Page 71 of 598 results (0.019 seconds)

CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0

CVE-2009-0064

https://notcve.org/view.php?id=CVE-2009-0064

Multiple unspecified vulnerabilities in the Control Center in Symantec Brightmail Gateway Appliance before 8.0.1 allow remote authenticated users to gain privileges, and possibly obtain sensitive information or hijack sessions of arbitrary users, via vectors involving (1) administrative scripts or (2) console functions. Múltiples vulnerabilidades no especificadas en el Centro de Control de Symantec Brightmail Gateway Appliance antes de v8.0.1 permiten a los usuarios remotos autenticados obtener privilegios, y posiblemente obtener información sensible o el secuestro arbitrario de sesiones de los usuarios, a través de vectores relacionados con (1) secuencias de comandos administrativos o (2) funciones de la consola. • http://osvdb.org/53945 http://secunia.com/advisories/34885 http://securitytracker.com/id?1022117 http://www.securityfocus.com/bid/34639 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090423_01 http://www.vupen.com/english/advisories/2009/1155 https://exchange.xforce.ibmcloud.com/vulnerabilities/50075 •

CVSS: 4.6EPSS: 0%CPEs: 9EXPL: 0

CVE-2009-0538

https://notcve.org/view.php?id=CVE-2009-0538

Format string vulnerability in Symantec pcAnywhere before 12.5 SP1 allows local users to read and modify arbitrary memory locations, and cause a denial of service (application crash) or possibly have unspecified other impact, via format string specifiers in the pathname of a remote control file (aka .CHF file). Una vulnerabilidad de formato de cadena en Symantec pcAnywhere antes de 12.5 SP1 permite a atacantes remotos leer y modificar localizaciones de memoria de su elección y producir una denegación de servicio (caída de la aplicación) o posiblemente tener otro efecto no especificado mediante especificadores de cadena de formato en el nombre de ruta de fichero de un fichero de control remoto (alias fichero .CHF). • http://osvdb.org/52797 http://secunia.com/advisories/34305 http://securityresponse.symantec.com/avcenter/security/Content/2009.03.17.html http://securitytracker.com/id?1021855 http://www.layereddefense.com/pcanywhere17mar.html http://www.securityfocus.com/archive/1/501930/100/0/threaded http://www.securityfocus.com/bid/33845 http://www.vupen.com/english/advisories/2009/0755 https://exchange.xforce.ibmcloud.com/vulnerabilities/49291 • CWE-134: Use of Externally-Controlled Format String •

CVSS: 9.3EPSS: 92%CPEs: 67EXPL: 0

CVE-2008-4564

https://notcve.org/view.php?id=CVE-2008-4564

Stack-based buffer overflow in wp6sr.dll in the Autonomy KeyView SDK 10.4 and earlier, as used in IBM Lotus Notes, Symantec Mail Security (SMS) products, Symantec BrightMail Appliance products, and Symantec Data Loss Prevention (DLP) products, allows remote attackers to execute arbitrary code via a crafted Word Perfect Document (WPD) file. Desbordamiento de búfer basado en pila en wp6sr.dll en el Autonomy KeyView SDK 10.4 y anteriores, como es usado en IBM Lotus Notes, productos Symantec Mail Security (SMS), productos Symantec BrightMail Appliance y productos Symantec Data Loss Prevention (DLP) permite a atacantes remotos ejecutar código de su elección mediante un fichero Word Perfect Document (WPD) manipulado. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=774 http://osvdb.org/52713 http://secunia.com/advisories/34303 http://secunia.com/advisories/34307 http://secunia.com/advisories/34318 http://secunia.com/advisories/34355 http://securitytracker.com/id?1021856 http://securitytracker.com/id?1021857 http://www-01.ibm.com/support/docview.wss?rs=463&uid=swg21377573 http://www.kb.cert.org/vuls/id/276563 http://www.securityfocus.com/bid/34086 http://www.se • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.5EPSS: 1%CPEs: 6EXPL: 0

CVE-2009-0651

https://notcve.org/view.php?id=CVE-2009-0651

Unspecified vulnerability in the Veritas network daemon (aka vnetd) in Symantec Veritas NetBackup Server / Enterprise Server 5.x, 6.0 before MP7 SP1, and 6.5 before 6.5.3.1 allows remote attackers to execute arbitrary code via unknown vectors related to "initial communications setup." Vulnerabilidad sin especificar en el demonido de red Veritas (tambien conocido como vnetd) en Symantec Veritas NetBackup Server / Enterprise Server v5.x, v6.0 anterior a MP7 SP1, y v6.5 anterior a v6.5.3.1 lo que permite a atacantes remotos ejecutar codigo a su elecciona traves de vectores desconocidos relacionados con el "ajuste incial de comunicaciones". • http://osvdb.org/52269 http://secunia.com/advisories/33953 http://securityresponse.symantec.com/avcenter/security/Content/2009.02.17.html http://seer.entsupport.symantec.com/docs/317828.htm http://sunsolve.sun.com/search/document.do?assetkey=1-66-253287-1 http://www.securityfocus.com/bid/33772 http://www.securitytracker.com/id?1021734 http://www.vupen.com/english/advisories/2009/0461 http://www.vupen.com/english/advisories/2009/1097 https://exchange.xforce.ibmcloud.com/vulnerabili • CWE-20: Improper Input Validation •

CVSS: 9.3EPSS: 89%CPEs: 1EXPL: 1

CVE-2008-4388 – Symantec AppStream LaunchObj - ActiveX Control Arbitrary File Download and Execute

https://notcve.org/view.php?id=CVE-2008-4388

The LaunchObj ActiveX control before 5.2.2.865 in launcher.dll in Symantec AppStream Client 5.2.x before 5.2.2 SP3 MP1 does not properly validate downloaded files, which allows remote attackers to execute arbitrary code via the installAppMgr method and unspecified other methods. El control LaunchObj ActiveX anterior a v5.2.2.865 en launcher.dll en Symantec AppStream Client v5.2.x anteriores a v5.2.2 SP3 MP1 no valida adecuadamente los ficheros descargados, lo que permite a atacantes remotos ejecutar código de su elección a través del método "installAppMgr" y otros métodos sin especificar. • https://www.exploit-db.com/exploits/16512 http://securitytracker.com/id?1021609 http://www.kb.cert.org/vuls/id/194505 http://www.securityfocus.com/bid/33247 http://www.symantec.com/avcenter/security/Content/2009.01.15.html • CWE-20: Improper Input Validation •