lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <CAKvdgaMoqENVeD9a66SLvV756nf_kFTnZDebNb72kHKUy9LtjA@mail.gmail.com>
Date: Wed, 28 Sep 2016 08:52:25 +0200
From: Rio Sherri <rio.sherri@...nstudent.info>
To: fulldisclosure <fulldisclosure@...lists.org>
Subject: [FD] Symantec Messaging Gateway <= 10.6.1 Directory Traversal

# Title : Symantec Messaging Gateway <= 10.6.1 Directory Traversal
# Date : 28/09/2016
# Author : R-73eN
# Tested on : Symantec Messaging Gateway 10.6.1 (Latest)
# Software :
https://www.symantec.com/products/threat-protection/messaging-gateway
# Vendor : Symantec
# CVE : CVE-2016-5312
# DESCRIPTION:
# A charting component in the Symantec Messaging Gateway control center
does not properly sanitize user input submitted for charting requests.
# This could potentially result in an authorized but less privileged user
gaining access to paths outside the authorized directory.
# This could potentially provide read access to some files/directories on
the server for which the user is not authorized.

View attachment "vulnerability.txt" of type "text/plain" (2643 bytes)


_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ