Page 4 of 32 results (0.013 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to bypass the Authentication Lock protection mechanism, and conduct brute-force password-guessing attacks against management-console accounts, by entering data into the authorization window. Symantec Endpoint Protection Manager (SEPM) 12.1 en versiones anteriores a RU6 MP5 permite a usuarios remotos autenticados eludir el mecanismo de protección Authentication Lock y llevar a cabo ataques para adivinar la contraseña de fuerza bruta contra cuentas de administradores de consola introduciendo datos en la ventana de autorización. • http://www.securityfocus.com/bid/91441 http://www.securitytracker.com/id/1036196 https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-254: 7PK - Security Features •

CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0

Race condition in the client in Symantec Endpoint Protection (SEP) 12.1 before RU6 MP5 allows local users to bypass intended restrictions on USB file transfer by conducting filesystem operations before the SEP device manager recognizes a new USB device. Condición de carrera en el cliente en Symantec Endpoint Protection (SEP) 12.1 en versiones anteriores a RU6 MP5 permite a usuarios locales eludir restricciones destinadas a transferir archivo a USB llevando a cabo operaciones de sistema de archivos antes de que el administrador de dispositivos SEP reconozca un nuevo dispositivo USB. • http://www.securityfocus.com/bid/91446 http://www.securitytracker.com/id/1036196 https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_01 • CWE-254: 7PK - Security Features CWE-284: Improper Access Control •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Directory traversal vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to read arbitrary files in the web-root directory tree via unspecified vectors. Vulnerabilidad de salto de directorio en Symantec Endpoint Protection Manager (SEPM) 12.1 en versiones anteriores a RU6 MP5 permite a usuarios remotos autenticados leer archivos arbitrarios en el árbol de directorio web-root a través de vectores no especificados. • http://www.securityfocus.com/bid/91443 http://www.securitytracker.com/id/1036196 https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_01 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0

Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to discover the PHP JSESSIONID value via unspecified vectors. Symantec Endpoint Protection Manager (SEPM) 12.1 en versiones anteriores a RU6 MP5 permite a usuarios remotos autenticados descubrir el valor JSESSIONID en PHP a través de vectores no especificados. • http://www.securityfocus.com/bid/91445 http://www.securitytracker.com/id/1036196 https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.4EPSS: 79%CPEs: 1EXPL: 1

Multiple cross-site scripting (XSS) vulnerabilities in management scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de XSS en la secuencia de comandos de administración en Symantec Endpoint Protection Manager (SEPM) 12.1 en versiones anteriores a RU6 MP5 permiten a usuarios remotos autenticados inyectar secuencia de comandos web o HTML arbitrarios a través de vectores no especificados. Symantec Endpoint Protection Manager and Client version 12.1 suffers from cross site request forgery, cross site scripting, and open redirection vulnerabilities. • https://www.exploit-db.com/exploits/40041 http://www.securityfocus.com/bid/91444 http://www.securitytracker.com/id/1036196 https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_01 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •