Injection", 'Description' = %q This module exploits a command injecti...
[KIS-2014-19] Symantec Web Gateway <= 5.2.1 (restore.php) OS Command Injection Vulnerability
------------------------------------------------------------------------------ Symantec Web Gateway = 5.2.1 restore.php OS Command Injection Vulnerability ------------------------------------------------------------------------------ - Software Link: http://www.symantec.com/web-gateway/ - Affecte...
Symantec Web Gateway 5.2.1 OS Command Injection Vilnerability
Symantec Web Gateway versions 5.2.1 and below suffer from a remote OS command injection vulnerability. ------------------------------------------------------------------------------ Symantec Web Gateway = 5.2.1 restore.php OS Command Injection Vulnerability...
Symantec Web Gateway 5.2.1 OS Command Injection
------------------------------------------------------------------------------ Symantec Web Gateway = 5.2.1 restore.php OS Command Injection Vulnerability ------------------------------------------------------------------------------ - Software Link: http://www.symantec.com/web-gateway/ - Affecte...
Symantec Web Gateway < 5.2.2 Authenticated OS Command Injection (SYM14-016)
According to its self-reported version number, the remote web server is hosting a version of Symantec Web Gateway prior to version 5.2.2. It is, therefore, affected by a operating system OS command injection vulnerability in an unspecified PHP script which impacts the management console. A remote...
Symantec Web Gateway < 5.2.2 Command Injection Vulnerability
Symantec Web Gateway is prone to a command injection vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2014-7285
CVE-2014-7285 affects Symantec Web Gateway (SWG) appliances running versions prior to 5.2.2. The vulnerability is an authenticated OS command injection in the management console, due to improper input validation in PHP scripts (notably potentially in restore-related functionality). An authenticat...
CVE-2014-7285
The management console on the Symantec Web Gateway SWG appliance before 5.2.2 allows remote authenticated users to execute arbitrary OS commands by injecting command strings into unspecified PHP scripts...
Symantec Web Gateway OS Authenticated Command Injection
SUMMARY Symantec's Web Gateway SWG Appliance management console is susceptible to operating system command injection by an authenticated but less-privileged user. AFFECTED PRODUCTS Product | Version | Solution ---|---|--- Symantec Web Gateway Appliance | 5.2.1 and prior | Symantec Web Gateway 5.2...