335 matches found
CVE-2012-3579
Symantec Messaging Gateway SMG before 10.0 has a default password for an unspecified account, which makes it easier for remote attackers to obtain privileged access via an SSH session...
CVE-2012-0307
Multiple cross-site scripting XSS vulnerabilities in Symantec Messaging Gateway SMG before 10.0 allow remote attackers to inject arbitrary web script or HTML via 1 web content or 2 e-mail content...
CVE-2012-3580
Symantec Messaging Gateway SMG before 10.0 allows remote authenticated users to modify the web application by leveraging access to the management interface...
CVE-2012-0308
Summary (CVE-2012-0308): Symantec Messaging Gateway (SMG) prior to version 10.0 is vulnerable to a Cross-Site Request Forgery (CSRF) that can hijack the authentication of administrators. The issue stems from insufficient input validation, enabling a remote attacker to entice a logged-in admin to ...
CVE-2012-3579
Symantec Messaging Gateway (SMG) versions before 10.0 are vulnerable to CVE-2012-3579 due to a hardcoded default SSH password on the support account, enabling remote login and privileged access via SSH. The issue is documented across multiple sources (SAINT advisories and OpenVAS/Nessus reference...
Symantec Messaging Gateway 9.5/9.5.1 SSH Default Password Security Bypass Vulnerability
Exploit for windows platform in category remote exploits This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework...
Symantec Messaging Gateway Security Issues
SUMMARY Symantec's Messaging Gateway management console is susceptible to several security issues including cross-site scripting/cross-site request forgery, an SSH account with a default password, file downloads and potential web application modifications. Successful exploitation could result in...
CVE-2011-0548
Buffer overflow in the Lotus Freelance Graphics PRZ file viewer in Autonomy KeyView, as used in Symantec Mail Security SMS 6.x through 8.x, Symantec Brightmail and Messaging Gateway before 9.5.1, and Symantec Data Loss Prevention DLP before 10.5.3 and 11.x before 11.1, allows remote attackers to...
Buffer overflow
Buffer overflow in the Lotus Freelance Graphics PRZ file viewer in Autonomy KeyView, as used in Symantec Mail Security SMS 6.x through 8.x, Symantec Brightmail and Messaging Gateway before 9.5.1, and Symantec Data Loss Prevention DLP before 10.5.3 and 11.x before 11.1, allows remote attackers to...
CVE-2011-0548
Buffer overflow in the Lotus Freelance Graphics PRZ file viewer in Autonomy KeyView, as used in Symantec Mail Security SMS 6.x through 8.x, Symantec Brightmail and Messaging Gateway before 9.5.1, and Symantec Data Loss Prevention DLP before 10.5.3 and 11.x before 11.1, allows remote attackers to...
CVE-2011-0548
CVE-2011-0548 concerns a buffer overflow in the Lotus Freelance Graphics PRZ file viewer component of Autonomy KeyView, used in Symantec Mail Security (SMS) 6.x–8.x, Symantec Brightmail and Messaging Gateway pre-9.5.1, and Symantec DLP pre-10.5.3 and 11.x pre-11.1. The vulnerability allows a remo...
Multi-Vendor Autonomy Verity Keyview PRZ Reader Filter Overflow
SUMMARY Symantec products that ship with the Verity KeyView Filter have updated the module to address a security issue being reported in the content filter processing of specifically crafted document formats. AFFECTED PRODUCTS Product | Version | Build | Solutions ---|---|---|--- Symantec Mail...
CVE-2002-1252
The Application Messaging Gateway for PeopleTools 8.1x before 8.19, as used in various PeopleSoft products, allows remote attackers to read arbitrary files via certain XML External Entities XXE fields in an HTTP POST request that is processed by the SimpleFileHandler handler...
CVE-2002-1252
The CVE-2002-1252 entry concerns the Application Messaging Gateway for PeopleTools 8.1x (used in PeopleSoft products). Affected component/attack surface involves XML External Entities (XXE) fields in an HTTP POST processed by the SimpleFileHandler, allowing remote attackers to read arbitrary file...
ISS Security Brief: PeopleSoft XML External Entities Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Internet Security Systems Security Brief January 20, 2003 PeopleSoft XML External Entities Vulnerability Synopsis: ISS X-Force has discovered a flaw in the PeopleSoft Application Messaging Gateway. PeopleSoft enterprise software enables the management of all...