Product:

Messaging_gateway

(Symantec)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 25
Date Id Summary Products Score Patch Annotated
2017-04-14 CVE-2016-5312 Directory traversal vulnerability in the charting component in Symantec Messaging Gateway before 10.6.2 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the sn parameter to brightmail/servlet/com.ve.kavachart.servlet.ChartStream. Messaging_gateway 6.5
2016-04-22 CVE-2016-2204 The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to obtain root-shell access via crafted terminal-window input. Messaging_gateway 8.2
2016-04-22 CVE-2016-2203 The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to discover an encrypted AD password by leveraging certain read privileges. Messaging_gateway 3.3
2014-04-23 CVE-2014-1648 Cross-site scripting (XSS) vulnerability in brightmail/setting/compliance/DlpConnectFlow$view.flo in the management console in Symantec Messaging Gateway 10.x before 10.5.2 allows remote attackers to inject arbitrary web script or HTML via the displayTab parameter. Messaging_gateway N/A
2012-12-05 CVE-2012-4347 Multiple directory traversal vulnerabilities in the management console in Symantec Messaging Gateway (SMG) 9.5.x allow remote authenticated users to read arbitrary files via a .. (dot dot) in the (1) logFile parameter in a logs action to brightmail/export or (2) localBackupFileSelection parameter in an APPLIANCE restoreSource action to brightmail/admin/restore/download.do. Messaging_gateway N/A
2012-08-29 CVE-2012-3581 Symantec Messaging Gateway (SMG) before 10.0 allows remote attackers to obtain potentially sensitive information about component versions via unspecified vectors. Messaging_gateway N/A
2012-08-29 CVE-2012-3580 Symantec Messaging Gateway (SMG) before 10.0 allows remote authenticated users to modify the web application by leveraging access to the management interface. Messaging_gateway N/A
2012-08-29 CVE-2012-3579 Symantec Messaging Gateway (SMG) before 10.0 has a default password for an unspecified account, which makes it easier for remote attackers to obtain privileged access via an SSH session. Messaging_gateway N/A
2012-08-29 CVE-2012-0308 Cross-site request forgery (CSRF) vulnerability in Symantec Messaging Gateway (SMG) before 10.0 allows remote attackers to hijack the authentication of administrators. Messaging_gateway N/A
2012-08-29 CVE-2012-0307 Multiple cross-site scripting (XSS) vulnerabilities in Symantec Messaging Gateway (SMG) before 10.0 allow remote attackers to inject arbitrary web script or HTML via (1) web content or (2) e-mail content. Messaging_gateway N/A