Page 2 of 10 results (0.006 seconds)

CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 1

The ajaxswing webui in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows remote authenticated users to obtain sensitive server information via unspecified vectors. La webui ajaxswing en la administración del servidor en Symantec Critical System Protection (SCSP) 5.2.9 a través de MP6 y Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x a través de 6.0 MP1 permite a usuarios remotos autenticados obtener información del servidor sensible a través de vectores no especificados. Symantec Data Center Security: Server Advanced (SDCS:SA) and Symantec Critical System Protection (SCSP) suffer from cross site scripting, remote SQL injection, information disclosure, and policy bypass vulnerabilities. • https://www.exploit-db.com/exploits/35915 http://packetstormsecurity.com/files/130060/Symantec-SDCS-SA-SCSP-XSS-Bypass-SQL-Injection-Disclosure.html http://seclists.org/fulldisclosure/2015/Jan/91 http://www.securityfocus.com/archive/1/534527/100/0/threaded http://www.securityfocus.com/bid/72094 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150119_00 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 3.5EPSS: 0%CPEs: 2EXPL: 1

Cross-site scripting (XSS) vulnerability in the ajaxswing webui in the Management Console server in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad XSS en la WebUI ajaxswing en el servidor Management Console en la administración del servidor en Symantec Critical System Protection (SCSP) 5.2.9 a través de MP6 y Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x a través 6.0 MP1 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. Symantec Data Center Security: Server Advanced (SDCS:SA) and Symantec Critical System Protection (SCSP) suffer from cross site scripting, remote SQL injection, information disclosure, and policy bypass vulnerabilities. • https://www.exploit-db.com/exploits/35915 http://packetstormsecurity.com/files/130060/Symantec-SDCS-SA-SCSP-XSS-Bypass-SQL-Injection-Disclosure.html http://seclists.org/fulldisclosure/2015/Jan/91 http://www.securityfocus.com/archive/1/534527/100/0/threaded http://www.securityfocus.com/bid/72093 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150119_00 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1

SQL injection vulnerability in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1 allows remote authenticated users to execute arbitrary SQL commands via a crafted HTTP request. Vulnerabilidad de inyección SQL en la administración del servidor en Symantec Critical System Protection (SCSP) 5.2.9 anterior a MP6 y Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x anterior a 6.0 MP1 permite usuarios remotos autenticados ejecutar comandos arbitrarios SQL a través de peticiones HTTP modificadas. Symantec Data Center Security: Server Advanced (SDCS:SA) and Symantec Critical System Protection (SCSP) suffer from cross site scripting, remote SQL injection, information disclosure, and policy bypass vulnerabilities. • https://www.exploit-db.com/exploits/35915 http://packetstormsecurity.com/files/130060/Symantec-SDCS-SA-SCSP-XSS-Bypass-SQL-Injection-Disclosure.html http://seclists.org/fulldisclosure/2015/Jan/91 http://www.securityfocus.com/archive/1/534527/100/0/threaded http://www.securityfocus.com/bid/72092 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150119_00 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0

The Agent Control Interface in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1 allows remote authenticated users to execute arbitrary commands by leveraging client-system access to upload a log file. La interfaz de control de agente en el servidor de administración en Symantec Critical System Protection (SCSP) 5.2.9 anterior a MP6 y Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x anterior a 6.0 MP1 permite a usuarios remotos autenticados ejecutar comandos arbitrarios mediante el aprovechamiento del sistema de acceso de cliente para cargar un fichero de log. • http://seclists.org/fulldisclosure/2015/May/39 http://www.securityfocus.com/bid/72091 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150119_00 • CWE-20: Improper Input Validation •

CVSS: 7.6EPSS: 0%CPEs: 2EXPL: 0

Symantec Critical System Protection (SCSP) before 5.2.9, when installed on an unpatched Windows Server 2003 R2 platform, allows remote attackers to bypass policy settings via unspecified vectors. Symantec Critical System Protection (SCSP) anterior a 5.2.9, cuando se instala en una plataforma R2 de Windows Server 2003 sin parches , permite a atacantes remotos evadir configuraciones de política a través de vectores no especificados. • http://www.securityfocus.com/bid/67161 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140502_00 • CWE-264: Permissions, Privileges, and Access Controls •