335 matches found
CVE-2016-2204
Consolidated details for CVE-2016-2204 (and related CVE-2016-2203) in Symantec Messaging Gateway (SMG) Appliance: The SMG 10.x management console before 10.6.1 is affected by local privilege escalation. Specifically, CVE-2016-2204 allows a local attacker to gain a root shell in the console by man...
CVE-2016-2204
The management console on Symantec Messaging Gateway SMG Appliance devices before 10.6.1 allows local users to obtain root-shell access via crafted terminal-window input...
CVE-2016-2203
The management console on Symantec Messaging Gateway SMG Appliance devices before 10.6.1 allows local users to discover an encrypted AD password by leveraging certain read privileges...
Symantec Messaging Gateway Multiple Vulnerabilities (SYM16-005)
Symantec Messaging Gateway is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Symantec Messaging Gateway 10 Exposure of Stored AD Password Vulnerability
This module will grab the AD account saved in Symantec Messaging Gateway and then decipher it using the disclosed Symantec PBE key. Note that authentication is required in order to successfully grab the LDAP credentials, and you need at least a read account. Version 10.6.0-7 and earlier are...
Symantec Messaging Gateway Stored AD Password Vulnerability
Symantec Messaging Gateway is a suite of anti-spam, anti-virus, advanced content filtering and data leakage protection technologies from Symantec. A security vulnerability exists in the management console of Symantec Messaging Gateway versions prior to 10.6.0-7. An attacker could exploit the...
Symantec Releases Security Updates
Symantec has released security updates to address vulnerabilities in its Messaging Gateway SMG Appliance software. Exploitation of one of these vulnerabilities could allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review Symantec...
Symantec Messaging Gateway Elevation of Privilege Vulnerability
Symantec Messaging Gateway is a suite of anti-spam, anti-virus, advanced content filtering and data leakage protection technologies from Symantec. A security vulnerability exists in the management console of Symantec Messaging Gateway versions prior to 10.6.0-7. The vulnerability can be exploited...
Symantec Messaging Gateway Multiple Security Issues
SUMMARY Symantec Messaging Gateway SMG Appliance management console was susceptible to potential recovery of the AD password by any user with at least authorized read access to the appliance. Also, an admin or support user could potentially escalate a lower-privileged access to root on the...
Cisco ASR Denial of Service Vulnerability (CNVD-2015-04675)
The Cisco ASR 5000 Series is a carrier-class platform for deploying high-demand 3G networks and migrating to Long Term Evolution LTE. A denial-of-service vulnerability exists in the Cisco ASR 5000 Series Messaging Data Network Gateway, which could be exploited by a remote attacker to submit a...
Symantec Messaging Gateway 9.5/9.5.1 SSH Default Password Security Bypass Vulnerability
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...
Symantec Messaging Gateway 9.5.3-3 CSRF Vulnerability
No description provided by source. ======= Summary ======= Name: Symantec Messaging Gateway - Easy CSRF to add a backdoor-administrator for example Release Date: 30 November 2012 Reference: NGS00263 Discoverer: Ben Williams [email protected] Vendor: Symantec Vendor Reference: Systems...
Symantec Messaging Gateway 9.5.3-3 Arbitrary File Download
No description provided by source. ======= Summary ======= Name: Symantec Messaging Gateway - Arbitrary file download is possible with a crafted URL authenticated Release Date: 30 November 2012 Reference: NGS00266 Discoverer: Ben Williams [email protected] Vendor: Symantec Vendor...
Symantec Messaging Gateway Management Console Cross Site Scripting (CVE-2014-1648)
A reflected Cross-Site Scripting vulnerability exists in Symantec Messaging Gateway Management Console. The vulnerability is due to insufficient input validation of the "displayTab" parameter. A remote unauthenticated attacker can exploit this vulnerability to execute arbitrary script code in the...
Symantec Messaging Gateway 10.x < 10.5.2 XSS Vulnerability
Symantec Messaging Gateway is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Symantec Messaging Gateway 10.x < 10.5.2 Management Console XSS (SYM14-006)
According to its self-reported version number, the version of Symantec Messaging Gateway running on the remote host is 10.x less than 10.5.2, and is therefore affected by a cross-site scripting vulnerability. A cross-site scripting flaw exists in the...
CVE-2014-1648
Cross-site scripting XSS vulnerability in brightmail/setting/compliance/DlpConnectFlow$view.flo in the management console in Symantec Messaging Gateway 10.x before 10.5.2 allows remote attackers to inject arbitrary web script or HTML via the displayTab parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in brightmail/setting/compliance/DlpConnectFlow$view.flo in the management console in Symantec Messaging Gateway 10.x before 10.5.2 allows remote attackers to inject arbitrary web script or HTML via the displayTab parameter...
CVE-2014-1648
Cross-site scripting XSS vulnerability in brightmail/setting/compliance/DlpConnectFlow$view.flo in the management console in Symantec Messaging Gateway 10.x before 10.5.2 allows remote attackers to inject arbitrary web script or HTML via the displayTab parameter...
CVE-2014-1648
CVE-2014-1648 is a reflected XSS in Symantec Messaging Gateway 10.x prior to 10.5.2. The vulnerability resides in the management console’s brightmail/setting/compliance/DlpConnectFlow$view.flo component, exploitable via the displayTab parameter to inject arbitrary script/HTML in a user’s browser....