Computer Security

Symantec WebGateway security vulnerabilities
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Symantec WebGateway security vulnerabilities
Published:13.06.2012
Source:BUGTRAQ
SecurityVulns ID:12416
Type:remote
Level:6/10
Description:Code execution, unfiltered shell characters.
Affected:SYMANTEC : Symantec Web Gateway 5.0
CVE:CVE-2012-0299 (The file-management scripts in the management GUI in Symantec Web Gateway 5.0.x before 5.0.3 allow remote attackers to upload arbitrary code to a designated pathname, and possibly execute this code, via unspecified vectors.)
 CVE-2012-0297 (The management GUI in Symantec Web Gateway 5.0.x before 5.0.3 does not properly restrict access to application scripts, which allows remote attackers to execute arbitrary code by (1) injecting crafted data or (2) including crafted data.)
Original documentdocumentZDI, ZDI-12-090 : Symantec Web Gateway Shell Command Injection Remote Code Execution Vulnerability (13.06.2012)
 documentZDI, ZDI-12-091 : Symantec Web Gateway upload_file Remote Code Execution Vulnerability (13.06.2012)
Discuss:Read or add your comments to this news (1 comments)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru