NotCVE - vendor:"Symantec" product:"Liveupdate Administrator" version:"2.2.1"

4 results (0.003 seconds)

CVSS: 9.8EPSS: 0%CPEs: 9EXPL: 0

CVE-2014-1644 – Symantec LiveUpdate Administrator 2.3.2.99 Password Reset / SQL Injection

https://notcve.org/view.php?id=CVE-2014-1644

28 Mar 2014 — The forgotten-password feature in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator (LUA) 2.x before 2.3.2.110 allows remote attackers to reset arbitrary passwords by providing the e-mail address associated with a user account. La funcionalidad forgotten-password en forcepasswd.do en la GUI de gestión en Symantec LiveUpdate Administrator (LUA) 2.x anterior a 2.3.2.110 permite a atacantes remotos restablecer contraseñas arbitrarias proporcionando la dirección de email asociada con una... • http://archives.neohapsis.com/archives/bugtraq/2014-03/0172.html • CWE-255: Credentials Management Errors •

CVSS: 9.8EPSS: 0%CPEs: 9EXPL: 0

CVE-2014-1645 – Symantec LiveUpdate Administrator 2.3.2.99 Password Reset / SQL Injection

https://notcve.org/view.php?id=CVE-2014-1645

28 Mar 2014 — SQL injection vulnerability in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator (LUA) 2.x before 2.3.2.110 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en forcepasswd.do en la GUI de gestión en Symantec LiveUpdate Administrator (LUA) 2.x anterior a 2.3.2.110 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de vectores no especificados. Symantec LiveUpdate Administrator versions 2.3.2.99 and b... • http://archives.neohapsis.com/archives/bugtraq/2014-03/0172.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0

CVE-2012-0304

https://notcve.org/view.php?id=CVE-2012-0304

22 Jun 2012 — Symantec LiveUpdate Administrator before 2.3.1 uses weak permissions (Everyone: Full Control) for the installation directory, which allows local users to gain privileges via a Trojan horse file. Symantec LiveUpdate Administrator antes de v2.3.1 utiliza permisos débiles (Todos: Control total) para el directorio de instalación, lo que permite a usuarios locales conseguir privilegios a través de un archivo de caballo de Troya. • http://www.nessus.org/plugins/index.php?view=single&id=59193 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.1EPSS: 16%CPEs: 6EXPL: 5

CVE-2011-1524 – Symantec LiveUpdate Administrator Management GUI - HTML Injection

https://notcve.org/view.php?id=CVE-2011-1524

28 Mar 2011 — Cross-site scripting (XSS) vulnerability in the management login GUI page in Symantec LiveUpdate Administrator (LUA) before 2.3 allows remote attackers to inject arbitrary web script or HTML via the username field, as demonstrated by injecting an IFRAME element into the event log, a different vulnerability than CVE-2011-0545. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el inicio de sesión de GUI en Symantec LiveUpdate Administrator (LUA) en versiones anteriores a v2.3 ,... • https://www.exploit-db.com/exploits/17026 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •