CVE-2012-4348
https://notcve.org/view.php?id=CVE-2012-4348
The management console in Symantec Endpoint Protection (SEP) 11.0 before RU7-MP3 and 12.1 before RU2, and Symantec Endpoint Protection Small Business Edition 12.x before 12.1 RU2, does not properly validate input for PHP scripts, which allows remote authenticated users to execute arbitrary code via unspecified vectors. La consola de administración de Symantec Endpoint Protection (SEP) v11.0 antes de RU7-MP3 y v12.1 antes de RU2 y Symantec Endpoint Protection Small Business Edition v12.x antes de v12.1 RU2, no valida correctamente la entrada para secuencias de comandos PHP, lo que permite a usuarios remotos autenticados ejecutar código arbitrario a través de vectores no especificados. • http://www.securityfocus.com/bid/56846 http://www.securitytracker.com/id?1027863 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20121210_00 • CWE-20: Improper Input Validation •
CVE-2012-4953
https://notcve.org/view.php?id=CVE-2012-4953
The decomposer engine in Symantec Endpoint Protection (SEP) 11.0, Symantec Endpoint Protection Small Business Edition 12.0, Symantec AntiVirus Corporate Edition (SAVCE) 10.x, and Symantec Scan Engine (SSE) before 5.2.8 does not properly perform bounds checks of the contents of CAB archives, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted file. El motor de descomposición en Symantec Endpoint Protection (SEP) v11.0, Symantec Endpoint Protection Small Business Edition v12.0, Symantec AntiVirus Corporate Edition (SAVCE) v10.x y Symantec Scan Engine (ESE) antes de v5.2.8 no realiza , de forma adecuada, comprobaciones sobre los límites de los contenidos de los archivos CAB, lo que permite a atacantes remotos provocar una denegación de servicio (por caída de la aplicación) o posiblemente ejecutar código de su elección a través de un archivo modificado. • http://www.kb.cert.org/vuls/id/985625 http://www.securityfocus.com/bid/56399 http://www.securitytracker.com/id?1027726 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20121107_00 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2012-1821
https://notcve.org/view.php?id=CVE-2012-1821
The Network Threat Protection module in the Manager component in Symantec Endpoint Protection (SEP) 11.0.600x through 11.0.700x on Windows Server 2003 allows remote attackers to cause a denial of service (web-server outage, or daemon crash or hang) via a flood of packets that triggers automated blocking of network traffic. El módulo Network Threat Protection en Manager component en Symantec Endpoint Protection (SEP) v11.0.600x hasta v11.0.700x en Windows Server 2003 permite a atacantes remotos causar una denegación de servicio (bloqueo de la aplicación) a través de una inundación de paquetes automatizados. • http://osvdb.org/82147 http://secunia.com/advisories/49221 http://www.kb.cert.org/vuls/id/149070 http://www.securityfocus.com/bid/50358 http://www.securitytracker.com/id?1027092 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120522_00 •
CVE-2012-0295
https://notcve.org/view.php?id=CVE-2012-0295
The Manager service in the management console in Symantec Endpoint Protection (SEP) 12.1 before 12.1 RU1-MP1 allows remote attackers to conduct file-insertion attacks and execute arbitrary code by leveraging exploitation of CVE-2012-0294. El servicio The Manager de la consola de administración de Symantec Endpoint Protection (SEP) v12.1 anterior a 12.1 RU1-MP1 permite a atacantes remotos realizar ataques de inserción de archivos y ejecutar código arbitrario mediante el aprovechamiento de la explotación de CVE-2012-0294. • http://www.securityfocus.com/bid/53183 http://www.securityfocus.com/bid/53184 http://www.securitytracker.com/id?1027093 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120522_01 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2012-0294
https://notcve.org/view.php?id=CVE-2012-0294
Directory traversal vulnerability in the Manager service in the management console in Symantec Endpoint Protection (SEP) 12.1 before 12.1 RU1-MP1 allows remote attackers to delete files via unspecified vectors. Vulnerabilidad de salto de directorio en el Servicio Manager en la consola de administracion en Symantec Endpoint Protection (SEP) v12.1 anterior a v12.1 RU1-MP1 permite a atacantes remotos eliminar ficheros mediante vectores desconocidos. • http://www.securityfocus.com/bid/53182 http://www.securitytracker.com/id?1027093 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120522_01 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •