CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2014-9230
https://notcve.org/view.php?id=CVE-2014-9230
Cross-site scripting (XSS) vulnerability in the administration console in the Enforce Server in Symantec Data Loss Prevention (DLP) before 12.5.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en la consola de administración en Enforce Server en Symantec Data Loss Prevention (DLP) anterior a 12.5.2 permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través de vectores no especificados. • http://www.securityfocus.com/bid/75288 http://www.securitytracker.com/id/1032710 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150622_00 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 2%CPEs: 24EXPL: 0CVE-2011-0548
https://notcve.org/view.php?id=CVE-2011-0548
Buffer overflow in the Lotus Freelance Graphics PRZ file viewer in Autonomy KeyView, as used in Symantec Mail Security (SMS) 6.x through 8.x, Symantec Brightmail and Messaging Gateway before 9.5.1, and Symantec Data Loss Prevention (DLP) before 10.5.3 and 11.x before 11.1, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .prz file. NOTE: this may overlap CVE-2011-1217. Desbordamiento de búfer en Lotus Freelance Graphics PRZ file viewer en Auntonomy KeyView, tal como se utiliza en Symantec Mail Security (SMS) v6.x hasta v8.x, Symantec Brightmail y Messaging Gateway antes de v9.5.1, y Symantec Data Loss Prevention (DLP) antes de v10.5.3 y v11.x antes de v11,1, permite a atacantes remotos provocar una denegación de servicio (caída) o ejecutar código de su elección mediante un fichero .prz manipulado. Nota: Esta vulnerabilidad puede solaparse con CVE-2011-1217 • http://secunia.com/advisories/44779 http://securitytracker.com/id?1025594 http://securitytracker.com/id?1025595 http://securitytracker.com/id?1025596 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110531_00 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 34%CPEs: 70EXPL: 0CVE-2009-3037
https://notcve.org/view.php?id=CVE-2009-3037
Buffer overflow in xlssr.dll in the Autonomy KeyView XLS viewer (aka File Viewer for Excel), as used in IBM Lotus Notes 5.x through 8.5.x, Symantec Mail Security, Symantec BrightMail Appliance, Symantec Data Loss Prevention (DLP), and other products, allows remote attackers to execute arbitrary code via a crafted .xls spreadsheet attachment. Desbordamiento de búfer en xlssr.dll en Autonomy KeyView XLS viewer(también conocido como File Viewer para Excel)usado en IBM Lotus Notes v5.x hasta v8.5.x, Symantec Mail Security, Symantec BrightMail Appliance, Symantec Data Loss Prevention (DLP), y otros productos, permite a atacantes remotos ejecutar código a su elección a través de una manipulación de la hoja de cálculo .xls adjunta. • http://secunia.com/advisories/36472 http://secunia.com/advisories/36474 http://www-01.ibm.com/support/docview.wss?uid=swg21396492 http://www.securityfocus.com/bid/36042 http://www.securityfocus.com/bid/36124 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090825_00 http://www.vupen.com/english/advisories/2009/2389 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 92%CPEs: 67EXPL: 0CVE-2008-4564
https://notcve.org/view.php?id=CVE-2008-4564
Stack-based buffer overflow in wp6sr.dll in the Autonomy KeyView SDK 10.4 and earlier, as used in IBM Lotus Notes, Symantec Mail Security (SMS) products, Symantec BrightMail Appliance products, and Symantec Data Loss Prevention (DLP) products, allows remote attackers to execute arbitrary code via a crafted Word Perfect Document (WPD) file. Desbordamiento de búfer basado en pila en wp6sr.dll en el Autonomy KeyView SDK 10.4 y anteriores, como es usado en IBM Lotus Notes, productos Symantec Mail Security (SMS), productos Symantec BrightMail Appliance y productos Symantec Data Loss Prevention (DLP) permite a atacantes remotos ejecutar código de su elección mediante un fichero Word Perfect Document (WPD) manipulado. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=774 http://osvdb.org/52713 http://secunia.com/advisories/34303 http://secunia.com/advisories/34307 http://secunia.com/advisories/34318 http://secunia.com/advisories/34355 http://securitytracker.com/id?1021856 http://securitytracker.com/id?1021857 http://www-01.ibm.com/support/docview.wss?rs=463&uid=swg21377573 http://www.kb.cert.org/vuls/id/276563 http://www.securityfocus.com/bid/34086 http://www.se • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •