Web Gateway Security Vulnerabilities and Issues — Web Gateway CVE List

Lucene search

SymantecWeb Gateway

11 matches found

CVE•added 2012/05/21 8:55 p.m.•128 views

CVE-2012-0299

The file-management scripts in the management GUI in Symantec Web Gateway 5.0.x before 5.0.3 allow remote attackers to upload arbitrary code to a designated pathname, and possibly execute this code, via unspecified vectors.

10CVSS7.3AI score0.8227EPSS

CVE•added 2012/07/23 5:55 p.m.•127 views

CVE-2012-2961

SQL injection vulnerability in the management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5CVSS8.4AI score0.01173EPSS

CVE•added 2012/05/21 8:55 p.m.•122 views

CVE-2012-0297

The management GUI in Symantec Web Gateway 5.0.x before 5.0.3 does not properly restrict access to application scripts, which allows remote attackers to execute arbitrary code by (1) injecting crafted data or (2) including crafted data.

10CVSS7.5AI score0.89461EPSS

CVE•added 2012/07/23 5:55 p.m.•122 views

CVE-2012-2953

The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary commands via crafted input to application scripts.

10CVSS7.5AI score0.80903EPSS

CVE•added 2012/05/21 8:55 p.m.•121 views

CVE-2012-0296

Multiple cross-site scripting (XSS) vulnerabilities in the management GUI in Symantec Web Gateway 5.0.x before 5.0.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.7AI score0.00643EPSS

CVE•added 2012/07/23 5:55 p.m.•114 views

CVE-2012-2574

SQL injection vulnerability in the management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to a "blind SQL injection" issue.

7.5CVSS8.4AI score0.01077EPSS

CVE•added 2012/05/21 8:55 p.m.•44 views

CVE-2012-0298

The file-management scripts in the management GUI in Symantec Web Gateway 5.0.x before 5.0.3 allow remote attackers to (1) read or (2) delete arbitrary files via unspecified vectors.

6.4CVSS6.7AI score0.10018EPSS

CVE•added 2012/07/23 5:55 p.m.•44 views

CVE-2012-2957

The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows local users to gain privileges by modifying files, related to a "file inclusion" issue.

7.2CVSS6.4AI score0.09446EPSS

CVE•added 2012/07/23 5:55 p.m.•38 views

CVE-2012-2977

The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to change arbitrary passwords via crafted input to an application script.

5CVSS6.8AI score0.08216EPSS

CVE•added 2012/07/23 5:55 p.m.•33 views

CVE-2012-2976

The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary shell commands via crafted input to application scripts, related to an "injection" issue.

10CVSS7.7AI score0.04381EPSS

CVE•added 2012/08/07 10:55 p.m.•33 views

CVE-2012-4178

SQL injection vulnerability in spywall/includes/deptUploads_data.php in Symantec Web Gateway 5.0.3.18 allows remote attackers to execute arbitrary SQL commands via the groupid parameter.

7.5CVSS8.7AI score0.00736EPSS