6 matches found
CVE-2013-1616
CVE-2013-1616 affects the Symantec Web Gateway (SWG) before 5.1.1. Multiple vulnerabilities exist, including an OS command injection that can be executed via authenticated inputs in scripts such as nameConfig.php and networkConfig.php, enabling commands with the Apache user privileges. Additional...
CVE-2013-1617
Symantec Web Gateway (SWG) appliance vulnerable to multiple SQL injection flaws in the management console prior to version 5.1.1. These flaws allow an authenticated administrator to issue arbitrary SQL commands via unspecified vectors. ASEC/SEC Consult advisory confirms affected versions up to 5....
CVE-2013-4670
Summary (concrete): CVE-2013-4670 refers to multiple XSS vulnerabilities in the Symantec Web Gateway (SWG) management console prior to version 5.1.1. The issue arises in the SWG admin UI, with attackers able to inject arbitrary script/HTML via unspecified vectors. Exploitation details are discuss...
CVE-2013-4672
Symantec Web Gateway (SWG)
CVE-2013-4671
Symantec Web Gateway (SWG) is affected by CVE-2013-4671, a CSRF vulnerability in the management console present before version 5.1.1. The issue allows an authenticated remote user to hijack the authentication of unspecified victims via unknown vectors, enabling potential unauthorized actions with...
CVE-2013-4673
The CVE-2013-4673 issue affects Symantec Web Gateway (SWG) prior to version 5.1.1 where the management console’s RADIUS authentication is not properly implemented, allowing remote attackers with access to the login prompt to execute arbitrary code. Connected advisories confirm the root cause as a...