CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-8153
https://notcve.org/view.php?id=CVE-2015-8153
SQL injection vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en Symantec Endpoint Protection Manager (SEPM) 12.1 en versiones anteriores a RU6-MP4 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través de vectores no especificados. • http://www.securityfocus.com/bid/84354 http://www.securitytracker.com/id/1035329 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160317_00 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.3EPSS: 1%CPEs: 1EXPL: 0CVE-2015-8154
https://notcve.org/view.php?id=CVE-2015-8154
The SysPlant.sys driver in the Application and Device Control (ADC) component in the client in Symantec Endpoint Protection (SEP) 12.1 before RU6-MP4 allows remote attackers to execute arbitrary code via a crafted HTML document, related to "RWX Permissions." El driver SysPlant.sys en el componente Application and Device Control (ADC) en el cliente en Symantec Endpoint Protection (SEP) 12.1 en versiones anteriores a RU6-MP4 permite a atacantes remotos ejecutar código arbitrario a través de un documento HTML manipulado, relacionada con "RWX Permissions". • http://www.securityfocus.com/bid/84344 http://www.securitytracker.com/id/1035329 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160317_00 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-8148
https://notcve.org/view.php?id=CVE-2015-8148
The LDAP service in Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows remote attackers to obtain sensitive information about administrator accounts via a modified request. El servicio LDAP en Symantec Encryption Management Server (SEMS) 3.3.2 en versiones anteriores a MP12 permite a atacantes remotos obtener información sensible acerca de cuentas de administrador a través de una petición modificada. • http://www.securityfocus.com/bid/83271 http://www.securitytracker.com/id/1035063 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160218_00 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-8151
https://notcve.org/view.php?id=CVE-2015-8151
Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows remote authenticated users to execute arbitrary OS commands by leveraging console administrator access. Symantec Encryption Management Server (SEMS) 3.3.2 en versiones anteriores a MP12 permite a usuarios remotos autenticados ejecutar comandos del SO arbitrarios mediante el aprovechamiento del acceso de administrador a la consola. • http://www.securityfocus.com/bid/83268 http://www.securitytracker.com/id/1035063 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160218_00 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-8150
https://notcve.org/view.php?id=CVE-2015-8150
Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows local users to obtain root access by modifying a batch file. Symantec Encryption Management Server (SEMS) 3.3.2 en versiones anteriores a MP12 permite a usuarios locales obtener acceso root mediante la modificación de un archivo batch. • http://www.securityfocus.com/bid/83269 http://www.securitytracker.com/id/1035063 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160218_00 • CWE-264: Permissions, Privileges, and Access Controls •