163 matches found
Symantec Endpoint Protection Manager 12.1 - Multiple Vulnerabilities
Credits: John Page aka HYP3RLINX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/SYMANTEC-SEPM-MULTIPLE-VULNS.txt + ISR: ApparitionSec Vendor: ================ www.symantec.com Product: =========== SEPM Symantec Endpoint Protection Manager and client v12.1...
CVE-2015-8152
Cross-site request forgery CSRF vulnerability in Symantec Endpoint Protection Manager SEPM 12.1 before RU6-MP4 allows remote authenticated users to hijack the authentication of administrators for requests that execute arbitrary code by adding lines to a logging script...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in Symantec Endpoint Protection Manager SEPM 12.1 before RU6-MP4 allows remote authenticated users to hijack the authentication of administrators for requests that execute arbitrary code by adding lines to a logging script...
CVE-2015-8153
Symantec Endpoint Protection Manager (SEPM) 12.1 prior to RU6-MP4 is affected by CVE-2015-8153 (SQL injection). Interfaces with the SEPM backend allow a remote authenticated attacker to execute arbitrary SQL via unspecified vectors, potentially impacting data confidentiality, integrity, and avail...
CVE-2015-8152
CVE-2015-8152 affects Symantec Endpoint Protection Manager (SEPM) 12.1 up to RU6-MP4. The issue is a cross-site request forgery (CSRF) vulnerability in logging scripts that enables a remote authenticated attacker to hijack administrator authentication and execute arbitrary code through crafted lo...
CVE-2015-8153
SQL injection vulnerability in Symantec Endpoint Protection Manager SEPM 12.1 before RU6-MP4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...
Symantec Endpoint Protection Manager Java Object Deserialization RCE (SYM15-011)
The remote Symantec Endpoint Protection Manager server is affected by a remote command execution vulnerability due to unsafe deserialize calls of unauthenticated Java objects to the Apache Commons Collections ACC library. An unauthenticated, remote attacker can exploit this, by sending a crafted...
Symantec Endpoint Protection Manager-RU6-MP3 Arbitrary OS Command Execution Vulnerability
Symantec Endpoint Protection Manager is a centralized manager for Symantec's enterprise-class antivirus software. An arbitrary operating system command execution vulnerability exists in version 12.1 of Symantec Endpoint Protection Manager prior to 12.1-RU6-MP3. This allows remote attackers to...
CVE-2015-6554
Symantec Endpoint Protection Manager SEPM 12.1 before 12.1-RU6-MP3 allows remote attackers to execute arbitrary OS commands via crafted data...
Design/Logic Flaw
Symantec Endpoint Protection Manager SEPM 12.1 before 12.1-RU6-MP3 allows remote attackers to execute arbitrary OS commands via crafted data...
CVE-2015-6554
Symantec Endpoint Protection Manager SEPM 12.1 before 12.1-RU6-MP3 allows remote attackers to execute arbitrary OS commands via crafted data...
CVE-2015-6554
The CVE-2015-6554 issue affects Symantec Endpoint Protection Manager (SEPM) 12.1 prior to 12.1-RU6-MP3, allowing remote execution of arbitrary OS commands via crafted data sent to SEPM. Affected vector is remote, with evidence across multiple sources describing an RCE through untrusted data handl...
Symantec Endpoint Protection Manager authentication bypass
Added: 08/26/2015 CVE: CVE-2015-1486 BID: 76074 Background Symantec Endpoint Protection, by Symantec Corporation, is an antivirus and personal firewall product designed to be centrally managed in corporate environments by the Symantec Endpoint Protection Manager SEPM. Problem Symantec Endpoint...
Symantec Endpoint Protection Manager authentication bypass
Added: 08/26/2015 CVE: CVE-2015-1486 BID: 76074 Background Symantec Endpoint Protection, by Symantec Corporation, is an antivirus and personal firewall product designed to be centrally managed in corporate environments by the Symantec Endpoint Protection Manager SEPM. Problem Symantec Endpoint...
Symantec Endpoint Protection Manager Authentication Bypass / Code Execution
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 'Symantec Endpoint Protection Manager Authentication Bypass and Code Execution', 'Description' = %q This module exploits three separa...
Symantec Endpoint Protection Manager < 12.1 RU6 MP1 Multiple Vulnerabilities (SYM15-007)
The version of Symantec Endpoint Protection Manager SEPM running on the remote host is prior to 12.1 RU6 MP1. It is, therefore, affected by the following vulnerabilities : - A flaw exists in the password reset functionality that allows a remote attacker, using a crafted password reset action, to...
Symantec Endpoint Protection Manager Privilege Gain Vulnerability
Symantec Endpoint Protection Manager SEPM is a suite of enterprise-grade virus protection software from Symantec USA. The software protects against malicious attacks such as viruses, worms, and Trojan horses. SEPM 12.1-RU6-MP1 A security vulnerability exists in the management console of previous...
Symantec Endpoint Protection Manager SQL Injection Vulnerability
Symantec Endpoint Protection Manager SEPM is a suite of enterprise-grade virus protection software from Symantec USA. The software protects against malicious attacks such as viruses, worms, and Trojan horses. SEPM 12.1-RU6-MP1 A SQL injection vulnerability exists in the management console of...
Symantec Endpoint Protection Manager Untrusted Search Path Vulnerability
Symantec Endpoint Protection Manager SEPM is a suite of enterprise-grade virus protection software from Symantec USA. The software protects against malicious attacks such as viruses, worms, and Trojan horses. SEPM 12.1-RU6-MP1 An untrustworthy search path vulnerability exists in the client prior ...
Symantec Endpoint Protection Manager Authentication Bypass Vulnerability
Symantec Endpoint Protection Manager SEPM is a suite of enterprise-grade virus protection software from Symantec USA. The software protects against malicious attacks such as viruses, worms, and Trojan horses. SEPM 12.1-RU6-MP1 A security vulnerability exists in the management console of previous...