CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0CVE-2011-0551
https://notcve.org/view.php?id=CVE-2011-0551
Cross-site request forgery (CSRF) vulnerability in the Web Interface in the Endpoint Protection Manager in Symantec Endpoint Protection (SEP) 11.0.600x through 11.0.6300 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts. Vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en Web Interface en el Endpoint Protection Manager en Symantec Endpoint Protection (SEP) v11.0.600x hasta v11.0.6300, permite a atacantes remotos secuestrar la autenticación de los administradores para las peticiones que crean cuentas administrativas. • http://secunia.com/advisories/43662 http://securitytracker.com/id?1025919 http://www.osvdb.org/74467 http://www.securityfocus.com/bid/49101 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110810_00 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 3%CPEs: 13EXPL: 0CVE-2010-0114 – Symantec Endpoint Protection Manager Reporting Server fw_charts.php Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0114
fw_charts.php in the reporting module in the Manager (aka SEPM) component in Symantec Endpoint Protection (SEP) 11.x before 11 RU6 MP2 allows remote attackers to bypass intended restrictions on report generation, overwrite arbitrary PHP scripts, and execute arbitrary code via a crafted request. fw_charts.php en el módulo de reporte en el componente Manager (también conocido como SEPM) en Symantec Endpoint Protection (SEP) 11.x, en versiones anteriores a la 11 RU6 MP2, permite a atacantes remotos eludir las restricciones establecidas en la generación de reportes, sobreescribir scripts PHP de su elección y ejecutar código de su elección mediante una petición manipulada. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Endpoint Protection. Authentication is not required to exploit this vulnerability. The specific flaw exists within the portion of the server that generates reports. Due to the combination of insufficient checks being performed on the application and failure to authenticate a user for generating a chart, an attacker can overwrite arbitrary files on a server. Careful exploitation can lead to code execution under the context of the php interpreter. • http://secunia.com/advisories/42643 http://securitytracker.com/id?1024900 http://www.securityfocus.com/bid/45372 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20101215_00 http://www.vupen.com/english/advisories/2010/3252 http://www.zerodayinitiative.com/advisories/ZDI-10-291 https://exchange.xforce.ibmcloud.com/vulnerabilities/64118 • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 83%CPEs: 20EXPL: 1CVE-2010-3268
https://notcve.org/view.php?id=CVE-2010-3268
The GetStringAMSHandler function in prgxhndl.dll in hndlrsvc.exe in the Intel Alert Handler service (aka Symantec Intel Handler service) in Intel Alert Management System (AMS), as used in Symantec Antivirus Corporate Edition 10.1.4.4010 on Windows 2000 SP4 and Symantec Endpoint Protection before 11.x, does not properly validate the CommandLine field of an AMS request, which allows remote attackers to cause a denial of service (application crash) via a crafted request. La función GetStringAMSHandler en prgxhndl.dll en hndlrsvc.exe en Intel Alert Handler service (conocido como Symantec Intel Handler service) en Intel Alert Management System (AMS), como el usado en Symantec Antivirus Corporate Edition v10.1.4.4010 en Windows 2000 SP4 y Symantec Endpoint Protection anterior v11.x, no valida adecuadamente el campo CommandLine de una petición AMS, lo que permite a atacantes remotos causar una denegación de servicio (caída aplicación) a través de peticiones manipuladas. • http://secunia.com/advisories/42593 http://secunia.com/advisories/43099 http://www.coresecurity.com/content/symantec-intel-handler-service-remote-dos http://www.securityfocus.com/archive/1/515191/100/0/threaded http://www.securityfocus.com/bid/45936 http://www.securitytracker.com/id?1024866 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110126_00 http://www.vupen.com/english/advisories/2010/3206 http://www.vu • CWE-20: Improper Input Validation •
CVSS: 1.9EPSS: 0%CPEs: 54EXPL: 0CVE-2010-0106
https://notcve.org/view.php?id=CVE-2010-0106
The on-demand scanning in Symantec AntiVirus 10.0.x and 10.1.x before MR9, AntiVirus 10.2.x, and Client Security 3.0.x and 3.1.x before MR9, when Tamper protection is disabled, allows remote attackers to cause a denial of service (prevention of on-demand scanning) via "specific events" that prevent the user from having read access to unspecified resources. El escaneo bajo demanda en Symantec AntiVirus v10.0.x y v10.1.x anterior a MR9, AntiVirus v10.2.x, Client Security v3.0.x y v3.1.x anterior a MR9 y Endpoint Protection v11.x, cuando la protección de manipulación está desactivado, permite a atacantes remotos provocar una denegación de servicio (prevención de escaneo bajo demanda) a través de "eventos concretos" que impiden que el usuario tenga acceso de lectura a recursos no especificados. • http://osvdb.org/62414 http://secunia.com/advisories/38653 http://www.securityfocus.com/bid/38219 http://www.securitytracker.com/id?1023621 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100217_00 http://www.vupen.com/english/advisories/2010/0410 https://exchange.xforce.ibmcloud.com/vulnerabilities/56354 •
CVSS: 10.0EPSS: 46%CPEs: 54EXPL: 1CVE-2010-0108 – Symantec (Multiple Products) - Client Proxy ActiveX 'CLIproxy.dll' Remote Overflow
https://notcve.org/view.php?id=CVE-2010-0108
Buffer overflow in the cliproxy.objects.1 ActiveX control in the Symantec Client Proxy (CLIproxy.dll) in Symantec AntiVirus 10.0.x, 10.1.x before MR9, and 10.2.x before MR4; and Symantec Client Security 3.0.x and 3.1.x before MR9 allows remote attackers to execute arbitrary code via a long argument to the SetRemoteComputerName function. Desbordamiento de búfer en un control ActiveX en el proxy de cliente de Symantec (CLIproxy.dll) en Symantec AntiVirus v10.0.x, v10.1.x anterior a MR9 y v10.2.x anterior a MR4 y Symantec Client Security v3.0.x y v3.1.x anterior a MR9 podría permitir a atacantes remotos ejecutar código arbitrario a través de vectores desconocidos relacionados con un proxy. • https://www.exploit-db.com/exploits/33642 http://dsecrg.com/pages/vul/show.php?id=139 http://secunia.com/advisories/38651 http://www.securityfocus.com/archive/1/509681/100/0/threaded http://www.securityfocus.com/bid/38222 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100217_02 http://www.vupen.com/english/advisories/2010/0412 https://exchange.xforce.ibmcloud.com/vulnerabilities/56355 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •