NotCVE - vendor:"Symantec" product:"Endpoint Protection"

Page 13 of 112 results (0.006 seconds)

CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-8152

https://notcve.org/view.php?id=CVE-2015-8152

Cross-site request forgery (CSRF) vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 allows remote authenticated users to hijack the authentication of administrators for requests that execute arbitrary code by adding lines to a logging script. Vulnerabilidad de CSRF en Symantec Endpoint Protection Manager (SEPM) 12.1 en versiones anteriores a RU6-MP4 permite a usuarios remotos autenticados secuestrar la autenticación de administradores en peticiones que ejecutan código arbitrario añadiendo líneas a una secuencia de comandos de registro. • http://www.securityfocus.com/bid/84343 http://www.securitytracker.com/id/1035329 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160317_00 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-8153

https://notcve.org/view.php?id=CVE-2015-8153

SQL injection vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en Symantec Endpoint Protection Manager (SEPM) 12.1 en versiones anteriores a RU6-MP4 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través de vectores no especificados. • http://www.securityfocus.com/bid/84354 http://www.securitytracker.com/id/1035329 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160317_00 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.3EPSS: 1%CPEs: 1EXPL: 0

CVE-2015-8154

https://notcve.org/view.php?id=CVE-2015-8154

The SysPlant.sys driver in the Application and Device Control (ADC) component in the client in Symantec Endpoint Protection (SEP) 12.1 before RU6-MP4 allows remote attackers to execute arbitrary code via a crafted HTML document, related to "RWX Permissions." El driver SysPlant.sys en el componente Application and Device Control (ADC) en el cliente en Symantec Endpoint Protection (SEP) 12.1 en versiones anteriores a RU6-MP4 permite a atacantes remotos ejecutar código arbitrario a través de un documento HTML manipulado, relacionada con "RWX Permissions". • http://www.securityfocus.com/bid/84344 http://www.securitytracker.com/id/1035329 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160317_00 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-6554

https://notcve.org/view.php?id=CVE-2015-6554

Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP3 allows remote attackers to execute arbitrary OS commands via crafted data. Symantec Endpoint Protection Manager (SEPM) 12.1 anteriores a 12.1-RU6-MP3 permite a atacantes remotos ejecutar comandos OS arbitrarios a través de datos manipulados. • http://www.securityfocus.com/bid/77494 http://www.securitytracker.com/id/1034139 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20151109_00 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-6555

https://notcve.org/view.php?id=CVE-2015-6555

Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP3 allows remote attackers to execute arbitrary Java code by connecting to the console Java port. Symantec Endpoint Protection Manager (SEPM) 12.1 en versiones anteriores a 12.1-RU6-MP3 permite a atacantes remotos ejecutar código Java arbitrario mediante la conexión a la consola del puerto de Java. • http://www.securityfocus.com/bid/77495 http://www.securitytracker.com/id/1034139 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20151109_00 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

1...11 12 13 14 15