Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.5
CVSSv2

CVE-2014-7285

Published: 17/12/2014 Updated: 03/01/2017
CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8
VMScore: 656
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Subscribe to Web Gateway

Vulnerability Summary

The management console on the Symantec Web Gateway (SWG) appliance prior to 5.2.2 allows remote authenticated users to execute arbitrary OS commands by injecting command strings into unspecified PHP scripts.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

symantec web gateway

Exploits

Exploit DB: Symantec Web Gateway 5 - 'restore.php' (Authenticated) Command Injection (Metasploit)
## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient def initialize(info={}) super(update_info(info, 'Name' ...
Exploit DB: Symantec Web Gateway 5.2.1 OS Command Injection
Symantec Web Gateway versions 521 and below suffer from a remote OS command injection vulnerability ...

Github Repositories

https://github.com/pinkymm/inconsistency_detection

Towards the Detection of Inconsistencies in Public Security Vulnerability Reports

VIEM VIEM (short for Vulnerability Information Extraction Model) is a tool used for automatically extracting vulnerable software names and versions from unstructured reports It combines a Named Entity Recognition (NER) model and a Relation Extraction (RE) model The goal is to enable the possibility to continuously monitor different vulnerability reporting websites and periodi

https://github.com/CongyingXU/inconsistency_detection_tool

try tool

VIEM VIEM (short for Vulnerability Information Extraction Model) is a tool used for automatically extracting vulnerable software names and versions from unstructured reports It combines a Named Entity Recognition (NER) model and a Relation Extraction (RE) model The goal is to enable the possibility to continuously monitor different vulnerability reporting websites and periodi

References

CWE-77http://www.securityfocus.com/bid/71620http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20141216_00http://www.exploit-db.com/exploits/36263http://packetstormsecurity.com/files/130612/Symantec-Web-Gateway-5-restore.php-Command-Injection.htmlhttp://karmainsecurity.com/KIS-2014-19http://osvdb.org/show/osvdb/116009http://www.securitytracker.com/id/1031386https://nvd.nist.govhttps://github.com/pinkymm/inconsistency_detectionhttps://www.exploit-db.com/exploits/36263/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38298CVE-2024-20356CVE-2023-21987CVE-2024-33217bypassCVE-2024-31804CVE-2024-32660unauthorizedSSRF
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook