CVSS: 10.0EPSS: 88%CPEs: 39EXPL: 0CVE-2010-0110 – Symantec AMS Intel Alert Service AMSSendAlertAct Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0110
27 Jan 2011 — Multiple stack-based buffer overflows in Intel Alert Management System (aka AMS or AMS2), as used in Symantec AntiVirus Corporate Edition (SAVCE) 10.x before 10.1 MR10, Symantec System Center (SSC) 10.x, and Symantec Quarantine Server 3.5 and 3.6, allow remote attackers to execute arbitrary code via (1) a long string to msgsys.exe, related to the AMSSendAlertAct function in AMSLIB.dll in the Intel Alert Handler service (aka Symantec Intel Handler service); a long (2) modem string or (3) PIN number to msgsys... • http://secunia.com/advisories/43099 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 27%CPEs: 39EXPL: 0CVE-2010-0111 – Symantec Intel Alert Originator Service iao.exe Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0111
27 Jan 2011 — HDNLRSVC.EXE in the Intel Alert Handler service (aka Symantec Intel Handler service) in Intel Alert Management System (aka AMS or AMS2), as used in Symantec AntiVirus Corporate Edition (SAVCE) 10.x before 10.1 MR10, Symantec System Center (SSC) 10.x, and Symantec Quarantine Server 3.5 and 3.6, allows remote attackers to execute arbitrary programs by sending msgsys.exe a UNC share pathname, which is used directly in a CreateProcessA (aka CreateProcess) call. HDNLRSVC.EXE en el servicio Intel Alert Handler (t... • http://secunia.com/advisories/43099 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 54EXPL: 0CVE-2010-0106
https://notcve.org/view.php?id=CVE-2010-0106
19 Feb 2010 — The on-demand scanning in Symantec AntiVirus 10.0.x and 10.1.x before MR9, AntiVirus 10.2.x, and Client Security 3.0.x and 3.1.x before MR9, when Tamper protection is disabled, allows remote attackers to cause a denial of service (prevention of on-demand scanning) via "specific events" that prevent the user from having read access to unspecified resources. El escaneo bajo demanda en Symantec AntiVirus v10.0.x y v10.1.x anterior a MR9, AntiVirus v10.2.x, Client Security v3.0.x y v3.1.x anterior a MR9 y Endpo... • http://osvdb.org/62414 •
CVSS: 10.0EPSS: 67%CPEs: 54EXPL: 1CVE-2010-0108 – Symantec (Multiple Products) - Client Proxy ActiveX 'CLIproxy.dll' Remote Overflow
https://notcve.org/view.php?id=CVE-2010-0108
19 Feb 2010 — Buffer overflow in the cliproxy.objects.1 ActiveX control in the Symantec Client Proxy (CLIproxy.dll) in Symantec AntiVirus 10.0.x, 10.1.x before MR9, and 10.2.x before MR4; and Symantec Client Security 3.0.x and 3.1.x before MR9 allows remote attackers to execute arbitrary code via a long argument to the SetRemoteComputerName function. Desbordamiento de búfer en un control ActiveX en el proxy de cliente de Symantec (CLIproxy.dll) en Symantec AntiVirus v10.0.x, v10.1.x anterior a MR9 y v10.2.x anterior a MR... • https://www.exploit-db.com/exploits/33642 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 31EXPL: 0CVE-2009-3104
https://notcve.org/view.php?id=CVE-2009-3104
08 Sep 2009 — Unspecified vulnerability in Symantec Norton AntiVirus 2005 through 2008; Norton Internet Security 2005 through 2008; AntiVirus Corporate Edition 9.0 before MR7, 10.0, 10.1 before MR8, and 10.2 before MR3; and Client Security 2.0 before MR7, 3.0, and 3.1 before MR8; when Internet Email Scanning is installed and enabled, allows remote attackers to cause a denial of service (CPU consumption and persistent connection loss) via unknown attack vectors. Vulnerabilidad no especificada en Symantec Norton AntiVirus ... • http://osvdb.org/57429 • CWE-399: Resource Management Errors •
CVSS: 6.1EPSS: 1%CPEs: 26EXPL: 0CVE-2009-1428
https://notcve.org/view.php?id=CVE-2009-1428
29 Apr 2009 — Multiple cross-site scripting (XSS) vulnerabilities in ccLgView.exe in the Symantec Log Viewer, as used in Symantec AntiVirus (SAV) before 10.1 MR8, Symantec Endpoint Protection (SEP) 11.0 before 11.0 MR1, Norton 360 1.0, and Norton Internet Security 2005 through 2008, allow remote attackers to inject arbitrary web script or HTML via a crafted e-mail message, related to "two parsing errors." Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en ccLgView.exe en Symantec Log Viewer,... • http://osvdb.org/54132 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 93%CPEs: 8EXPL: 0CVE-2009-1431
https://notcve.org/view.php?id=CVE-2009-1431
29 Apr 2009 — XFR.EXE in the Intel File Transfer service in the console in Symantec Alert Management System 2 (AMS2), as used in Symantec System Center (SSS); Symantec AntiVirus Server; Symantec AntiVirus Central Quarantine Server; Symantec AntiVirus (SAV) Corporate Edition 9 before 9.0 MR7, 10.0 and 10.1 before 10.1 MR8, and 10.2 before 10.2 MR2; Symantec Client Security (SCS) 2 before 2.0 MR7 and 3 before 3.1 MR8; and Symantec Endpoint Protection (SEP) before 11.0 MR3, allows remote attackers to execute arbitrary code ... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=786 •
CVSS: 9.3EPSS: 97%CPEs: 37EXPL: 1CVE-2009-1430 – Symantec Multiple Product Intel Alert Originator Service Invalid Length Check Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2009-1430
28 Apr 2009 — Multiple stack-based buffer overflows in IAO.EXE in the Intel Alert Originator Service in Symantec Alert Management System 2 (AMS2), as used in Symantec System Center (SSS); Symantec AntiVirus Server; Symantec AntiVirus Central Quarantine Server; Symantec AntiVirus (SAV) Corporate Edition 9 before 9.0 MR7, 10.0 and 10.1 before 10.1 MR8, and 10.2 before 10.2 MR2; Symantec Client Security (SCS) 2 before 2.0 MR7 and 3 before 3.1 MR8; and Symantec Endpoint Protection (SEP) before 11.0 MR3, allow remote attacker... • https://www.exploit-db.com/exploits/16826 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 96%CPEs: 37EXPL: 3CVE-2009-1429 – Symantec Multiple Product Intel Alert Originator Service Command Execution Vulnerabilty
https://notcve.org/view.php?id=CVE-2009-1429
28 Apr 2009 — The Intel LANDesk Common Base Agent (CBA) in Symantec Alert Management System 2 (AMS2), as used in Symantec System Center (SSS); Symantec AntiVirus Server; Symantec AntiVirus Central Quarantine Server; Symantec AntiVirus (SAV) Corporate Edition 9 before 9.0 MR7, 10.0 and 10.1 before 10.1 MR8, and 10.2 before 10.2 MR2; Symantec Client Security (SCS) 2 before 2.0 MR7 and 3 before 3.1 MR8; and Symantec Endpoint Protection (SEP) before 11.0 MR3, allows remote attackers to execute arbitrary commands via a crafte... • https://www.exploit-db.com/exploits/10340 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 56EXPL: 2CVE-2007-1793 – Symantec (Multiple Products) - 'SPBBCDrv' Driver Local Denial of Service
https://notcve.org/view.php?id=CVE-2007-1793
02 Apr 2007 — SPBBCDrv.sys in Symantec Norton Personal Firewall 2006 9.1.0.33 and 9.1.1.7 does not validate certain arguments before being passed to hooked SSDT function handlers, which allows local users to cause a denial of service (crash) or possibly execute arbitrary code via crafted arguments to the (1) NtCreateMutant and (2) NtOpenEvent functions. NOTE: it was later reported that Norton Internet Security 2008 15.0.0.60, and possibly other versions back to 2006, are also affected. El archivo SPBBCDrv.sys en Symantec... • https://www.exploit-db.com/exploits/29810 • CWE-20: Improper Input Validation •