Page 6 of 41 results (0.011 seconds)

CVSS: 9.3EPSS: 1%CPEs: 1EXPL: 0

The SysPlant.sys driver in the Application and Device Control (ADC) component in the client in Symantec Endpoint Protection (SEP) 12.1 before RU6-MP4 allows remote attackers to execute arbitrary code via a crafted HTML document, related to "RWX Permissions." El driver SysPlant.sys en el componente Application and Device Control (ADC) en el cliente en Symantec Endpoint Protection (SEP) 12.1 en versiones anteriores a RU6-MP4 permite a atacantes remotos ejecutar código arbitrario a través de un documento HTML manipulado, relacionada con "RWX Permissions". • http://www.securityfocus.com/bid/84344 http://www.securitytracker.com/id/1035329 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160317_00 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP3 allows remote attackers to execute arbitrary OS commands via crafted data. Symantec Endpoint Protection Manager (SEPM) 12.1 anteriores a 12.1-RU6-MP3 permite a atacantes remotos ejecutar comandos OS arbitrarios a través de datos manipulados. • http://www.securityfocus.com/bid/77494 http://www.securitytracker.com/id/1034139 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20151109_00 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0

Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP3 allows remote attackers to execute arbitrary Java code by connecting to the console Java port. Symantec Endpoint Protection Manager (SEPM) 12.1 en versiones anteriores a 12.1-RU6-MP3 permite a atacantes remotos ejecutar código Java arbitrario mediante la conexión a la consola del puerto de Java. • http://www.securityfocus.com/bid/77495 http://www.securitytracker.com/id/1034139 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20151109_00 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 0

SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en la consola de administración de Symantec Endpoint Protection Manager (SEPM) 12.1 en versiones anteriores a 12.1-RU6-MP1, permite a usuarios remotos autenticados ejecutar comandos SQL a través de vectores no especificados. • http://www.securityfocus.com/bid/76079 http://www.securitytracker.com/id/1033165 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150730_00 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 8.5EPSS: 40%CPEs: 1EXPL: 1

The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to gain privileges via unspecified vectors. Vulnerabilidad en la consola de administración de Symantec Endpoint Protection Manager (SEPM) 12.1 en versiones anteriores a 12.1-RU6-MP1, permite a usuarios remotos autenticados obtener privilegios a través de vectores no especificados. • https://www.exploit-db.com/exploits/37812 http://www.securityfocus.com/bid/76078 http://www.securitytracker.com/id/1033165 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150730_00 http://codewhitesec.blogspot.com/2015/07/symantec-endpoint-protection.html • CWE-264: Permissions, Privileges, and Access Controls •