CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2014-9230
https://notcve.org/view.php?id=CVE-2014-9230
Cross-site scripting (XSS) vulnerability in the administration console in the Enforce Server in Symantec Data Loss Prevention (DLP) before 12.5.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en la consola de administración en Enforce Server en Symantec Data Loss Prevention (DLP) anterior a 12.5.2 permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través de vectores no especificados. • http://www.securityfocus.com/bid/75288 http://www.securitytracker.com/id/1032710 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150622_00 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.9EPSS: 0%CPEs: 2EXPL: 0CVE-2015-1484
https://notcve.org/view.php?id=CVE-2015-1484
Unquoted Windows search path vulnerability in the agent in Symantec Workspace Streaming (SWS) 6.1 before SP8 MP2 HF7 and 7.5 before SP1 HF4, when AppMgrService.exe is configured as a service, allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory, as demonstrated by program.exe. Vulnerabilidad de ruta de búsqueda de Windows no citado en el agente en Symantec Workspace Streaming (SWS) 6.1 anterior a SP8 MP2 HF7 y 7.5 anterior a SP1 HF4, cuando AppMgrService.exe está configurado como servicio, permite a usuarios locales ganar privilegios a través de un fichero ejecutable troyano en el directorio %SYSTEMDRIVE%, tal y como fue demostrado por program.exe. • http://www.securityfocus.com/bid/73925 http://www.securitytracker.com/id/1032133 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150410_00 •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2015-1483
https://notcve.org/view.php?id=CVE-2015-1483
Symantec NetBackup OpsCenter 7.6.0.2 through 7.6.1 on Linux and UNIX allows remote attackers to execute arbitrary JavaScript code via unspecified vectors. Symantec NetBackup OpsCenter 7.6.0.2 hasta 7.6.1 en Linux y UNIX permite a atacantes remotos ejecutar código JavaScript arbitrario a través de vectores no especificados. • http://www.securityfocus.com/bid/72737 http://www.securitytracker.com/id/1031831 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150302_00 • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2014-7287
https://notcve.org/view.php?id=CVE-2014-7287
The key-management component in Symantec PGP Universal Server and Encryption Management Server before 3.3.2 MP7 allows remote attackers to trigger unintended content in outbound e-mail messages via a crafted key UID value in an inbound e-mail message, as demonstrated by the outbound Subject header. El componente de la gestión de claves en Symantec PGP Universal Server y Encryption Management Server anterior a 3.3.2 MP7 permite a atacantes remotos provocar contenido no intencionado en mensajes de email salientes a través de un valor de clave UID manipulado en un mensaje de email entrante, tal y como fue demostrado por la cabecera del asunto saliente. • http://www.securityfocus.com/bid/72307 http://www.securitytracker.com/id/1031673 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150129_00 https://exchange.xforce.ibmcloud.com/vulnerabilities/100762 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 9.0EPSS: 10%CPEs: 2EXPL: 2CVE-2014-7288 – Symantec Encryption Management Server < 3.2.0 MP6 - Remote Command Injection
https://notcve.org/view.php?id=CVE-2014-7288
Symantec PGP Universal Server and Encryption Management Server before 3.3.2 MP7 allow remote authenticated administrators to execute arbitrary shell commands via a crafted command line in a database-backup restore action. Symantec PGP Universal Server y Encryption Management Server anterior a 3.3.2 MP7 permiten a administradores remotos autenticados ejecutar comandos de shell arbitrarios a través de una línea de comandos manipulada en una acción de restauración de la copia de seguridad de la base de datos. Symantec Encryption Gateway suffers from a remote command injection vulnerability. Versions prior to 3.2.0 MP6 are affected. • https://www.exploit-db.com/exploits/35949 http://www.exploit-db.com/exploits/35949 http://www.osvdb.org/117766 http://www.securityfocus.com/bid/72308 http://www.securitytracker.com/id/1031673 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150129_00 https://exchange.xforce.ibmcloud.com/vulnerabilities/100763 • CWE-264: Permissions, Privileges, and Access Controls •