Symantec : Security Vulnerabilities, CVEs, Published In 2012
CVE-2012-4347
Public exploit
Multiple directory traversal vulnerabilities in the management console in Symantec Messaging Gateway (SMG) 9.5.x allow remote authenticated users to read arbitrary files via a .. (dot dot) in the (1) logFile parameter in a logs action to brightmail/export or (2) localBackupFileSelection parameter in an APPLIANCE restoreSource action to brightmail/admin/restore/download.do.
Max CVSS
5.0
EPSS Score
90.96%
Published
2012-12-05
Updated
2013-10-11
CVE-2012-3579
Public exploit
Symantec Messaging Gateway (SMG) before 10.0 has a default password for an unspecified account, which makes it easier for remote attackers to obtain privileged access via an SSH session.
Max CVSS
7.9
EPSS Score
17.13%
Published
2012-08-29
Updated
2017-08-29
CVE-2012-2953
Public exploit
The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary commands via crafted input to application scripts.
Max CVSS
10.0
EPSS Score
95.94%
Published
2012-07-23
Updated
2017-12-22
CVE-2012-0299
Public exploit
The file-management scripts in the management GUI in Symantec Web Gateway 5.0.x before 5.0.3 allow remote attackers to upload arbitrary code to a designated pathname, and possibly execute this code, via unspecified vectors.
Max CVSS
10.0
EPSS Score
96.99%
Published
2012-05-21
Updated
2017-12-05
CVE-2012-0297
Public exploit
The management GUI in Symantec Web Gateway 5.0.x before 5.0.3 does not properly restrict access to application scripts, which allows remote attackers to execute arbitrary code by (1) injecting crafted data or (2) including crafted data.
Max CVSS
10.0
EPSS Score
97.35%
Published
2012-05-21
Updated
2017-12-05
5 vulnerabilities found