Vulnerabilities > Symantec > High

DATE CVE VULNERABILITY TITLE RISK
2012-08-29 CVE-2012-3579 Permissions, Privileges, and Access Controls vulnerability in Symantec Messaging Gateway
Symantec Messaging Gateway (SMG) before 10.0 has a default password for an unspecified account, which makes it easier for remote attackers to obtain privileged access via an SSH session.
7.9
2012-08-07 CVE-2012-4178 SQL Injection vulnerability in Symantec web Gateway 5.0.3.18
SQL injection vulnerability in spywall/includes/deptUploads_data.php in Symantec Web Gateway 5.0.3.18 allows remote attackers to execute arbitrary SQL commands via the groupid parameter.
network
low complexity
symantec CWE-89
7.5
2012-07-23 CVE-2012-2961 SQL Injection vulnerability in Symantec web Gateway
SQL injection vulnerability in the management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
symantec CWE-89
7.5
2012-07-23 CVE-2012-2957 Permissions, Privileges, and Access Controls vulnerability in Symantec web Gateway
The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows local users to gain privileges by modifying files, related to a "file inclusion" issue.
local
low complexity
symantec CWE-264
7.2
2012-07-23 CVE-2012-2574 SQL Injection vulnerability in Symantec web Gateway
SQL injection vulnerability in the management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to a "blind SQL injection" issue.
network
low complexity
symantec CWE-89
7.5
2012-05-23 CVE-2012-0289 Buffer Errors vulnerability in Symantec Endpoint Protection and Network Access Control
Buffer overflow in Symantec Endpoint Protection (SEP) 11.0.600x through 11.0.710x and Symantec Network Access Control (SNAC) 11.0.600x through 11.0.710x allows local users to gain privileges, and modify data or cause a denial of service, via a crafted script.
local
low complexity
symantec CWE-119
7.2
2011-10-02 CVE-2011-0554 Code Injection vulnerability in Symantec IM Manager
The management console in Symantec IM Manager before 8.4.18 allows remote attackers to execute arbitrary code via unspecified vectors, related to a "code injection issue."
network
low complexity
symantec CWE-94
7.5
2011-10-02 CVE-2011-0553 SQL Injection vulnerability in Symantec IM Manager
SQL injection vulnerability in the management console in Symantec IM Manager before 8.4.18 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
symantec CWE-89
7.5
2011-07-11 CVE-2011-0549 SQL Injection vulnerability in Symantec web Gateway
SQL injection vulnerability in forget.php in the management GUI in Symantec Web Gateway 4.5.x allows remote attackers to execute arbitrary SQL commands via the username parameter.
network
low complexity
symantec CWE-89
7.5
2011-02-02 CVE-2010-3719 Code Injection vulnerability in Symantec IM Manager
Eval injection vulnerability in IMAdminSchedTask.asp in the administrative interface for Symantec IM Manager 8.4.16 and earlier allows remote attackers to execute arbitrary code via unspecified parameters to the ScheduleTask method.
network
symantec CWE-94
8.5