3 results (0.006 seconds)

CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0

A Privilege escalation vulnerability exists in Trellix Windows DLP endpoint for windows which can be abused to delete any file/folder for which the user does not have permission to. Existe una vulnerabilidad de escalada de privilegios en Trellix Windows DLP endpoint para Windows de la que se puede abusar para eliminar cualquier archivo/carpeta para el cual el usuario no tiene permiso. • https://kcm.trellix.com/corporate/index?page=content&id=SB10407 • CWE-250: Execution with Unnecessary Privileges CWE-863: Incorrect Authorization •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0

Cross-site request forgery (CSRF) vulnerability in the administration console in the Enforce Server in Symantec Data Loss Prevention (DLP) before 12.5.2 allows remote attackers to hijack the authentication of administrators. Vulnerabilidad de CSRF en la consola de administración en Enforce Server en Symantec Data Loss Prevention (DLP) anterior a 12.5.2 permite a atacantes remotos secuestrar la autenticación de administradores. • http://www.securityfocus.com/bid/75289 http://www.securitytracker.com/id/1032710 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150622_00 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in the administration console in the Enforce Server in Symantec Data Loss Prevention (DLP) before 12.5.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en la consola de administración en Enforce Server en Symantec Data Loss Prevention (DLP) anterior a 12.5.2 permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través de vectores no especificados. • http://www.securityfocus.com/bid/75288 http://www.securitytracker.com/id/1032710 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150622_00 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •