22 matches found
EUVD-2004-0192
Malware in sbrugna...
EUVD-2004-1748
Malware in sbrugna...
EUVD-2005-0818
Malware in sbrugna...
EUVD-2006-2342
Malware in sbrugna...
CVE-2021-46825
Symantec Advanced Secure Gateway ASG and ProxySG are susceptible to an HTTP desync vulnerability. When a remote unauthenticated attacker and other web clients communicate through the proxy with the same web server, the attacker can send crafted HTTP requests and cause the proxy to forward web...
CVE-2017-13678
Stored XSS vulnerability in the Symantec Advanced Secure Gateway ASG and ProxySG management consoles. A malicious appliance administrator can inject arbitrary JavaScript code in the management console web client application...
CVE-2006-4562
The proxy DNS service in Symantec Gateway Security SGS allows remote attackers to make arbitrary DNS queries to third-party DNS servers, while hiding the source IP address of the attacker. NOTE: another researcher has stated that the default configuration does not proxy DNS queries received on th...
PT-2006-5355 · Symantec · Symantec Gateway Security
Name of the Vulnerable Software and Affected Versions: Symantec Gateway Security SGS affected versions not specified Description: The issue allows remote attackers to make arbitrary DNS queries to third-party DNS servers while hiding the source IP address of the attacker. It is related to the pro...
CVE-2006-4562
CVE-2006-4562 affects Symantec Gateway Security (SGS): the proxy DNS service permits remote attackers to cause arbitrary DNS queries to third‑party DNS servers while concealing the attacker’s source IP. Default configurations may not proxy DNS queries on the external interface. The available docu...
Design/Logic Flaw
The HTTP proxy in Symantec Gateway Security 5000 Series 2.0.1 and 3.0, and Enterprise Firewall 8.0, when NAT is being used, allows remote attackers to determine internal IP addresses by using malformed HTTP requests, as demonstrated using a get request without a space separating the URI...
CVE-2006-2341
The HTTP proxy in Symantec Gateway Security 5000 Series 2.0.1 and 3.0, and Enterprise Firewall 8.0, when NAT is being used, allows remote attackers to determine internal IP addresses by using malformed HTTP requests, as demonstrated using a get request without a space separating the URI...
CVE-2006-2341
The HTTP proxy in Symantec Gateway Security 5000 Series 2.0.1 and 3.0, and Enterprise Firewall 8.0, when NAT is being used, allows remote attackers to determine internal IP addresses by using malformed HTTP requests, as demonstrated using a get request without a space separating the URI...
Symantec Dynamic VPN Services: ISAKMP Denial of Service
SUMMARY The NISCC National Infrastructure Security Co-ordination Centre a UK-sponsored inter-departmental agency has identified nearly five-thousand potential ISAKMP vulnerabilities. Test for these vulnerabilities were created by the NISCC and distributed to an unspecified number of vendors...
CVE-2005-0817
Unknown vulnerability in the DNSd proxy, as used in Symantec Gateway Security 5400 2.x and 5300 1.x, Enterprise Firewall 7.0.x and 8.x, and VelociRaptor 1100/1200/1300 1.5, allows remote attackers to poison the DNS cache and redirect users to malicious sites...
CVE-2005-0817
CVE-2005-0817 affects Symantec Gateway products by a DNS proxy service (DNSD.exe) that caches DNS responses without proper verification, enabling DNS cache poisoning and potential site spoofing/Man-in-the-Middle. Affected products include DNS proxy/cache in Symantec Gateway Security 5400/5300, En...
SMTP Binding Configuration Settings Bypassed
SUMMARY Symantec responded to a potential vulnerability identified in the SMTP binding function of the entry-level Symantec Gateway Security appliances with the ISP load-balancing capabilities. In certain firmware versions, the SMTP outbound email traffic would be load-balanced regardless of the...
CVE-2004-1754
The DNS proxy DNSd for multiple Symantec Gateway Security products allows remote attackers to poison the DNS cache via a malicious DNS server query response that contains authoritative or additional records...
CVE-2004-0192
Cross-site scripting XSS vulnerability in the Management Service for Symantec Gateway Security 2.0 allows remote attackers to steal cookies and hijack a management session via a /sgmi URL that contains malicious script, which is not quoted in the resulting error page...
CVE-2004-0192
Cross-site scripting XSS vulnerability in the Management Service for Symantec Gateway Security 2.0 allows remote attackers to steal cookies and hijack a management session via a /sgmi URL that contains malicious script, which is not quoted in the resulting error page...
[Full-Disclosure] Symantec Gateway Security Management Service Cross Site Scripting
Symantec Gateway Security Management Service Cross Site Scripting Product: Symantec Gateway Security 2.0 Date: 02/25/2004 Author: Brian Soby, Raytheon 1. Overview ---------------------------------------- A cross site scripting vulnerability exists in Symantec Gateway Security's management service...