CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2012-0303
https://notcve.org/view.php?id=CVE-2012-0303
Multiple cross-site request forgery (CSRF) vulnerabilities in Brightmail Control Center in Symantec Message Filter 6.3 allow remote attackers to hijack the authentication of arbitrary users for requests that (1) execute application commands or (2) create admin accounts. Varias vulnerabilidades de falsificación de peticiones en sitios cruzados(CSRF) en Brightmail Control Center de Symantec Message Filter v6.3 permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios para solicitudes que (1) ejecutan comandos de la aplicación o (2) crean cuentas de administrador. • http://www.securityfocus.com/bid/54133 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120626_00 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2012-0301
https://notcve.org/view.php?id=CVE-2012-0301
Session fixation vulnerability in Brightmail Control Center in Symantec Message Filter 6.3 allows remote attackers to hijack web sessions via unspecified vectors. Vulnerabilidad de fijación de sesión en el Centro de Control de Brightmail de Symantec Message Filter v6.3 permite a atacantes remotos secuestrar sesiones web a través de vectores no especificados. • http://www.securityfocus.com/bid/54135 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120626_00 • CWE-287: Improper Authentication •
CVSS: 6.9EPSS: 0%CPEs: 10EXPL: 0CVE-2012-0304
https://notcve.org/view.php?id=CVE-2012-0304
Symantec LiveUpdate Administrator before 2.3.1 uses weak permissions (Everyone: Full Control) for the installation directory, which allows local users to gain privileges via a Trojan horse file. Symantec LiveUpdate Administrator antes de v2.3.1 utiliza permisos débiles (Todos: Control total) para el directorio de instalación, lo que permite a usuarios locales conseguir privilegios a través de un archivo de caballo de Troya. • http://www.nessus.org/plugins/index.php?view=single&id=59193 http://www.securityfocus.com/bid/53903 http://www.securitytracker.com/id?1027182 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120615_00 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 1%CPEs: 10EXPL: 0CVE-2012-1821
https://notcve.org/view.php?id=CVE-2012-1821
The Network Threat Protection module in the Manager component in Symantec Endpoint Protection (SEP) 11.0.600x through 11.0.700x on Windows Server 2003 allows remote attackers to cause a denial of service (web-server outage, or daemon crash or hang) via a flood of packets that triggers automated blocking of network traffic. El módulo Network Threat Protection en Manager component en Symantec Endpoint Protection (SEP) v11.0.600x hasta v11.0.700x en Windows Server 2003 permite a atacantes remotos causar una denegación de servicio (bloqueo de la aplicación) a través de una inundación de paquetes automatizados. • http://osvdb.org/82147 http://secunia.com/advisories/49221 http://www.kb.cert.org/vuls/id/149070 http://www.securityfocus.com/bid/50358 http://www.securitytracker.com/id?1027092 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120522_00 •
CVSS: 9.3EPSS: 1%CPEs: 3EXPL: 0CVE-2012-0295
https://notcve.org/view.php?id=CVE-2012-0295
The Manager service in the management console in Symantec Endpoint Protection (SEP) 12.1 before 12.1 RU1-MP1 allows remote attackers to conduct file-insertion attacks and execute arbitrary code by leveraging exploitation of CVE-2012-0294. El servicio The Manager de la consola de administración de Symantec Endpoint Protection (SEP) v12.1 anterior a 12.1 RU1-MP1 permite a atacantes remotos realizar ataques de inserción de archivos y ejecutar código arbitrario mediante el aprovechamiento de la explotación de CVE-2012-0294. • http://www.securityfocus.com/bid/53183 http://www.securityfocus.com/bid/53184 http://www.securitytracker.com/id?1027093 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120522_01 • CWE-94: Improper Control of Generation of Code ('Code Injection') •