Lucene search
+L

335 matches found

CVE
CVE
added 2016/04/22 6:0 p.m.50 views

CVE-2016-2204

Consolidated details for CVE-2016-2204 (and related CVE-2016-2203) in Symantec Messaging Gateway (SMG) Appliance: The SMG 10.x management console before 10.6.1 is affected by local privilege escalation. Specifically, CVE-2016-2204 allows a local attacker to gain a root shell in the console by man...

8.2CVSS7.8AI score0.00667EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2016/04/22 6:0 p.m.28 views

CVE-2016-2204

The management console on Symantec Messaging Gateway SMG Appliance devices before 10.6.1 allows local users to obtain root-shell access via crafted terminal-window input...

7.9AI score0.00667EPSS
Exploits0References3
Cvelist
Cvelist
added 2016/04/22 6:0 p.m.34 views

CVE-2016-2203

The management console on Symantec Messaging Gateway SMG Appliance devices before 10.6.1 allows local users to discover an encrypted AD password by leveraging certain read privileges...

7.7AI score0.0706EPSS
Exploits6References5
OpenVAS
OpenVAS
added 2016/04/22 12:0 a.m.25 views

Symantec Messaging Gateway Multiple Vulnerabilities (SYM16-005)

Symantec Messaging Gateway is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

8.2CVSS7.8AI score0.0706EPSS
Exploits6References3
Metasploit
Metasploit
added 2016/04/20 3:5 p.m.36 views

Symantec Messaging Gateway 10 Exposure of Stored AD Password Vulnerability

This module will grab the AD account saved in Symantec Messaging Gateway and then decipher it using the disclosed Symantec PBE key. Note that authentication is required in order to successfully grab the LDAP credentials, and you need at least a read account. Version 10.6.0-7 and earlier are...

7AI score
Exploits0
CNVD
CNVD
added 2016/04/19 12:0 a.m.3 views

Symantec Messaging Gateway Stored AD Password Vulnerability

Symantec Messaging Gateway is a suite of anti-spam, anti-virus, advanced content filtering and data leakage protection technologies from Symantec. A security vulnerability exists in the management console of Symantec Messaging Gateway versions prior to 10.6.0-7. An attacker could exploit the...

7.8CVSS6.7AI score0.0706EPSS
Exploits6References1
CISA
CISA
added 2016/04/19 12:0 a.m.11 views

Symantec Releases Security Updates

Symantec has released security updates to address vulnerabilities in its Messaging Gateway SMG Appliance software. Exploitation of one of these vulnerabilities could allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review Symantec...

6.9AI score
Exploits0References1
CNVD
CNVD
added 2016/04/19 12:0 a.m.4 views

Symantec Messaging Gateway Elevation of Privilege Vulnerability

Symantec Messaging Gateway is a suite of anti-spam, anti-virus, advanced content filtering and data leakage protection technologies from Symantec. A security vulnerability exists in the management console of Symantec Messaging Gateway versions prior to 10.6.0-7. The vulnerability can be exploited...

8.2CVSS7.5AI score0.00667EPSS
Exploits0References1
Symantec
Symantec
added 2016/04/18 8:0 a.m.32 views

Symantec Messaging Gateway Multiple Security Issues

SUMMARY Symantec Messaging Gateway SMG Appliance management console was susceptible to potential recovery of the AD password by any user with at least authorized read access to the appliance. Also, an admin or support user could potentially escalate a lower-privileged access to root on the...

6.5CVSS0.0706EPSS
Exploits6Affected Software1
CNVD
CNVD
added 2015/07/16 12:0 a.m.4 views

Cisco ASR Denial of Service Vulnerability (CNVD-2015-04675)

The Cisco ASR 5000 Series is a carrier-class platform for deploying high-demand 3G networks and migrating to Long Term Evolution LTE. A denial-of-service vulnerability exists in the Cisco ASR 5000 Series Messaging Data Network Gateway, which could be exploited by a remote attacker to submit a...

5CVSS6.9AI score0.01988EPSS
Exploits0References1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.19 views

Symantec Messaging Gateway 9.5/9.5.1 SSH Default Password Security Bypass Vulnerability

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.19 views

Symantec Messaging Gateway 9.5.3-3 CSRF Vulnerability

No description provided by source. ======= Summary ======= Name: Symantec Messaging Gateway - Easy CSRF to add a backdoor-administrator for example Release Date: 30 November 2012 Reference: NGS00263 Discoverer: Ben Williams [email protected] Vendor: Symantec Vendor Reference: Systems...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.19 views

Symantec Messaging Gateway 9.5.3-3 Arbitrary File Download

No description provided by source. ======= Summary ======= Name: Symantec Messaging Gateway - Arbitrary file download is possible with a crafted URL authenticated Release Date: 30 November 2012 Reference: NGS00266 Discoverer: Ben Williams [email protected] Vendor: Symantec Vendor...

7.1AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2014/05/25 12:0 a.m.17 views

Symantec Messaging Gateway Management Console Cross Site Scripting (CVE-2014-1648)

A reflected Cross-Site Scripting vulnerability exists in Symantec Messaging Gateway Management Console. The vulnerability is due to insufficient input validation of the "displayTab" parameter. A remote unauthenticated attacker can exploit this vulnerability to execute arbitrary script code in the...

6.5AI score0.02088EPSS
Exploits2
OpenVAS
OpenVAS
added 2014/05/02 12:0 a.m.16 views

Symantec Messaging Gateway 10.x < 10.5.2 XSS Vulnerability

Symantec Messaging Gateway is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

4.3CVSS6.1AI score0.02088EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2014/04/24 12:0 a.m.17 views

Symantec Messaging Gateway 10.x < 10.5.2 Management Console XSS (SYM14-006)

According to its self-reported version number, the version of Symantec Messaging Gateway running on the remote host is 10.x less than 10.5.2, and is therefore affected by a cross-site scripting vulnerability. A cross-site scripting flaw exists in the...

4.3CVSS5.6AI score0.02088EPSS
Exploits2References3
NVD
NVD
added 2014/04/23 11:52 a.m.19 views

CVE-2014-1648

Cross-site scripting XSS vulnerability in brightmail/setting/compliance/DlpConnectFlow$view.flo in the management console in Symantec Messaging Gateway 10.x before 10.5.2 allows remote attackers to inject arbitrary web script or HTML via the displayTab parameter...

4.3CVSS5.6AI score0.02088EPSS
Exploits2References4
Prion
Prion
added 2014/04/23 11:52 a.m.19 views

Cross site scripting

Cross-site scripting XSS vulnerability in brightmail/setting/compliance/DlpConnectFlow$view.flo in the management console in Symantec Messaging Gateway 10.x before 10.5.2 allows remote attackers to inject arbitrary web script or HTML via the displayTab parameter...

4.3CVSS6.1AI score0.02088EPSS
Exploits2References4Affected Software1
Cvelist
Cvelist
added 2014/04/23 10:0 a.m.22 views

CVE-2014-1648

Cross-site scripting XSS vulnerability in brightmail/setting/compliance/DlpConnectFlow$view.flo in the management console in Symantec Messaging Gateway 10.x before 10.5.2 allows remote attackers to inject arbitrary web script or HTML via the displayTab parameter...

5.6AI score0.02088EPSS
Exploits2References4
CVE
CVE
added 2014/04/23 10:0 a.m.64 views

CVE-2014-1648

CVE-2014-1648 is a reflected XSS in Symantec Messaging Gateway 10.x prior to 10.5.2. The vulnerability resides in the management console’s brightmail/setting/compliance/DlpConnectFlow$view.flo component, exploitable via the displayTab parameter to inject arbitrary script/HTML in a user’s browser....

4.3CVSS5.7AI score0.02088EPSS
Exploits2References4Affected Software1
Rows per page
Query Builder