NotCVE - vendor:"Symantec" product:"Endpoint Protection Manager" version:"

Page 3 of 41 results (0.011 seconds)

CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 2

CVE-2016-3653 – Symantec Endpoint Protection Manager 12.1 - Multiple Vulnerabilities

https://notcve.org/view.php?id=CVE-2016-3653

30 Jun 2016 — Multiple cross-site request forgery (CSRF) vulnerabilities in management scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allow remote authenticated users to hijack the authentication of arbitrary users. Múltiples vulnerabilidades de CSRF en la secuencia de comandos de administración en Symantec Endpoint Protection Manager (SEPM) 12.1 en versiones anteriores a RU6 MP5 permiten a usuarios remotos autenticados secuestrar la autenticación de usuarios arbitrarios. Symantec Endpoint Pro... • https://packetstorm.news/files/id/137713 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 2

CVE-2016-5304 – Symantec Endpoint Protection Manager 12.1 - Multiple Vulnerabilities

https://notcve.org/view.php?id=CVE-2016-5304

30 Jun 2016 — Open redirect vulnerability in a report-routing component in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Vulnerabilidad de redirección abierta en un componente del informe de enrutamiento en Symantec Endpoint Protection Manager (SEPM) 12.1 en versiones anteriores a RU6 MP5 permite a usuarios remotos autenticados redirigir usuarios a páginas web arbitrarias y ll... • https://packetstorm.news/files/id/137713 •

CVSS: 5.4EPSS: 75%CPEs: 1EXPL: 2

CVE-2016-3652 – Symantec Endpoint Protection Manager 12.1 - Multiple Vulnerabilities

https://notcve.org/view.php?id=CVE-2016-3652

30 Jun 2016 — Multiple cross-site scripting (XSS) vulnerabilities in management scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de XSS en la secuencia de comandos de administración en Symantec Endpoint Protection Manager (SEPM) 12.1 en versiones anteriores a RU6 MP5 permiten a usuarios remotos autenticados inyectar secuencia de comandos web o HTML arbitrarios a través de v... • https://packetstorm.news/files/id/137713 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-8152

https://notcve.org/view.php?id=CVE-2015-8152

18 Mar 2016 — Cross-site request forgery (CSRF) vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 allows remote authenticated users to hijack the authentication of administrators for requests that execute arbitrary code by adding lines to a logging script. Vulnerabilidad de CSRF en Symantec Endpoint Protection Manager (SEPM) 12.1 en versiones anteriores a RU6-MP4 permite a usuarios remotos autenticados secuestrar la autenticación de administradores en peticiones que ejecutan código arbitrar... • http://www.securityfocus.com/bid/84343 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-8153

https://notcve.org/view.php?id=CVE-2015-8153

18 Mar 2016 — SQL injection vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en Symantec Endpoint Protection Manager (SEPM) 12.1 en versiones anteriores a RU6-MP4 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través de vectores no especificados. • http://www.securityfocus.com/bid/84354 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-8154

https://notcve.org/view.php?id=CVE-2015-8154

18 Mar 2016 — The SysPlant.sys driver in the Application and Device Control (ADC) component in the client in Symantec Endpoint Protection (SEP) 12.1 before RU6-MP4 allows remote attackers to execute arbitrary code via a crafted HTML document, related to "RWX Permissions." El driver SysPlant.sys en el componente Application and Device Control (ADC) en el cliente en Symantec Endpoint Protection (SEP) 12.1 en versiones anteriores a RU6-MP4 permite a atacantes remotos ejecutar código arbitrario a través de un documento HTML ... • http://www.securityfocus.com/bid/84344 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-6554

https://notcve.org/view.php?id=CVE-2015-6554

12 Nov 2015 — Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP3 allows remote attackers to execute arbitrary OS commands via crafted data. Symantec Endpoint Protection Manager (SEPM) 12.1 anteriores a 12.1-RU6-MP3 permite a atacantes remotos ejecutar comandos OS arbitrarios a través de datos manipulados. • http://www.securityfocus.com/bid/77494 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-6555

https://notcve.org/view.php?id=CVE-2015-6555

12 Nov 2015 — Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP3 allows remote attackers to execute arbitrary Java code by connecting to the console Java port. Symantec Endpoint Protection Manager (SEPM) 12.1 en versiones anteriores a 12.1-RU6-MP3 permite a atacantes remotos ejecutar código Java arbitrario mediante la conexión a la consola del puerto de Java. • http://www.securityfocus.com/bid/77495 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-1488

https://notcve.org/view.php?id=CVE-2015-1488

01 Aug 2015 — An unspecified action handler in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to read arbitrary files via unknown vectors. Vulnerabilidad en manejador de acciones no especificadas en la consola de administración de Symantec Endpoint Protection Manager (SEPM) 12.1 en versiones anteriores a 12.1-RU6-MP1, permite a usuarios remotos autenticados leer archivos arbitrarios a través de vectores no especificados. • http://www.securityfocus.com/bid/76077 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 8.8EPSS: 37%CPEs: 1EXPL: 2

CVE-2015-1489 – Symantec Endpoint Protection Manager - Authentication Bypass / Code Execution

https://notcve.org/view.php?id=CVE-2015-1489

01 Aug 2015 — The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to gain privileges via unspecified vectors. Vulnerabilidad en la consola de administración de Symantec Endpoint Protection Manager (SEPM) 12.1 en versiones anteriores a 12.1-RU6-MP1, permite a usuarios remotos autenticados obtener privilegios a través de vectores no especificados. • https://packetstorm.news/files/id/133112 • CWE-264: Permissions, Privileges, and Access Controls •

1 2 3 4 5