Page 3 of 28 results (0.002 seconds)

CVSS: 7.8EPSS: 0%CPEs: 32EXPL: 0

Symantec Endpoint Protection Manager (SEPM) prior to and including 12.1 RU6 MP9 and prior to 14.2 RU1 may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Symantec Endpoint Protection Manager (SEPM), en versiones anteriores e incluyendo a 12.1 RU6 MP9 y anteriores a 14.2 RU1, puede ser susceptible a una vulnerabilidad de precarga de DLL, que es un tipo de problema que puede ocurrir cuando una aplicación busca llamar a una DLL para su ejecución y un atacante proporciona una DLL maliciosa para usar en su lugar. • http://www.securityfocus.com/bid/107996 https://support.symantec.com/en_US/article.SYMSA1479.html • CWE-426: Untrusted Search Path •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in management scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allow remote authenticated users to inject arbitrary web script or HTML via a "DOM link manipulation" attack. Múltiples vulnerabilidades de XSS en la secuencia de comandos de administración en Symantec Endpoint Protection Manager (SEPM) 12.1 en versiones anteriores a RU6 MP5 permiten a usuarios remotos autenticados inyectar secuencia de comandos web o HTML arbitrarios a través de un ataque "manipulación de enlace DOM". • http://www.securityfocus.com/bid/91448 http://www.securitytracker.com/id/1036196 https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_01 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to discover credentials via a brute-force attack. Symantec Endpoint Protection Manager (SEPM) 12.1 en versiones anteriores a RU6 MP5 permite a usuarios remotos autenticados descubrir credenciales a través de ataques de fuerza bruta. • http://www.securityfocus.com/bid/91432 http://www.securitytracker.com/id/1036196 https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-254: 7PK - Security Features •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated administrators to enumerate administrator accounts via modified GET requests. Symantec Endpoint Protection Manager (SEPM) 12.1 en versiones anteriores a RU6 MP5 permite a administradores remotos autenticados enumerar cuentas de administradores a través de peticiones GET modificadas. • http://www.securityfocus.com/bid/91440 http://www.securitytracker.com/id/1036196 https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0

Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks, and trigger network traffic to arbitrary intranet hosts, via a crafted request. Symantec Endpoint Protection Manager (SEPM) en versiones anteriores a RU6 MP5 permite a usuarios remotos autenticados llevar a cabo ataques de falsificación de solicitud del lado del servidor (SSRF) y desencadenar tráfico de red en el host de la intranet arbitraria a través de una petición manipulada. • http://www.securityfocus.com/bid/91433 http://www.securitytracker.com/id/1036196 https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_01 •