Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Messaging_gateway
(Symantec)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 25 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2017-04-14 | CVE-2016-5312 | Directory traversal vulnerability in the charting component in Symantec Messaging Gateway before 10.6.2 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the sn parameter to brightmail/servlet/com.ve.kavachart.servlet.ChartStream. | Messaging_gateway | 6.5 | ||
2016-04-22 | CVE-2016-2204 | The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to obtain root-shell access via crafted terminal-window input. | Messaging_gateway | 8.2 | ||
2016-04-22 | CVE-2016-2203 | The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to discover an encrypted AD password by leveraging certain read privileges. | Messaging_gateway | 3.3 | ||
2014-04-23 | CVE-2014-1648 | Cross-site scripting (XSS) vulnerability in brightmail/setting/compliance/DlpConnectFlow$view.flo in the management console in Symantec Messaging Gateway 10.x before 10.5.2 allows remote attackers to inject arbitrary web script or HTML via the displayTab parameter. | Messaging_gateway | N/A | ||
2012-12-05 | CVE-2012-4347 | Multiple directory traversal vulnerabilities in the management console in Symantec Messaging Gateway (SMG) 9.5.x allow remote authenticated users to read arbitrary files via a .. (dot dot) in the (1) logFile parameter in a logs action to brightmail/export or (2) localBackupFileSelection parameter in an APPLIANCE restoreSource action to brightmail/admin/restore/download.do. | Messaging_gateway | N/A | ||
2012-08-29 | CVE-2012-3581 | Symantec Messaging Gateway (SMG) before 10.0 allows remote attackers to obtain potentially sensitive information about component versions via unspecified vectors. | Messaging_gateway | N/A | ||
2012-08-29 | CVE-2012-3580 | Symantec Messaging Gateway (SMG) before 10.0 allows remote authenticated users to modify the web application by leveraging access to the management interface. | Messaging_gateway | N/A | ||
2012-08-29 | CVE-2012-3579 | Symantec Messaging Gateway (SMG) before 10.0 has a default password for an unspecified account, which makes it easier for remote attackers to obtain privileged access via an SSH session. | Messaging_gateway | N/A | ||
2012-08-29 | CVE-2012-0308 | Cross-site request forgery (CSRF) vulnerability in Symantec Messaging Gateway (SMG) before 10.0 allows remote attackers to hijack the authentication of administrators. | Messaging_gateway | N/A | ||
2012-08-29 | CVE-2012-0307 | Multiple cross-site scripting (XSS) vulnerabilities in Symantec Messaging Gateway (SMG) before 10.0 allow remote attackers to inject arbitrary web script or HTML via (1) web content or (2) e-mail content. | Messaging_gateway | N/A |