漏洞描述
【漏洞对象】Symantec Messaging Gateway 【涉及版本】10.6.2之前的版本 【漏洞描述】 Symantec MessagingGateway controlcenter中的图表组件无法正确清理为图表请求提交的用户输入。这可能会导致授权但特权较低的用户获得对授权目录以外路径的访问权限。这可能会提供对服务器上未经用户授权的某些文件/目录的读取权限。
Symantec Messaging Gateway 10.6.1-目录遍历(CVE-2016-5312)
PoC代码
暂无相关漏洞推荐
- (CVE-2025-15010)腾达WH450 1.0.0.18 /goform/SafeUrlFilter栈缓冲区溢出漏洞
- (CVE-2023-53878)Member Login Script 3.3客户端去同步漏洞
- POC CVE-2019-10647: ZZZCMS ZZZPHP 1.6.3 – Remote PHP Code Execution (RCE)
- POC CVE-2021-37415: Zoho ManageEngine ServiceDesk Plus - Authentication Bypass
- POC CVE-2023-23897: Ozette Plugins - Cross-Site Request Forgery
- POC CVE-2023-3388: Beautiful Cookie Consent Banner < 2.10.2 - Cross-Site Scripting
- POC wp-woocommerce-admin-fpd: WordPress Plugin WooCommerce Admin (woocommerce-admin) Full Path Disclosure
- (CVE-2025-56107)Ruijie RG-BCR RG-BCR600W OS命令注入漏洞
- POC CVE-2017-5983: JIRA Workflow Designer Plugin in Atlassian JIRA Server > 6.3.0 - Remote Code Execution (XXE)
- POC CVE-2021-4449: ZoomSounds Plugin - Unauthenticated Arbitrary File Upload
- POC CVE-2022-31101: Prestashop Blockwishlist 2.1.0 SQL Injection
- POC CVE-2023-3277: MStore API <= 4.10.7 - Unauthorized Account Access and Privilege Escalation
- POC CVE-2023-38875: PHP Login System 2.0.1 - Cross-Site Scripting