Full Disclosure mailing list archives
Symantec Messaging Gateway <= 10.6.1 Directory Traversal
From: Rio Sherri <rio.sherri () fshnstudent info>
Date: Wed, 28 Sep 2016 08:52:25 +0200
# Title : Symantec Messaging Gateway <= 10.6.1 Directory Traversal # Date : 28/09/2016 # Author : R-73eN # Tested on : Symantec Messaging Gateway 10.6.1 (Latest) # Software : https://www.symantec.com/products/threat-protection/messaging-gateway # Vendor : Symantec # CVE : CVE-2016-5312 # DESCRIPTION: # A charting component in the Symantec Messaging Gateway control center does not properly sanitize user input submitted for charting requests. # This could potentially result in an authorized but less privileged user gaining access to paths outside the authorized directory. # This could potentially provide read access to some files/directories on the server for which the user is not authorized.
Attachment:
vulnerability.txt
Description:
_______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- Symantec Messaging Gateway <= 10.6.1 Directory Traversal Rio Sherri (Sep 28)