CVSS: 6.9EPSS: 0%CPEs: 10EXPL: 0CVE-2012-4351
https://notcve.org/view.php?id=CVE-2012-4351
Integer overflow in pgpwded.sys in Symantec PGP Desktop 10.x and Encryption Desktop 10.3.0 before MP1 allows local users to gain privileges via a crafted application. Desbordamiento de entero en pgpwded.sys en Symantec PGP Desktop v10.x y Encryption Desktop v10.3.0 antes MP1 permite a usuarios locales obtener privilegios a través de una aplicación diseñada. • http://www.securityfocus.com/bid/57170 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2013&suid=20130213_00 • CWE-189: Numeric Errors •
CVSS: 7.2EPSS: 0%CPEs: 9EXPL: 0CVE-2012-4350
https://notcve.org/view.php?id=CVE-2012-4350
Multiple unquoted Windows search path vulnerabilities in the (1) Manager and (2) Agent components in Symantec Enterprise Security Manager (ESM) before 11.0 allow local users to gain privileges via unspecified vectors. Múltiples vulnerabilidades en ruta de búsqueda en Windows en los componentes (1) Manager y (2) Agent en Symantec Enterprise Security Manager (ESM) antes de v11.0, permite a usuarios locales ganar privilegios a través de vectores no especificados. • http://www.securityfocus.com/bid/56915 http://www.securitytracker.com/id?1027874 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20121213_00 •
CVSS: 7.2EPSS: 0%CPEs: 28EXPL: 0CVE-2012-4348
https://notcve.org/view.php?id=CVE-2012-4348
The management console in Symantec Endpoint Protection (SEP) 11.0 before RU7-MP3 and 12.1 before RU2, and Symantec Endpoint Protection Small Business Edition 12.x before 12.1 RU2, does not properly validate input for PHP scripts, which allows remote authenticated users to execute arbitrary code via unspecified vectors. La consola de administración de Symantec Endpoint Protection (SEP) v11.0 antes de RU7-MP3 y v12.1 antes de RU2 y Symantec Endpoint Protection Small Business Edition v12.x antes de v12.1 RU2, no valida correctamente la entrada para secuencias de comandos PHP, lo que permite a usuarios remotos autenticados ejecutar código arbitrario a través de vectores no especificados. • http://www.securityfocus.com/bid/56846 http://www.securitytracker.com/id?1027863 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20121210_00 • CWE-20: Improper Input Validation •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2012-4349
https://notcve.org/view.php?id=CVE-2012-4349
Unquoted Windows search path vulnerability in Symantec Network Access Control (SNAC) 12.1 before RU2 allows local users to gain privileges via unspecified vectors. Vulnerabilidad no especificada en Symantec Network Access Control permite a usuarios locales ganar privilegios o causar una denegación de servicio a través de vectores desconocidos. • http://www.securityfocus.com/bid/56847 http://www.securitytracker.com/id?1027864 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20121210_00 •
CVSS: 5.0EPSS: 90%CPEs: 5EXPL: 2CVE-2012-4347 – Symantec Messaging Gateway 9.5.3-3 - Arbitrary File Download
https://notcve.org/view.php?id=CVE-2012-4347
Multiple directory traversal vulnerabilities in the management console in Symantec Messaging Gateway (SMG) 9.5.x allow remote authenticated users to read arbitrary files via a .. (dot dot) in the (1) logFile parameter in a logs action to brightmail/export or (2) localBackupFileSelection parameter in an APPLIANCE restoreSource action to brightmail/admin/restore/download.do. Múltiples vulnerabilidades de salto de directorio en Symantec Messaging Gateway v9.5 y v9.5.1 permite a atacantes leer ficheros arbitrarios mediante un .. (punto punto) en el (1) parámetro logFile en una acción de guardar la acción en brightmail/export o (2) parámetro localBackupFileSelection en una acción APPLIANCE restoreSource para brightmail/admin/restore/download.do. • https://www.exploit-db.com/exploits/23110 http://www.securityfocus.com/bid/56789 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120827_00 https://www.broadcom.com/support/security-center/securityupdates/detail?fid=security_advisory&pvid=security_advisory&suid=20120827_00&year=2012 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •