CVSS: 9.8EPSS: 0%CPEs: 9EXPL: 0CVE-2014-1644 – Symantec LiveUpdate Administrator 2.3.2.99 Password Reset / SQL Injection
https://notcve.org/view.php?id=CVE-2014-1644
28 Mar 2014 — The forgotten-password feature in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator (LUA) 2.x before 2.3.2.110 allows remote attackers to reset arbitrary passwords by providing the e-mail address associated with a user account. La funcionalidad forgotten-password en forcepasswd.do en la GUI de gestión en Symantec LiveUpdate Administrator (LUA) 2.x anterior a 2.3.2.110 permite a atacantes remotos restablecer contraseñas arbitrarias proporcionando la dirección de email asociada con una... • http://archives.neohapsis.com/archives/bugtraq/2014-03/0172.html • CWE-255: Credentials Management Errors •
CVSS: 9.8EPSS: 0%CPEs: 9EXPL: 0CVE-2014-1645 – Symantec LiveUpdate Administrator 2.3.2.99 Password Reset / SQL Injection
https://notcve.org/view.php?id=CVE-2014-1645
28 Mar 2014 — SQL injection vulnerability in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator (LUA) 2.x before 2.3.2.110 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en forcepasswd.do en la GUI de gestión en Symantec LiveUpdate Administrator (LUA) 2.x anterior a 2.3.2.110 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de vectores no especificados. Symantec LiveUpdate Administrator versions 2.3.2.99 and b... • http://archives.neohapsis.com/archives/bugtraq/2014-03/0172.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2012-0304
https://notcve.org/view.php?id=CVE-2012-0304
22 Jun 2012 — Symantec LiveUpdate Administrator before 2.3.1 uses weak permissions (Everyone: Full Control) for the installation directory, which allows local users to gain privileges via a Trojan horse file. Symantec LiveUpdate Administrator antes de v2.3.1 utiliza permisos débiles (Todos: Control total) para el directorio de instalación, lo que permite a usuarios locales conseguir privilegios a través de un archivo de caballo de Troya. • http://www.nessus.org/plugins/index.php?view=single&id=59193 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 16%CPEs: 6EXPL: 5CVE-2011-1524 – Symantec LiveUpdate Administrator Management GUI - HTML Injection
https://notcve.org/view.php?id=CVE-2011-1524
28 Mar 2011 — Cross-site scripting (XSS) vulnerability in the management login GUI page in Symantec LiveUpdate Administrator (LUA) before 2.3 allows remote attackers to inject arbitrary web script or HTML via the username field, as demonstrated by injecting an IFRAME element into the event log, a different vulnerability than CVE-2011-0545. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el inicio de sesión de GUI en Symantec LiveUpdate Administrator (LUA) en versiones anteriores a v2.3 ,... • https://www.exploit-db.com/exploits/17026 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 5%CPEs: 1EXPL: 4CVE-2011-0545 – Symantec LiveUpdate Administrator Management GUI - HTML Injection
https://notcve.org/view.php?id=CVE-2011-0545
28 Mar 2011 — Cross-site request forgery (CSRF) vulnerability in adduser.do in Symantec LiveUpdate Administrator (LUA) before 2.3 allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts, and possibly have unspecified other impact, via the userRole parameter. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en adduser.do de Symantec LiveUpdate Administrator (LUA) en versiones anteriores a v2.3, permite a atacantes remotos secuestrar l... • https://www.exploit-db.com/exploits/17026 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 0CVE-2006-1836
https://notcve.org/view.php?id=CVE-2006-1836
19 Apr 2006 — Untrusted search path vulnerability in unspecified components in Symantec LiveUpdate for Macintosh 3.0.0 through 3.5.0 do not set the execution path, which allows local users to gain privileges via a Trojan horse program. • http://secunia.com/advisories/19682 •
CVSS: 7.8EPSS: 0%CPEs: 23EXPL: 0CVE-2003-0994
https://notcve.org/view.php?id=CVE-2003-0994
03 Feb 2004 — The GUI functionality for an interactive session in Symantec LiveUpdate 1.70.x through 1.90.x, as used in Norton Internet Security 2001 through 2004, SystemWorks 2001 through 2004, and AntiVirus and Norton AntiVirus Pro 2001 through 2004, AntiVirus for Handhelds v3.0, allows local users to gain SYSTEM privileges. La funcionalidad gui para una sesión interactiva en ymantec LiveUpdate 1.70.x hasta la 1.90.x (usadas en Norton Internet Security 2001 hasta 2004, SystemWorks 2001 hasta 2004, y AntiVirus y Norton ... • http://lists.grok.org.uk/pipermail/full-disclosure/2004-January/015510.html •
CVSS: 9.1EPSS: 1%CPEs: 1EXPL: 1CVE-2002-0344
https://notcve.org/view.php?id=CVE-2002-0344
03 May 2002 — Symantec LiveUpdate 1.5 and earlier in Norton Antivirus stores usernames and passwords for a local LiveUpdate server in cleartext in the registry, which may allow remote attackers to impersonate the LiveUpdate server. • http://marc.info/?l=bugtraq&m=101466781122312&w=2 •
CVSS: 9.8EPSS: 4%CPEs: 1EXPL: 0CVE-2001-1125
https://notcve.org/view.php?id=CVE-2001-1125
05 Oct 2001 — Symantec LiveUpdate before 1.6 does not use cryptography to ensure the integrity of download files, which allows remote attackers to execute arbitrary code via DNS spoofing of the update.symantec.com site. • http://www.sarc.com/avcenter/security/Content/2001.10.05.html • CWE-494: Download of Code Without Integrity Check •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0CVE-2001-1126
https://notcve.org/view.php?id=CVE-2001-1126
05 Oct 2001 — Symantec LiveUpdate 1.4 through 1.6, and possibly later versions, allows remote attackers to cause a denial of service (flood) via DNS spoofing of the update.symantec.com site. • http://www.sarc.com/avcenter/security/Content/2001.10.05.html •