CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-8153
https://notcve.org/view.php?id=CVE-2015-8153
SQL injection vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en Symantec Endpoint Protection Manager (SEPM) 12.1 en versiones anteriores a RU6-MP4 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través de vectores no especificados. • http://www.securityfocus.com/bid/84354 http://www.securitytracker.com/id/1035329 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160317_00 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6554
https://notcve.org/view.php?id=CVE-2015-6554
Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP3 allows remote attackers to execute arbitrary OS commands via crafted data. Symantec Endpoint Protection Manager (SEPM) 12.1 anteriores a 12.1-RU6-MP3 permite a atacantes remotos ejecutar comandos OS arbitrarios a través de datos manipulados. • http://www.securityfocus.com/bid/77494 http://www.securitytracker.com/id/1034139 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20151109_00 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6555
https://notcve.org/view.php?id=CVE-2015-6555
Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP3 allows remote attackers to execute arbitrary Java code by connecting to the console Java port. Symantec Endpoint Protection Manager (SEPM) 12.1 en versiones anteriores a 12.1-RU6-MP3 permite a atacantes remotos ejecutar código Java arbitrario mediante la conexión a la consola del puerto de Java. • http://www.securityfocus.com/bid/77495 http://www.securitytracker.com/id/1034139 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20151109_00 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1491
https://notcve.org/view.php?id=CVE-2015-1491
SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en la consola de administración de Symantec Endpoint Protection Manager (SEPM) 12.1 en versiones anteriores a 12.1-RU6-MP1, permite a usuarios remotos autenticados ejecutar comandos SQL a través de vectores no especificados. • http://www.securityfocus.com/bid/76079 http://www.securitytracker.com/id/1033165 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150730_00 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1488
https://notcve.org/view.php?id=CVE-2015-1488
An unspecified action handler in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to read arbitrary files via unknown vectors. Vulnerabilidad en manejador de acciones no especificadas en la consola de administración de Symantec Endpoint Protection Manager (SEPM) 12.1 en versiones anteriores a 12.1-RU6-MP1, permite a usuarios remotos autenticados leer archivos arbitrarios a través de vectores no especificados. • http://www.securityfocus.com/bid/76077 http://www.securitytracker.com/id/1033165 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150730_00 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •