18 matches found
EUVD-2004-1748
Malware in sbrugna...
EUVD-2004-0192
Malware in sbrugna...
EUVD-2006-2342
Malware in sbrugna...
CVE-2006-4562
The proxy DNS service in Symantec Gateway Security SGS allows remote attackers to make arbitrary DNS queries to third-party DNS servers, while hiding the source IP address of the attacker. NOTE: another researcher has stated that the default configuration does not proxy DNS queries received on th...
CVE-2006-4562
CVE-2006-4562 affects Symantec Gateway Security (SGS): the proxy DNS service permits remote attackers to cause arbitrary DNS queries to third‑party DNS servers while concealing the attacker’s source IP. Default configurations may not proxy DNS queries on the external interface. The available docu...
Design/Logic Flaw
The HTTP proxy in Symantec Gateway Security 5000 Series 2.0.1 and 3.0, and Enterprise Firewall 8.0, when NAT is being used, allows remote attackers to determine internal IP addresses by using malformed HTTP requests, as demonstrated using a get request without a space separating the URI...
CVE-2006-2341
The HTTP proxy in Symantec Gateway Security 5000 Series 2.0.1 and 3.0, and Enterprise Firewall 8.0, when NAT is being used, allows remote attackers to determine internal IP addresses by using malformed HTTP requests, as demonstrated using a get request without a space separating the URI...
CVE-2006-2341
The HTTP proxy in Symantec Gateway Security 5000 Series 2.0.1 and 3.0, and Enterprise Firewall 8.0, when NAT is being used, allows remote attackers to determine internal IP addresses by using malformed HTTP requests, as demonstrated using a get request without a space separating the URI...
Symantec Dynamic VPN Services: ISAKMP Denial of Service
SUMMARY The NISCC National Infrastructure Security Co-ordination Centre a UK-sponsored inter-departmental agency has identified nearly five-thousand potential ISAKMP vulnerabilities. Test for these vulnerabilities were created by the NISCC and distributed to an unspecified number of vendors...
CVE-2005-0817
Unknown vulnerability in the DNSd proxy, as used in Symantec Gateway Security 5400 2.x and 5300 1.x, Enterprise Firewall 7.0.x and 8.x, and VelociRaptor 1100/1200/1300 1.5, allows remote attackers to poison the DNS cache and redirect users to malicious sites...
CVE-2005-0817
CVE-2005-0817 affects Symantec Gateway products by a DNS proxy service (DNSD.exe) that caches DNS responses without proper verification, enabling DNS cache poisoning and potential site spoofing/Man-in-the-Middle. Affected products include DNS proxy/cache in Symantec Gateway Security 5400/5300, En...
SMTP Binding Configuration Settings Bypassed
SUMMARY Symantec responded to a potential vulnerability identified in the SMTP binding function of the entry-level Symantec Gateway Security appliances with the ISP load-balancing capabilities. In certain firmware versions, the SMTP outbound email traffic would be load-balanced regardless of the...
CVE-2004-1754
The DNS proxy DNSd for multiple Symantec Gateway Security products allows remote attackers to poison the DNS cache via a malicious DNS server query response that contains authoritative or additional records...
CVE-2004-0192
Cross-site scripting XSS vulnerability in the Management Service for Symantec Gateway Security 2.0 allows remote attackers to steal cookies and hijack a management session via a /sgmi URL that contains malicious script, which is not quoted in the resulting error page...
CVE-2004-0192
Cross-site scripting XSS vulnerability in the Management Service for Symantec Gateway Security 2.0 allows remote attackers to steal cookies and hijack a management session via a /sgmi URL that contains malicious script, which is not quoted in the resulting error page...
Symantec Gateway Security crossite scripting
Crossite scripting in web managment...
[Full-Disclosure] Symantec Gateway Security Management Service Cross Site Scripting
Symantec Gateway Security Management Service Cross Site Scripting Product: Symantec Gateway Security 2.0 Date: 02/25/2004 Author: Brian Soby, Raytheon 1. Overview ---------------------------------------- A cross site scripting vulnerability exists in Symantec Gateway Security's management service...
Symantec Gateway Security 5400 Series 2.0 - Error Page Cross-Site Scripting
Symantec Gateway Security 5400 Series 2.0 - Error Page Cross-Site Scripting source: https://www.securityfocus.com/bid/9755/info A vulnerability has been reported to exist in the Symantec Gateway Security Web based management console that may allow a remote user to launch cross-site scripting...