Lucene search
K
SymantecWeb Gateway

35 matches found

CVE
CVE
added 2012/07/23 5:0 p.m.141 views

CVE-2012-2961

The CVE-2012-2961 issue affects Symantec Web Gateway, specifically the management console. A SQL injection vulnerability in the gateway’s web interface (notably via search.php and related DB utilities) allowed remote, unauthenticated attackers to execute arbitrary SQL against the backend database...

7.5CVSS8.4AI score0.02455EPSS
CVE
CVE
added 2012/05/21 8:0 p.m.140 views

CVE-2012-0299

CVE-2012-0299 affects Symantec Web Gateway 5.0.x (pre-5.0.3) where file-management scripts in the management GUI allow remote upload of arbitrary code to a designated pathname, potentially enabling remote code execution. This is evidenced by multiple sources in the connected data, including NVD d...

10CVSS7.3AI score0.64061EPSS
CVE
CVE
added 2012/07/23 5:0 p.m.140 views

CVE-2012-2953

Symantec Web Gateway 5.0.x prior to 5.0.3.18 contains a remote command injection vulnerability in pbcontrol.php (pbcontrol/api handling). Input to pbcontrol.php can be unsafely passed to an exec() path, enabling remote code execution with web server privileges. The CVE is CVE-2012-2953. Public re...

10CVSS7.5AI score0.67389EPSS
CVE
CVE
added 2012/05/21 8:0 p.m.138 views

CVE-2012-0297

Symantec Web Gateway 5.0.x (pre-5.0.3) exposes a remote command injection/remote code execution vulnerability in the HTTP service (spywall/ipchange.php and related endpoints). The core issue is improper input handling and insecure usage of server-side scripts that allows an attacker to inject or ...

10CVSS7.5AI score0.72596EPSS
In wild
CVE
CVE
added 2012/05/21 8:0 p.m.132 views

CVE-2012-0296

Affected product/versions: Symantec Web Gateway 5.0.x (before 5.0.3). Vulnerability type: multiple cross-site scripting (XSS) in the management GUI. Root cause/factors: unsanitized/insufficient input validation in the web interface (e.g., timer.php l parameter). Impact: remote attacker could inje...

4.3CVSS5.7AI score0.01627EPSS
CVE
CVE
added 2012/07/23 5:0 p.m.129 views

CVE-2012-2574

Symantec Web Gateway 5.0.x is affected by CVE-2012-2574 (blind SQL injection) in the management console, enabling remote execution of arbitrary SQL commands and access to the backend database. Affected versions are before 5.0.3.18; remediation per advisories is to apply the update to 5.0.3.18 or ...

7.5CVSS8.4AI score0.01229EPSS
CVE
CVE
added 2013/07/31 3:0 p.m.88 views

CVE-2013-1616

CVE-2013-1616 affects the Symantec Web Gateway (SWG) before 5.1.1. Multiple vulnerabilities exist, including an OS command injection that can be executed via authenticated inputs in scripts such as nameConfig.php and networkConfig.php, enabling commands with the Apache user privileges. Additional...

8.3CVSS7.6AI score0.10747EPSS
CVE
CVE
added 2013/07/31 3:0 p.m.82 views

CVE-2013-1617

Symantec Web Gateway (SWG) appliance vulnerable to multiple SQL injection flaws in the management console prior to version 5.1.1. These flaws allow an authenticated administrator to issue arbitrary SQL commands via unspecified vectors. ASEC/SEC Consult advisory confirms affected versions up to 5....

7.4CVSS8.1AI score0.07348EPSS
CVE
CVE
added 2013/07/31 3:0 p.m.67 views

CVE-2013-4670

Summary (concrete): CVE-2013-4670 refers to multiple XSS vulnerabilities in the Symantec Web Gateway (SWG) management console prior to version 5.1.1. The issue arises in the SWG admin UI, with attackers able to inject arbitrary script/HTML via unspecified vectors. Exploitation details are discuss...

4.3CVSS5.6AI score0.03673EPSS
CVE
CVE
added 2013/07/31 3:0 p.m.65 views

CVE-2013-4672

Symantec Web Gateway (SWG)

7.2CVSS6.1AI score0.01108EPSS
CVE
CVE
added 2014/12/17 4:0 p.m.63 views

CVE-2014-7285

CVE-2014-7285 affects Symantec Web Gateway (SWG) appliances running versions prior to 5.2.2. The vulnerability is an authenticated OS command injection in the management console, due to improper input validation in PHP scripts (notably potentially in restore-related functionality). An authenticat...

6.5CVSS8.8AI score0.50324EPSS
CVE
CVE
added 2017/04/14 6:0 p.m.63 views

CVE-2016-5309

CVE-2016-5309 is a DoS in the RAR file parser of Symantec’s decomposer engines across multiple products (ATP/NS/SEPs/SPE/SMG family). The root cause is an out-of-bounds read during RAR decompression, allowing remote attackers to crash affected applications via specially crafted RAR files. A close...

5.5CVSS5.1AI score0.06877EPSS
CVE
CVE
added 2011/01/14 10:0 p.m.62 views

CVE-2010-0115

Symantec Web Gateway 4.5 (before 4.5.0.376) contains a SQL injection in login.php’s USERNAME parameter in the GUI management console. The vulnerability allows remote attackers to inject arbitrary SQL into backend queries, potentially affecting data confidentiality, integrity, and availability. So...

7.5CVSS8.6AI score0.02364EPSS
CVE
CVE
added 2017/04/14 6:0 p.m.62 views

CVE-2016-5310

CVE-2016-5310 covers a denial-of-service memory-corruption issue in the RAR file parser/decompressor across Symantec products (ATP, various SEP variants, SPE, SMSG, SMSDOM, SPSS, SMSMSE, SEPC, SEPC, etc.). The root cause is mishandling of crafted RAR archives in the decompression path, leading to...

5.5CVSS5.1AI score0.05307EPSS
CVE
CVE
added 2015/09/20 8:0 p.m.60 views

CVE-2015-5693

Symantec Web Gateway (SWG) appliances running before 5.2.2 with database 5.0.0.1277 are affected by CVE-2015-5693 (Traffic Capture EoP). The vulnerability is tied to the hostname/configuration processing path that allows an authenticated, remote attacker to inject commands executed with root priv...

7.9CVSS7.3AI score0.0402EPSS
CVE
CVE
added 2012/05/21 8:0 p.m.59 views

CVE-2012-0298

CVE-2012-0298 affects Symantec Web Gateway before 5.0.3. The management GUI file-management scripts allow remote attackers to read or delete arbitrary files via directory traversal vectors (noted for the relfile parameter). Affected product/version: Symantec Web Gateway 5.0.x up to 5.0.2.x. Impac...

6.4CVSS6.7AI score0.09437EPSS
CVE
CVE
added 2013/07/31 3:0 p.m.57 views

CVE-2013-4671

Symantec Web Gateway (SWG) is affected by CVE-2013-4671, a CSRF vulnerability in the management console present before version 5.1.1. The issue allows an authenticated remote user to hijack the authentication of unspecified victims via unknown vectors, enabling potential unauthorized actions with...

6CVSS6.6AI score0.02055EPSS
CVE
CVE
added 2015/09/20 8:0 p.m.57 views

CVE-2015-6548

CVE-2015-6548 is part of multiple vulnerabilities affecting Symantec Web Gateway (SWG) management console on appliances running software before 5.2.2 with DB 5.0.0.1277. The connected documents confirm a concrete SQL injection issue in the edit_alert.php script that allows an authenticated, remot...

5.8CVSS8.3AI score0.01801EPSS
CVE
CVE
added 2011/07/11 8:0 p.m.56 views

CVE-2011-0549

Concretely, CVE-2011-0549 affects Symantec Web Gateway 4.5.x, where the forget.php management interface passes the username parameter unfiltered, enabling remote SQL injection. The vulnerability allows an unauthenticated attacker to manipulate the backend database; CVSSv2 is 7.5 (HIGH). Vendor ad...

7.5CVSS8.5AI score0.02237EPSS
CVE
CVE
added 2012/07/23 5:0 p.m.56 views

CVE-2012-2957

Symantec Web Gateway 5.0.x (pre-5.0.3.18) contains a local file inclusion vulnerability that allows privilege escalation by modifying local files in the management console. Affected product versions are before 5.0.3.18; remediation is to apply the vendor update/patch to 5.0.3.18 or newer per the ...

7.2CVSS6.4AI score0.59287EPSS
CVE
CVE
added 2014/02/11 2:0 a.m.54 views

CVE-2013-5013

Symantec Web Gateway (SWG) management console contains cross‑site scripting (XSS) vulnerabilities tracked as CVE‑2013‑5013. Public sources indicate SWG

4.3CVSS5.8AI score0.02009EPSS
CVE
CVE
added 2014/06/18 7:0 p.m.53 views

CVE-2014-1650

CVE-2014-1650 : Symantec Web Gateway (SWG) management console contains a SQL injection in the file user.php prior to version 5.2.1. The vulnerability allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. The issue is addressed in SWG 5.2.1, which should be d...

5.2CVSS9.4AI score0.0136EPSS
CVE
CVE
added 2013/07/31 3:0 p.m.52 views

CVE-2013-4673

The CVE-2013-4673 issue affects Symantec Web Gateway (SWG) prior to version 5.1.1 where the management console’s RADIUS authentication is not properly implemented, allowing remote attackers with access to the login prompt to execute arbitrary code. Connected advisories confirm the root cause as a...

5.8CVSS7.9AI score0.01294EPSS
CVE
CVE
added 2015/09/20 8:0 p.m.52 views

CVE-2015-5691

The CVE-2015-5691 issue affects Symantec Web Gateway (SWG) management console on SWG appliances prior to version 5.2.2 with DB 5.0.0.1277, where PHP-based management-console scripts (notably admin_messages.php) are vulnerable to reflected XSS that can cause arbitrary script execution in a user’s ...

4.3CVSS5.9AI score0.02166EPSS
CVE
CVE
added 2014/06/18 7:0 p.m.51 views

CVE-2013-5017

Symantec Web Gateway (SWG) prior to 5.2.1 is affected by CVE-2013-5017 due to a command injection vulnerability in SNMPConfig.php that can lead to remote code execution. The issue is described across multiple sources as affecting the management console and enabling arbitrary command execution, po...

9.8CVSS9.7AI score0.06958EPSS
CVE
CVE
added 2014/06/18 7:0 p.m.51 views

CVE-2014-1652

Symantec Web Gateway (SWG) management console prior to 5.2 is affected by CVE-2014-1652: multiple cross-site scripting vulnerabilities allow remote authenticated users to inject script via unspecified report parameters (e.g., entSummary.php, custom_report.php, host_spy_report.php, repairedclients...

2.3CVSS7.4AI score0.01702EPSS
CVE
CVE
added 2012/07/23 5:0 p.m.49 views

CVE-2012-2977

CVE-2012-2977 affects Symantec Web Gateway 5.0.x up to but not including 5.0.3.18. The vulnerability allows remote attackers to change arbitrary passwords via crafted input to an application script in the management console. Documented references include NVD entry and multiple third-party advisor...

5CVSS6.8AI score0.02782EPSS
CVE
CVE
added 2014/06/18 7:0 p.m.49 views

CVE-2014-1651

CVE-2014-1651 affects Symantec Web Gateway (SWG) management console: SQL injection in clientreport.php allows a remote attacker to execute arbitrary SQL commands before version 5.2. The issue is tied to improper input handling (hostname parameter). Remediation per SYM14-010 is to upgrade to SWG 5...

5.8CVSS9.7AI score0.01976EPSS
CVE
CVE
added 2015/09/20 8:0 p.m.49 views

CVE-2015-5690

Symantec Web Gateway (SWG) management console prior to SWG 5.2.2 / DB 5.0.0.1277 is affected by CVE-2015-5690: a redirect bypass allows an authenticated remote user to bypass access controls and execute arbitrary commands. ZDI confirms a path-processing flaw enabling potential root-level command ...

8.5CVSS7.3AI score0.03505EPSS
CVE
CVE
added 2017/04/12 10:0 p.m.48 views

CVE-2016-5313

Symantec Web Gateway (SWG) is affected by CVE-2016-5313: before version 5.2.5, the management console contains a flaw in the web interface (notably the /spywall/new_whitelist.php script) that allows remote authenticated users to execute arbitrary OS commands due to improper whitelist validation. ...

9CVSS8.6AI score0.04605EPSS
CVE
CVE
added 2015/09/20 8:0 p.m.47 views

CVE-2015-6547

Symantec Web Gateway SWG appliances with software before 5.2.2 DB 5.0.0.1277 are affected by CVE-2015-6547, a Command Injection at Boot Time Elevation of Privilege flaw in the management console. An authenticated remote attacker can inject commands via the hostname configuration, executing them w...

8.3CVSS7.4AI score0.0432EPSS
CVE
CVE
added 2014/02/11 2:0 a.m.45 views

CVE-2013-5012

Symantec Web Gateway (SWG) appliance prior to version 5.2 is affected by SQL injection vulnerabilities in the management console, allowing remote authenticated users to execute arbitrary SQL commands via unspecified vectors. This CVE (CVE-2013-5012) is part of a set of vulnerabilities affecting S...

6.5CVSS8.2AI score0.01515EPSS
CVE
CVE
added 2012/08/07 10:0 p.m.44 views

CVE-2012-4178

The CVE-2012-4178 entry affects Symantec Web Gateway 5.0.3.18, with an SQL injection in spywall/includes/deptUploads_data.php exploitable via the groupid parameter. The vulnerability allows remote attackers to execute arbitrary SQL commands. The NVD entry lists a CVSSv2 base score of 7.5 (HIGH) w...

7.5CVSS8.7AI score0.01237EPSS
CVE
CVE
added 2012/07/23 5:0 p.m.43 views

CVE-2012-2976

Symantec Web Gateway is affected by CVE-2012-2976: the management console in 5.0.x up to 5.0.3.18 allows remote attackers to execute arbitrary shell commands via crafted input to application scripts (injection). Connected sources corroborate a remote command execution/Vulnerabilities in the SYM12...

10CVSS7.7AI score0.05354EPSS
CVE
CVE
added 2015/09/20 8:0 p.m.41 views

CVE-2015-5692

Symantec Web Gateway (SWG) management console prior to SWG 5.2.2 with DB 5.0.0.1277 is affected by CVE-2015-5692. The issue resides in admin_messages.php, where improper sanitization of uploaded files and a weak sudo configuration allow an authenticated attacker to upload a safe file and leverage...

7.9CVSS7.4AI score0.05122EPSS