CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 4CVE-2013-5015 – Symantec Endpoint Protection Manager - Remote Command Execution
https://notcve.org/view.php?id=CVE-2013-5015
SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 11.0 before 11.0.7405.1424 and 12.1 before 12.1.4023.4080, and Symantec Protection Center Small Business Edition 12.x before 12.1.4023.4080, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en la consola de gestión en Symantec Endpoint Protection Manager (SEPM) 11.0 anterior a 11.0.7405.1424 y 12.1 anterior a 12.1.4023.4080 y Symantec Protection Center Small Business Edition 12.x anterior a 12.1.4023.4080, permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través de vectores no especificados. Symantec Endpoint Protection Manager suffers from a remote command execution vulnerability. Versions 11.0, 12.0, and 12.1 are affected. • https://www.exploit-db.com/exploits/31917 https://www.exploit-db.com/exploits/31853 http://osvdb.org/103306 http://www.exploit-db.com/exploits/31853 http://www.exploit-db.com/exploits/31917 http://www.securityfocus.com/bid/65467 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140213_00 https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140218-0_Symantec_Endpoint_Protection_Multiple_critical_v • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 83%CPEs: 6EXPL: 4CVE-2013-5014 – Symantec Endpoint Protection Manager - Remote Command Execution
https://notcve.org/view.php?id=CVE-2013-5014
The management console in Symantec Endpoint Protection Manager (SEPM) 11.0 before 11.0.7405.1424 and 12.1 before 12.1.4023.4080, and Symantec Protection Center Small Business Edition 12.x before 12.1.4023.4080, allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. La consola de gestión en Symantec Endpoint Protection Manager (SEPM) 11.0 anteriorm a 11.0.7405.1424 y 12.1 anterior a 12.1.4023.4080 y Symantec Protection Center Small Business Edition 12.x anterior a 12.1.4023.4080, permite a atacantes remotos leer archivos arbitrarios a través de datos XML conteniendo una declaración de entidad externa en conjunción con una referencia de entidad, relacionado con un problema XML External Entity (XXE). Symantec Endpoint Protection Manager suffers from a remote command execution vulnerability. Versions 11.0, 12.0, and 12.1 are affected. • https://www.exploit-db.com/exploits/31917 https://www.exploit-db.com/exploits/31853 http://www.exploit-db.com/exploits/31853 http://www.exploit-db.com/exploits/31917 http://www.securityfocus.com/bid/65466 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140213_00 https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140218-0_Symantec_Endpoint_Protection_Multiple_critical_vulnerabilities_wo_poc_v10.txt •
CVSS: 4.3EPSS: 71%CPEs: 1EXPL: 0CVE-2013-5013
https://notcve.org/view.php?id=CVE-2013-5013
Multiple cross-site scripting (XSS) vulnerabilities in the management console on the Symantec Web Gateway (SWG) appliance before 5.2 allow remote attackers to inject arbitrary web script or HTML via (1) vectors involving PHP scripts and (2) unspecified other vectors. Múltiples vulnerabilidades de XSS en la consola de administración del appliance Symantec Web Gateway (SWG) anterior a 5.2 permite a atacantes remotos inyectar script Web o HTML arbitrario a través de (1) vectores que involucran scripts PHP y (2) otros vectores no especificados. • http://osvdb.org/103144 http://osvdb.org/103145 http://osvdb.org/103147 http://www.securityfocus.com/bid/65405 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140210_00 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2013-5012
https://notcve.org/view.php?id=CVE-2013-5012
Multiple SQL injection vulnerabilities in the management console on the Symantec Web Gateway (SWG) appliance before 5.2 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Múltiples vulnerabilidades de inyección SQL en la consola de gestión de la aplicación Symantec Web Gateway (SWG) anterior a 5.2 permiten a usuarios remotos auntenticados ejecutar comandos SQL arbitrarios a través de vectores no especificados. • http://www.securityfocus.com/bid/65404 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140210_00 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.0EPSS: 0%CPEs: 4EXPL: 0CVE-2014-1643 – Symantec PGP Universal Web Messenger Unauthorized Access
https://notcve.org/view.php?id=CVE-2014-1643
The Web Email Protection component in Symantec Encryption Management Server (aka PGP Universal Server) before 3.3.2 allows remote authenticated users to read the stored outbound e-mail messages of arbitrary users via a modified URL. El componente Web Email Protection en Symantec Encryption Management Server (también conocido como PGP Universal Server) anterior a 3.3.2 permite a usuarios remotos autenticados leer los e-mail de salida de usuarios arbitrarios a través de una URL modificada. Symantec PGP Universal Web Messenger versions prior to 3.3.2 suffer from an unauthorized access vulnerability. • http://www.securityfocus.com/bid/65300 http://www.securitytracker.com/id/1029729 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140205_00 https://exchange.xforce.ibmcloud.com/vulnerabilities/90946 • CWE-264: Permissions, Privileges, and Access Controls •