Computer Security
[EN] securityvulns.ru
no-pyccku

  

Symantec WebGateway security vulnerabilities
Published:13.06.2012
Source:
SecurityVulns ID:12416
Type:remote
Threat Level:
6/10
Description:Code execution, unfiltered shell characters.
Affected:SYMANTEC : Symantec Web Gateway 5.0
CVE:CVE-2012-0299 (The file-management scripts in the management GUI in Symantec Web Gateway 5.0.x before 5.0.3 allow remote attackers to upload arbitrary code to a designated pathname, and possibly execute this code, via unspecified vectors.)
 CVE-2012-0297 (The management GUI in Symantec Web Gateway 5.0.x before 5.0.3 does not properly restrict access to application scripts, which allows remote attackers to execute arbitrary code by (1) injecting crafted data or (2) including crafted data.)
Original documentdocumentZDI, ZDI-12-090 : Symantec Web Gateway Shell Command Injection Remote Code Execution Vulnerability (13.06.2012)
 documentZDI, ZDI-12-091 : Symantec Web Gateway upload_file Remote Code Execution Vulnerability (13.06.2012)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 



Rating@Mail.ru