CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 2CVE-2014-7289 – Symantec Data Center Security - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-7289
21 Jan 2015 — SQL injection vulnerability in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1 allows remote authenticated users to execute arbitrary SQL commands via a crafted HTTP request. Vulnerabilidad de inyección SQL en la administración del servidor en Symantec Critical System Protection (SCSP) 5.2.9 anterior a MP6 y Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x anterior a 6.0 MP1 p... • https://packetstorm.news/files/id/130060 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2014-3440
https://notcve.org/view.php?id=CVE-2014-3440
21 Jan 2015 — The Agent Control Interface in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1 allows remote authenticated users to execute arbitrary commands by leveraging client-system access to upload a log file. La interfaz de control de agente en el servidor de administración en Symantec Critical System Protection (SCSP) 5.2.9 anterior a MP6 y Symantec Data Center Security: Server Advanced (SDCS:SA) 6... • http://seclists.org/fulldisclosure/2015/May/39 • CWE-20: Improper Input Validation •
CVSS: 5.4EPSS: 3%CPEs: 2EXPL: 2CVE-2014-9224 – Symantec Data Center Security - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-9224
21 Jan 2015 — Cross-site scripting (XSS) vulnerability in the ajaxswing webui in the Management Console server in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad XSS en la WebUI ajaxswing en el servidor Management Console en la administración del servidor en Symantec Critical System Protecti... • https://packetstorm.news/files/id/130060 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 10%CPEs: 2EXPL: 2CVE-2014-9225 – Symantec Data Center Security - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-9225
21 Jan 2015 — The ajaxswing webui in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows remote authenticated users to obtain sensitive server information via unspecified vectors. La webui ajaxswing en la administración del servidor en Symantec Critical System Protection (SCSP) 5.2.9 a través de MP6 y Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x a través de 6.0 MP1 permite a usuari... • https://packetstorm.news/files/id/130060 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 2CVE-2014-9226 – Symantec Data Center Security - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-9226
21 Jan 2015 — The management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows local users to bypass intended Protection Policies via unspecified vectors. La administración del servidor en Symantec Critical System Protection (SCSP) 5.2.9 a través de MP6 y Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x a través de 6.0 MP1 permite a usuarios locales evitar Políticas de Protección intencionadas a tr... • https://packetstorm.news/files/id/130060 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 2%CPEs: 39EXPL: 0CVE-2011-0688
https://notcve.org/view.php?id=CVE-2011-0688
31 Jan 2011 — Intel Alert Management System (aka AMS or AMS2), as used in Symantec Antivirus Corporate Edition (SAVCE) 10.x before 10.1 MR10, Symantec System Center (SSC) 10.x, and Symantec Quarantine Server 3.5 and 3.6, allows remote attackers to execute arbitrary commands via crafted messages over TCP, as discovered by Junaid Bohio, a different vulnerability than CVE-2010-0110 and CVE-2010-0111. NOTE: some of these details are obtained from third party information. Intel Alert Management System(también conocido como AM... • http://secunia.com/advisories/43099 • CWE-287: Improper Authentication •
CVSS: 10.0EPSS: 32%CPEs: 39EXPL: 0CVE-2010-0110 – Symantec AMS Intel Alert Service AMSSendAlertAct Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0110
27 Jan 2011 — Multiple stack-based buffer overflows in Intel Alert Management System (aka AMS or AMS2), as used in Symantec AntiVirus Corporate Edition (SAVCE) 10.x before 10.1 MR10, Symantec System Center (SSC) 10.x, and Symantec Quarantine Server 3.5 and 3.6, allow remote attackers to execute arbitrary code via (1) a long string to msgsys.exe, related to the AMSSendAlertAct function in AMSLIB.dll in the Intel Alert Handler service (aka Symantec Intel Handler service); a long (2) modem string or (3) PIN number to msgsys... • http://secunia.com/advisories/43099 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 60%CPEs: 39EXPL: 0CVE-2010-0111 – Symantec Intel Alert Originator Service iao.exe Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0111
27 Jan 2011 — HDNLRSVC.EXE in the Intel Alert Handler service (aka Symantec Intel Handler service) in Intel Alert Management System (aka AMS or AMS2), as used in Symantec AntiVirus Corporate Edition (SAVCE) 10.x before 10.1 MR10, Symantec System Center (SSC) 10.x, and Symantec Quarantine Server 3.5 and 3.6, allows remote attackers to execute arbitrary programs by sending msgsys.exe a UNC share pathname, which is used directly in a CreateProcessA (aka CreateProcess) call. HDNLRSVC.EXE en el servicio Intel Alert Handler (t... • http://secunia.com/advisories/43099 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 29%CPEs: 8EXPL: 0CVE-2009-1431
https://notcve.org/view.php?id=CVE-2009-1431
29 Apr 2009 — XFR.EXE in the Intel File Transfer service in the console in Symantec Alert Management System 2 (AMS2), as used in Symantec System Center (SSS); Symantec AntiVirus Server; Symantec AntiVirus Central Quarantine Server; Symantec AntiVirus (SAV) Corporate Edition 9 before 9.0 MR7, 10.0 and 10.1 before 10.1 MR8, and 10.2 before 10.2 MR2; Symantec Client Security (SCS) 2 before 2.0 MR7 and 3 before 3.1 MR8; and Symantec Endpoint Protection (SEP) before 11.0 MR3, allows remote attackers to execute arbitrary code ... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=786 •
CVSS: 10.0EPSS: 89%CPEs: 37EXPL: 3CVE-2009-1429 – Symantec Multiple Product Intel Alert Originator Service Command Execution Vulnerabilty
https://notcve.org/view.php?id=CVE-2009-1429
28 Apr 2009 — The Intel LANDesk Common Base Agent (CBA) in Symantec Alert Management System 2 (AMS2), as used in Symantec System Center (SSS); Symantec AntiVirus Server; Symantec AntiVirus Central Quarantine Server; Symantec AntiVirus (SAV) Corporate Edition 9 before 9.0 MR7, 10.0 and 10.1 before 10.1 MR8, and 10.2 before 10.2 MR2; Symantec Client Security (SCS) 2 before 2.0 MR7 and 3 before 3.1 MR8; and Symantec Endpoint Protection (SEP) before 11.0 MR3, allows remote attackers to execute arbitrary commands via a crafte... • https://www.exploit-db.com/exploits/10340 • CWE-94: Improper Control of Generation of Code ('Code Injection') •