CVSS: 8.5EPSS: 72%CPEs: 1EXPL: 0CVE-2015-5691 – Symantec Web Gateway Arbitrary PHP File Upload Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-5691
Multiple cross-site scripting (XSS) vulnerabilities in PHP scripts in the management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, as demonstrated an attack against admin_messages.php. Múltiples vulnerabilidades de XSS en scripts PHP en la consola de gestión en Symantec Web Gateway (SWG) en dispositivos con software en versiones anteriores a 5.2.2 DB 5.0.0.1277, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados, según lo demostrado en un ataque contra admin_messages.php. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Web Gateway. Authentication is required to exploit this vulnerability, however it can be bypassed via reflected cross-site scripting. The specific flaw exists within the admin_messages.php file which relies on mimetypes and file extensions to block potentially dangerous file uploads. An attacker can exploit this condition to upload arbitrary files as the apache user. • http://www.securityfocus.com/bid/76728 http://www.securitytracker.com/id/1033625 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150916_00 http://www.zerodayinitiative.com/advisories/ZDI-15-443 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 14%CPEs: 8EXPL: 0CVE-2015-5689 – Symantec Ghost Out-Of-Bounds Indexing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-5689
ghostexp.exe in Ghost Explorer Utility in Symantec Ghost Solutions Suite (GSS) before 3.0 HF2 12.0.0.8010 and Symantec Deployment Solution (DS) before 7.6 HF4 12.0.0.7045 performs improper sign-extend operations before array-element accesses, which allows remote attackers to execute arbitrary code, cause a denial of service (application crash), or possibly obtain sensitive information via a crafted Ghost image. Vulnerabilidad en ghostexp.exe en Ghost Explorer Utility en Symantec Ghost Solutions Suite (GSS) en versiones anteriores a 3.0 HF2 12.0.0.8010 y Symantec Deployment Solution (DS) en versiones anteriores a 7.6 HF4 12.0.0.7045, realiza una operación de extensión de signo indebida antes de los accesos a los elementos del array, lo que permite a atacantes remotos ejecutar código arbitrario, causar una denegación de servicio (caída de la aplicación) o posiblemente obtener información sensible a través de una imagen Ghost manipulada. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Ghost. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Ghost images. The issue lies in sign-extending byte values from an array before using them as an index into an array, allowing for out-of-bounds access. • http://www.securityfocus.com/bid/76498 http://www.securitytracker.com/id/1033577 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150902_00 http://zerodayinitiative.com/advisories/ZDI-15-419 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1491
https://notcve.org/view.php?id=CVE-2015-1491
SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en la consola de administración de Symantec Endpoint Protection Manager (SEPM) 12.1 en versiones anteriores a 12.1-RU6-MP1, permite a usuarios remotos autenticados ejecutar comandos SQL a través de vectores no especificados. • http://www.securityfocus.com/bid/76079 http://www.securitytracker.com/id/1033165 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150730_00 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.5EPSS: 40%CPEs: 1EXPL: 1CVE-2015-1489 – Symantec Endpoint Protection Manager - Authentication Bypass / Code Execution
https://notcve.org/view.php?id=CVE-2015-1489
The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to gain privileges via unspecified vectors. Vulnerabilidad en la consola de administración de Symantec Endpoint Protection Manager (SEPM) 12.1 en versiones anteriores a 12.1-RU6-MP1, permite a usuarios remotos autenticados obtener privilegios a través de vectores no especificados. • https://www.exploit-db.com/exploits/37812 http://www.securityfocus.com/bid/76078 http://www.securitytracker.com/id/1033165 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150730_00 http://codewhitesec.blogspot.com/2015/07/symantec-endpoint-protection.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 54%CPEs: 1EXPL: 1CVE-2015-1486 – Symantec Endpoint Protection Manager - Authentication Bypass / Code Execution
https://notcve.org/view.php?id=CVE-2015-1486
The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote attackers to bypass authentication via a crafted password-reset action that triggers a new administrative session. Vulnerabilidad en la consola de administración de Symantec Endpoint Protection Manager (SEPM) 12.1 en versiones anteriores a 12.1-RU6-MP1, permite a atacantes remotos evadir la autenticación a través de una acción password-reset manipulada que desencadena una nueva sesión administrativa. • https://www.exploit-db.com/exploits/37812 http://www.securityfocus.com/bid/76074 http://www.securitytracker.com/id/1033165 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150730_00 http://codewhitesec.blogspot.com/2015/07/symantec-endpoint-protection.html • CWE-287: Improper Authentication •