what you don't know can hurt you
Showing 1 - 25 of 100 RSS Feed

Files

Symantec Messaging Gateway 10.6.1 Directory Traversal
Posted Sep 28, 2016
Authored by R-73eN

Symantec Messaging Gateway versions 10.6.1 and below suffer from a directory traversal vulnerability.

tags | exploit, file inclusion
advisories | CVE-2016-5312
MD5 | 474ec2043b4af5d87097d9a795722eb7

Related Files

IBM WebSphere MQ File Transfer Edition Web Gateway CSRF
Posted Aug 13, 2012
Authored by Nir Valtman

IBM WebSphere MQ File Transfer Edition Web Gateway suffers from a cross site request forgery vulnerability.

tags | exploit, web, csrf
advisories | CVE-2012-3294
MD5 | 00eb8d50107aa9470e32b9e750dd32b2
Secunia Security Advisory 50140
Posted Aug 2, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Citrix Access Gateway, which can be exploited by malicious people to disclose potentially sensitive information, manipulate certain data, and conduct spoofing attacks.

tags | advisory, spoof, vulnerability
MD5 | 1725ad614372eb9ff53a61545fbb57fc
Citrix Access Gateway Plug-in For Windows nsepacom Buffer Overflow
Posted Aug 1, 2012
Authored by Dmitriy Pletnev | Site secunia.com

Secunia Research has discovered a vulnerability in Citrix Access Gateway Plug-in for Windows, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a boundary error in the nsepacom ActiveX control (nsepa.exe) when processing HTTP responses based on the request via the "StartEpa()" method. This can be exploited to cause a heap-based buffer overflow via an overly long "CSEC" HTTP response header. Successful exploitation allows execution of arbitrary code. Citrix Access Gateway Plug-in for Windows version 9.3.49.5 is affected.

tags | advisory, web, overflow, arbitrary, activex
systems | windows
advisories | CVE-2011-2592
MD5 | 1bc295b946271ecd2579f8f939622ef7
Citrix Access Gateway Plug-in For Windows nsepacom Integer Overflow
Posted Aug 1, 2012
Authored by Dmitriy Pletnev | Site secunia.com

Secunia Research has discovered a vulnerability in Citrix Access Gateway Plug-in for Windows, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by an integer overflow error in the nsepacom ActiveX control (nsepa.exe) when processing HTTP responses based on the request via the "StartEpa()" method. This can be exploited to cause a heap-based buffer overflow via a specially crafted "Content-Length" HTTP response header. Successful exploitation may allow execution of arbitrary code. Citrix Access Gateway Plug-in for Windows version 9.3.49.5 is affected.

tags | advisory, web, overflow, arbitrary, activex
systems | windows
advisories | CVE-2011-2593
MD5 | d7652baa48d94a73aa28dc3115aece5e
Secunia Security Advisory 45299
Posted Jul 31, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Secunia Research has discovered two vulnerabilities in Citrix Access Gateway Plug-in for Windows, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
systems | windows
MD5 | f1c22fc10d8fc23b66e14423c28db7ef
Symantec Web Gateway 5.0.3.18 Blind SQL Injection
Posted Jul 31, 2012
Authored by @_Kc57

Symantec Web Gateway version 5.0.3.18 suffers from a remote blind SQL injection vulnerability in deptUploads_data.php.

tags | exploit, remote, web, php, sql injection
MD5 | 1bc2a5f03b833e0929539f4990414fe8
Symantec Web Gateway 5.0.2.18 pbcontrol.php Command Injection
Posted Jul 27, 2012
Authored by muts, sinn3r | Site metasploit.com

This Metasploit module exploits a command injection vulnerability found in Symantec Web Gateway's HTTP service. While handling the filename parameter, the Spywall API does not do any filtering before passing it to an exec() call in proxy_file(), thus results in remote code execution under the context of the web server. Please note authentication is NOT needed to gain access.

tags | exploit, remote, web, code execution
advisories | CVE-2012-2953
MD5 | 6db1963cdf4c5a50a1d78eaf7ea6ef43
Symantec Web Gateway 5.0.3.18 LFI / Command Execution
Posted Jul 24, 2012
Authored by muts

Symantec Web Gateway version 5.0.3.18 local file inclusion remote root command execution exploit.

tags | exploit, remote, web, local, root, file inclusion
advisories | CVE-2012-2957
MD5 | 597864b221c121259142f0293324e8ff
Symantec Web Gateway 5.0.2 Blind SQL Injection
Posted Jul 23, 2012
Authored by muts

Symantec Web Gateway version 5.0.2 suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, web, sql injection
advisories | CVE-2012-2574
MD5 | 24d7a90be5ce185dacd90c3230dd3739
Symantec Web Gateway 5.0.3.18 Blind SQL Injection
Posted Jul 23, 2012
Authored by muts

Symantec Web Gateway version 5.0.3.18 suffers from a remote blind SQL injection backdoor via MySQL triggers.

tags | exploit, remote, web, sql injection
advisories | CVE-2012-2961
MD5 | e17186f788a1aa28c81caa291ae9db30
Secunia Security Advisory 50031
Posted Jul 23, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Symantec Web Gateway, which can be exploited by malicious, local users to bypass certain security restrictions and by malicious people to bypass certain security restrictions, conduct SQL injection attacks, and compromise a vulnerable system.

tags | advisory, web, local, vulnerability, sql injection
MD5 | 853f41660dfb058d628cbd0b9d1d6392
TP Link Gateway 3.12.4 Cross Site Scripting
Posted Jul 12, 2012
Authored by Ibrahim El-Sayed | Site vulnerability-lab.com

TP Link Gateway version 3.12.4 suffers from cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 5cdee71458b78ec56a76fed8607d1639
Symantec Web Gateway 5.0.28 LFI / Code Execution
Posted Jun 27, 2012
Authored by S2 Crew

Symantec Web Gateway version 5.0.2.8 suffers from local file inclusion, remote command execution, and arbitrary file deletion vulnerabilities.

tags | exploit, remote, web, arbitrary, local, vulnerability, file inclusion
advisories | CVE-2012-0297, CVE-2012-0298
MD5 | b5a0fa25914470ab74588c79b9e885f5
Astaro Security Gateway Cross Site Scripting
Posted Jun 12, 2012
Authored by Julien Ahrens

Astaro Security Gateway suffers from a backup related cross site scripting vulnerability. Version 8.304 is affected.

tags | advisory, xss
advisories | CVE-2012-3238
MD5 | ea9e06da089620a616f5106692cb021d
Symantec Web Gateway 5.0.2.8 Arbitrary PHP File Upload Vulnerability
Posted Jun 11, 2012
Authored by Tenable Network Security, juan vazquez | Site metasploit.com

This Metasploit module exploits a file upload vulnerability found in Symantec Web Gateway's HTTP service. Due to the incorrect use of file extensions in the upload_file() function, this allows us to abuse the spywall/blocked_file.php file in order to upload a malicious PHP file without any authentication, which results in arbitrary code execution.

tags | exploit, web, arbitrary, php, code execution, file upload
advisories | CVE-2012-0299, OSVDB-82025
MD5 | be446e25ec745719bc33f2dda2461791
Symantec Web Gateway 5.0.2.8 ipchange.php Command Injection
Posted Jun 11, 2012
Authored by Tenable Network Security, juan vazquez | Site metasploit.com

This Metasploit module exploits a command injection vulnerability found in Symantec Web Gateway's HTTP service due to the insecure usage of the exec() function. This Metasploit module abuses the spywall/ipchange.php file to execute arbitrary OS commands without authentication.

tags | exploit, web, arbitrary, php
advisories | CVE-2012-0297
MD5 | 8ce5defd93f1d99d9d00f93ecad020aa
Zero Day Initiative Advisory 12-091
Posted Jun 9, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-091 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Web Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists because Symantec Web Gateway allows unauthenticated users to upload a file while preserving the file extension. This allows users to upload additional script files that can be used to execute remote code from user supplied commands under the context of the webserver.

tags | advisory, remote, web, arbitrary
advisories | CVE-2012-0299
MD5 | 7e0eabccbe8dc17d2aa2f1658b487388
Zero Day Initiative Advisory 12-090
Posted Jun 9, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-090 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Web Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists due to insufficiently filtered user-supplied data used in a call to exec() in multiple script pages. The affected scripts are located in '/spywall/ipchange.php' and 'network.php'. There is also a flaw in '/spywall/download_file.php' that allows unauthenticated users to download and delete any file on the server.

tags | advisory, remote, web, arbitrary, php
advisories | CVE-2012-0297
MD5 | 679f1f3e9db547125dbd6b0159ecbe4d
Symantec Web Gateway 5.0.2.8 Command Execution
Posted May 28, 2012
Authored by unknown, muts, sinn3r | Site metasploit.com

This Metasploit module exploits a vulnerability found in Symantec Web Gateway's HTTP service. By injecting PHP code in the access log, it is possible to load it with a directory traversal flaw, which allows remote code execution under the context of 'apache'. Please note that it may take up to several minutes to retrieve access_log, which is about the amount of time required to see a shell back.

tags | exploit, remote, web, shell, php, code execution
advisories | CVE-2012-0297
MD5 | 23de61f5a2711a069a0ccdd35f1b4230
Symantec Web Gateway 5.0.2 Local File Inclusion
Posted May 26, 2012
Authored by muts

Symantec Web Gateway version 5.0.2 remote local file inclusion root exploit.

tags | exploit, remote, web, local, root, file inclusion
advisories | CVE-2012-0297
MD5 | e1cd70ed9ddc7db0a7bc45a9ac537159
Secunia Security Advisory 49216
Posted May 18, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Symantec Web Gateway, which can be exploited by malicious people to disclose potentially sensitive information, conduct cross-site scripting attacks, manipulate certain data, and compromise a vulnerable system.

tags | advisory, web, vulnerability, xss
MD5 | 79ff029012a6858c3de7243b1690abca
Secunia Security Advisory 49064
Posted May 7, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in Symantec Web Gateway, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, web, xss
MD5 | 7d40447471f7ed779bd47c7137e8d882
Symantec Web Gateway Cross Site Scripting
Posted May 6, 2012
Authored by B00y@

Symantec Web Gateway suffers from a cross site scripting vulnerability.

tags | exploit, web, xss
MD5 | 95d16b9c1093fb7e4c3860aeee4e9e99
McAfee Web Gateway And Squid Proxy 3.1.19 Bypass
Posted Apr 13, 2012
Authored by Gabriel Menezes Nunes

McAfee Web Gateway and Squid Proxy version 3.1.19 suffers from a bypass vulnerability due to putting trust in Host headers. Proof of concept tool included. Squid is only vulnerable to the attacks if the filtered site is using SSL.

tags | exploit, web, proof of concept, bypass
systems | unix
advisories | CVE-2012-2212, CVE-2012-2213
MD5 | 2a72aa39ac2270394d6cad78bd6d074a
Telco SMTP To SMS/MMS Crypto
Posted Apr 13, 2012
Authored by Champ Clark III

Many people use telecommunications provided SMTP to SMS/MMS gateways to send out sensitive data. This paper looks into encryption (or lack of) covered by these types of public access SMTP to SMS/MMS gateways and services.

tags | paper
MD5 | c29898edd3a98bd1b649f060126d2bfe
Page 1 of 4
Back1234Next

File Archive:

May 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    14 Files
  • 2
    May 2nd
    3 Files
  • 3
    May 3rd
    1 Files
  • 4
    May 4th
    18 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    21 Files
  • 7
    May 7th
    15 Files
  • 8
    May 8th
    19 Files
  • 9
    May 9th
    1 Files
  • 10
    May 10th
    2 Files
  • 11
    May 11th
    18 Files
  • 12
    May 12th
    39 Files
  • 13
    May 13th
    15 Files
  • 14
    May 14th
    17 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    2 Files
  • 17
    May 17th
    2 Files
  • 18
    May 18th
    15 Files
  • 19
    May 19th
    21 Files
  • 20
    May 20th
    15 Files
  • 21
    May 21st
    15 Files
  • 22
    May 22nd
    6 Files
  • 23
    May 23rd
    1 Files
  • 24
    May 24th
    1 Files
  • 25
    May 25th
    2 Files
  • 26
    May 26th
    23 Files
  • 27
    May 27th
    13 Files
  • 28
    May 28th
    18 Files
  • 29
    May 29th
    17 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close