3 matches found
Symantec Encryption Gateway Remote Command Injection
!/usr/bin/perl -w use LWP::UserAgent; Vantage Point Security Advisory 2014-007 Title: Symantec Encryption Management Server - Remote Command Injection Exploit CVE: CVE-2014-7288 Vendor: Symantec Affected Product: Symantec Encryption Gateway Affected Versions: \n"; printf "\t$0...
Symantec Encryption Management Server Database Backup Command Injection (CVE-2014-7288)
A command-injection vulnerability has been reported in Symantec Encryption Management Server. The vulnerability is due to insufficient sanitization of user-supplied input when processing database backup commands from the Web UI. A remote, authenticated attacker could exploit this vulnerability by...
CVE-2014-7288
Symantec Encryption Management Server (and PGP Universal Server) prior to 3.3.2 MP7 is affected by CVE-2014-7288. The issue allows an authenticated administrator to execute arbitrary shell commands via a crafted database-backup restore command. OpenVAS identifies it as a local command-injection v...