Page 5 of 28 results (0.007 seconds)

CVSS: 5.0EPSS: 4%CPEs: 1EXPL: 1

Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, stores sensitive log and virus definition files under the web root with insufficient access control, which allows remote attackers to obtain the information via direct requests. • http://archives.neohapsis.com/archives/vulnwatch/2006-q2/0012.html http://secunia.com/advisories/19734 http://securityreason.com/securityalert/758 http://securityreason.com/securityalert/759 http://securitytracker.com/id?1015974 http://www.securityfocus.com/archive/1/431728/100/0/threaded http://www.securityfocus.com/archive/1/431734/100/0/threaded http://www.securityfocus.com/bid/17637 http://www.symantec.com/avcenter/security/Content/2006.04.21.html http://www.vupen.com/english&# •

CVSS: 6.4EPSS: 70%CPEs: 1EXPL: 0

Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, uses the same private DSA key for each installation, which allows remote attackers to conduct man-in-the-middle attacks and decrypt communications. • http://archives.neohapsis.com/archives/vulnwatch/2006-q2/0011.html http://secunia.com/advisories/19734 http://securitytracker.com/id?1015974 http://www.securityfocus.com/archive/1/431725/100/0/threaded http://www.securityfocus.com/archive/1/431734/100/0/threaded http://www.securityfocus.com/bid/17637 http://www.symantec.com/avcenter/security/Content/2006.04.21.html http://www.vupen.com/english/advisories/2006/1464 https://exchange.xforce.ibmcloud.com/vulnerabilities/25973 •

CVSS: 10.0EPSS: 11%CPEs: 1EXPL: 2

Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, uses a client-side check to verify a password, which allows remote attackers to gain administrator privileges via a modified client that sends certain XML requests. • https://www.exploit-db.com/exploits/1703 http://archives.neohapsis.com/archives/vulnwatch/2006-q2/0010.html http://secunia.com/advisories/19734 http://www.kb.cert.org/vuls/id/118388 http://www.securityfocus.com/archive/1/431724/100/0/threaded http://www.securityfocus.com/archive/1/431734/100/0/threaded http://www.securityfocus.com/bid/17637 http://www.symantec.com/avcenter/security/Content/2006.04.21.html http://www.vupen.com/english/advisories/2006/1464 https:/&# •

CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 0

Multiple interpretation error in unspecified versions of Symantec Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper. • http://marc.info/?l=bugtraq&m=112879611919750&w=2 http://shadock.net/secubox/AVCraftedArchive.html •

CVSS: 10.0EPSS: 1%CPEs: 10EXPL: 0

Integer signedness error in the administrative interface for Symantec AntiVirus Scan Engine 4.0 and 4.3 allows remote attackers to execute arbitrary code via crafted HTTP headers with negative values, which lead to a heap-based buffer overflow. • http://secunia.com/advisories/17049 http://securityreason.com/securityalert/48 http://securitytracker.com/id?1015001 http://www.idefense.com/application/poi/display?id=314&type=vulnerabilities http://www.kb.cert.org/vuls/id/849209 http://www.osvdb.org/19854 http://www.securityfocus.com/bid/15001 http://www.symantec.com/avcenter/security/Content/2005.10.04.html http://www.vupen.com/english/advisories/2005/1954 https://exchange.xforce.ibmcloud.com/vulnerabilities/22519 •