25 matches found
CVE-2012-6277
CVE-2012-6277 concerns multiple vulnerabilities in Autonomy KeyView IDOL libraries used by IBM Notes/Domino, Symantec messaging/security products, and others. The issue arises from underlying memory-corruption flaws in KeyView IDOL, triggered by processing crafted input files, potentially enablin...
CVE-2017-6326
CVE-2017-6326 affects Symantec Messaging Gateway. A command injection vulnerability allows an authenticated user to execute arbitrary OS commands on the web server (root context) via the backupNow.do flow due to insufficient input validation. Affected: SMG 10.x before 10.6.3-266 (per SYM17-004). ...
CVE-2019-9699
CVE-2019-9699 affects Symantec Messaging Gateway (SMG) 10.x prior to 10.7.0. The issue is an information-disclosure vulnerability that could allow unauthorized data access. Remediation is to upgrade to SMG version 10.7.0 (per vendor advisories). Several connected sources confirm the affected prod...
CVE-2012-0308
Summary (CVE-2012-0308): Symantec Messaging Gateway (SMG) prior to version 10.0 is vulnerable to a Cross-Site Request Forgery (CSRF) that can hijack the authentication of administrators. The issue stems from insufficient input validation, enabling a remote attacker to entice a logged-in admin to ...
CVE-2022-25629
CVE-2022-25629 affects Broadcom Symantec Messaging Gateway (SMG) prior to version 10.8. An authenticated user with the ability to add/edit annotations on the Content tab can craft a malicious annotation that is executed on the annotations page (Annotation Text Column). The vulnerability is descri...
CVE-2012-3579
Symantec Messaging Gateway (SMG) versions before 10.0 are vulnerable to CVE-2012-3579 due to a hardcoded default SSH password on the support account, enabling remote login and privileged access via SSH. The issue is documented across multiple sources (SAINT advisories and OpenVAS/Nessus reference...
CVE-2022-25630
Broadcom Symantec Messaging Gateway is affected by CVE-2022-25630, a stored XSS vulnerability exploitable by an authenticated user on the admin group policy page. Public details describe an authenticated user injecting payloads via the AdminGroupPolicyFlow$save.flo endpoint, with the issue enabli...
CVE-2016-5312
CVE-2016-5312 affects Symantec Messaging Gateway prior to 10.6.2. A directory traversal vulnerability exists in the charting component’s ChartStream sn parameter, allowing authenticated remote users to read arbitrary files by supplying a .. sequence. Multiple connected sources describe a file-dis...
CVE-2016-2203
CVE-2016-2203 affects Symantec Messaging Gateway (SMG) Appliance prior to 10.6.1. The management console stores or exposes an encrypted AD password in a way that allows a local attacker with read privileges to recover the LDAP credentials. Impact: local disclosure of AD password with high confide...
CVE-2014-1648
CVE-2014-1648 is a reflected XSS in Symantec Messaging Gateway 10.x prior to 10.5.2. The vulnerability resides in the management console’s brightmail/setting/compliance/DlpConnectFlow$view.flo component, exploitable via the displayTab parameter to inject arbitrary script/HTML in a user’s browser....
CVE-2016-5309
CVE-2016-5309 is a DoS in the RAR file parser of Symantec’s decomposer engines across multiple products (ATP/NS/SEPs/SPE/SMG family). The root cause is an out-of-bounds read during RAR decompression, allowing remote attackers to crash affected applications via specially crafted RAR files. A close...
CVE-2016-5310
CVE-2016-5310 covers a denial-of-service memory-corruption issue in the RAR file parser/decompressor across Symantec products (ATP, various SEP variants, SPE, SMSG, SMSDOM, SPSS, SMSMSE, SEPC, SEPC, etc.). The root cause is mishandling of crafted RAR archives in the decompression path, leading to...
CVE-2017-6325
CVE-2017-6325 refers to a file inclusion vulnerability in Symantec Messaging Gateway . The authenticated, remote attacker can exploit a flaw in how the application builds a path to executable code using attacker-controlled input, allowing inclusion of arbitrary files already present on the host, ...
CVE-2012-3580
Symantec Messaging Gateway (SMG) prior to version 10.0 is affected by CVE-2012-3580, where remote authenticated users who have access to the management interface can modify the web application. The root cause is described as a web application modification issue that can be exploited by an authent...
CVE-2017-15532
CVE-2017-15532 affects Symantec Messaging Gateway prior to version 10.6.4, exposing a directory traversal flaw in the product’s handling of input that allows access to files outside the web root. The root cause is an improper validation/manipulation of variables used in file operations within the...
CVE-2019-18377
Symantec Messaging Gateway (SMG) versions prior to 10.7.3 are affected by a privilege-escalation vulnerability (CVE-2019-18377). The issue allows an attacker to gain elevated access within the affected SMG deployment. References from multiple sources (including Symantec’s advisory and CNVD/Red Ha...
CVE-2018-12243
Symantec Messaging Gateway (SMG) versions prior to 10.6.6 are vulnerable to an XML external entity (XXE) flaw (CVE-2018-12243). The issue arises from a weakly configured XML parser that can process XML input containing external entity references, enabling access to files via file:// URIs or relat...
CVE-2012-4347
Symantec Messaging Gateway (SMG) 9.5.x exposes multiple directory traversal vulnerabilities in its management console. The issues allow remote authenticated users to read arbitrary files by manipulating the logFile parameter (logs action to brightmail/export) or the localBackupFileSelection param...
CVE-2017-6324
Summary of CVE-2017-6324 (Symantec Messaging Gateway) : A security feature bypass vulnerability exists in SMG when handling a specific Word attachment with macros, allowing bypass of the administrator-enabled disarm functionality. This is documented by multiple sources (NVD entry and vendor/Nessu...
CVE-2019-18378
Symantec Messaging Gateway (SMG) versions prior to 10.7.3 are affected by CVE-2019-18378, a cross-site scripting (XSS) vulnerability caused by improper sanitization of user-supplied input. An unauthenticated attacker could entice a user to click a crafted URL to execute arbitrary script in the vi...
CVE-2019-18379
CVE-2019-18379 affects Symantec Messaging Gateway (SMG) versions prior to 10.7.3. The issue is a server-side request forgery (SSRF) that could allow the backend server to send crafted requests or access services via the loopback interface. Impact is described as enabling unauthorized internal req...
CVE-2018-12242
CVE-2018-12242 affects Symantec Messaging Gateway prior to version 10.6.6, enabling an authentication bypass that could let an attacker circumvent security controls and gain access to the system or network. Public sources in the provided documents corroborate an authentication bypass for SMG befo...
CVE-2012-0307
CVE-2012-0307 affects Symantec Messaging Gateway (SMG) prior to version 10.0. The vulnerability class is multiple cross-site scripting (XSS) issues, allowing remote attackers to inject arbitrary web script or HTML via (1) web content or (2) e-mail content. The public references describe XSS in th...
CVE-2016-2204
Consolidated details for CVE-2016-2204 (and related CVE-2016-2203) in Symantec Messaging Gateway (SMG) Appliance: The SMG 10.x management console before 10.6.1 is affected by local privilege escalation. Specifically, CVE-2016-2204 allows a local attacker to gain a root shell in the console by man...
CVE-2012-3581
Symantec Messaging Gateway (SMG) before 10.0 suffers an Information Disclosure vulnerability (CVE-2012-3581) that allows remote attackers to obtain potentially sensitive information about component versions via unspecified vectors. Exploitation status is not detailed in the provided documents. Re...