Symantec : Security Vulnerabilities, CVEs, Published In 2012

CVE-2012-4347

Public exploit
Multiple directory traversal vulnerabilities in the management console in Symantec Messaging Gateway (SMG) 9.5.x allow remote authenticated users to read arbitrary files via a .. (dot dot) in the (1) logFile parameter in a logs action to brightmail/export or (2) localBackupFileSelection parameter in an APPLIANCE restoreSource action to brightmail/admin/restore/download.do.
Max CVSS
5.0
EPSS Score
90.96%
Published
2012-12-05
Updated
2013-10-11

CVE-2012-3579

Public exploit
Symantec Messaging Gateway (SMG) before 10.0 has a default password for an unspecified account, which makes it easier for remote attackers to obtain privileged access via an SSH session.
Max CVSS
7.9
EPSS Score
17.13%
Published
2012-08-29
Updated
2017-08-29

CVE-2012-2953

Public exploit
The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary commands via crafted input to application scripts.
Max CVSS
10.0
EPSS Score
95.94%
Published
2012-07-23
Updated
2017-12-22

CVE-2012-0299

Public exploit
The file-management scripts in the management GUI in Symantec Web Gateway 5.0.x before 5.0.3 allow remote attackers to upload arbitrary code to a designated pathname, and possibly execute this code, via unspecified vectors.
Max CVSS
10.0
EPSS Score
96.99%
Published
2012-05-21
Updated
2017-12-05

CVE-2012-0297

Public exploit
The management GUI in Symantec Web Gateway 5.0.x before 5.0.3 does not properly restrict access to application scripts, which allows remote attackers to execute arbitrary code by (1) injecting crafted data or (2) including crafted data.
Max CVSS
10.0
EPSS Score
97.35%
Published
2012-05-21
Updated
2017-12-05
5 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close