NotCVE - vendor:"Symantec" product:"Liveupdate Administrator" version:"2.3.0"

3 results (0.003 seconds)

CVSS: 7.5EPSS: 86%CPEs: 9EXPL: 0

CVE-2014-1644

https://notcve.org/view.php?id=CVE-2014-1644

The forgotten-password feature in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator (LUA) 2.x before 2.3.2.110 allows remote attackers to reset arbitrary passwords by providing the e-mail address associated with a user account. La funcionalidad forgotten-password en forcepasswd.do en la GUI de gestión en Symantec LiveUpdate Administrator (LUA) 2.x anterior a 2.3.2.110 permite a atacantes remotos restablecer contraseñas arbitrarias proporcionando la dirección de email asociada con una cuenta de usuario. • http://archives.neohapsis.com/archives/bugtraq/2014-03/0172.html http://www.securityfocus.com/bid/66399 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140327_00 https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140328-0_Symantec_LiveUpdate_Administrator_Multiple_vulnerabilities_wo_poc_v10.txt • CWE-255: Credentials Management Errors •

CVSS: 7.5EPSS: 41%CPEs: 9EXPL: 0

CVE-2014-1645

https://notcve.org/view.php?id=CVE-2014-1645

SQL injection vulnerability in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator (LUA) 2.x before 2.3.2.110 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en forcepasswd.do en la GUI de gestión en Symantec LiveUpdate Administrator (LUA) 2.x anterior a 2.3.2.110 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de vectores no especificados. • http://archives.neohapsis.com/archives/bugtraq/2014-03/0172.html http://www.securityfocus.com/bid/66400 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140327_00 https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140328-0_Symantec_LiveUpdate_Administrator_Multiple_vulnerabilities_wo_poc_v10.txt • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.9EPSS: 0%CPEs: 10EXPL: 0

CVE-2012-0304

https://notcve.org/view.php?id=CVE-2012-0304

Symantec LiveUpdate Administrator before 2.3.1 uses weak permissions (Everyone: Full Control) for the installation directory, which allows local users to gain privileges via a Trojan horse file. Symantec LiveUpdate Administrator antes de v2.3.1 utiliza permisos débiles (Todos: Control total) para el directorio de instalación, lo que permite a usuarios locales conseguir privilegios a través de un archivo de caballo de Troya. • http://www.nessus.org/plugins/index.php?view=single&id=59193 http://www.securityfocus.com/bid/53903 http://www.securitytracker.com/id?1027182 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120615_00 • CWE-264: Permissions, Privileges, and Access Controls •