Vulnerabilities > Symantec > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2012-08-29 | CVE-2012-3579 | Permissions, Privileges, and Access Controls vulnerability in Symantec Messaging Gateway Symantec Messaging Gateway (SMG) before 10.0 has a default password for an unspecified account, which makes it easier for remote attackers to obtain privileged access via an SSH session. | 7.9 |
2012-08-07 | CVE-2012-4178 | SQL Injection vulnerability in Symantec web Gateway 5.0.3.18 SQL injection vulnerability in spywall/includes/deptUploads_data.php in Symantec Web Gateway 5.0.3.18 allows remote attackers to execute arbitrary SQL commands via the groupid parameter. | 7.5 |
2012-07-23 | CVE-2012-2961 | SQL Injection vulnerability in Symantec web Gateway SQL injection vulnerability in the management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2012-07-23 | CVE-2012-2957 | Permissions, Privileges, and Access Controls vulnerability in Symantec web Gateway The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows local users to gain privileges by modifying files, related to a "file inclusion" issue. | 7.2 |
2012-07-23 | CVE-2012-2574 | SQL Injection vulnerability in Symantec web Gateway SQL injection vulnerability in the management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to a "blind SQL injection" issue. | 7.5 |
2012-05-23 | CVE-2012-0289 | Buffer Errors vulnerability in Symantec Endpoint Protection and Network Access Control Buffer overflow in Symantec Endpoint Protection (SEP) 11.0.600x through 11.0.710x and Symantec Network Access Control (SNAC) 11.0.600x through 11.0.710x allows local users to gain privileges, and modify data or cause a denial of service, via a crafted script. | 7.2 |
2011-10-02 | CVE-2011-0554 | Code Injection vulnerability in Symantec IM Manager The management console in Symantec IM Manager before 8.4.18 allows remote attackers to execute arbitrary code via unspecified vectors, related to a "code injection issue." | 7.5 |
2011-10-02 | CVE-2011-0553 | SQL Injection vulnerability in Symantec IM Manager SQL injection vulnerability in the management console in Symantec IM Manager before 8.4.18 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2011-07-11 | CVE-2011-0549 | SQL Injection vulnerability in Symantec web Gateway SQL injection vulnerability in forget.php in the management GUI in Symantec Web Gateway 4.5.x allows remote attackers to execute arbitrary SQL commands via the username parameter. | 7.5 |
2011-02-02 | CVE-2010-3719 | Code Injection vulnerability in Symantec IM Manager Eval injection vulnerability in IMAdminSchedTask.asp in the administrative interface for Symantec IM Manager 8.4.16 and earlier allows remote attackers to execute arbitrary code via unspecified parameters to the ScheduleTask method. | 8.5 |