361 matches found
Symantec Endpoint Protection Manager authentication bypass
Added: 08/26/2015 CVE: CVE-2015-1486 BID: 76074 Background Symantec Endpoint Protection, by Symantec Corporation, is an antivirus and personal firewall product designed to be centrally managed in corporate environments by the Symantec Endpoint Protection Manager SEPM. Problem Symantec Endpoint...
Symantec Endpoint Protection Manager Authentication Bypass / Code Execution
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 'Symantec Endpoint Protection Manager Authentication Bypass and Code Execution', 'Description' = %q This module exploits three separa...
Symantec Endpoint Protection Manager < 12.1 RU6 MP1 Multiple Vulnerabilities (SYM15-007)
The version of Symantec Endpoint Protection Manager SEPM running on the remote host is prior to 12.1 RU6 MP1. It is, therefore, affected by the following vulnerabilities : - A flaw exists in the password reset functionality that allows a remote attacker, using a crafted password reset action, to...
Symantec Endpoint Protection Manager SQL Injection Vulnerability
Symantec Endpoint Protection Manager SEPM is a suite of enterprise-grade virus protection software from Symantec USA. The software protects against malicious attacks such as viruses, worms, and Trojan horses. SEPM 12.1-RU6-MP1 A SQL injection vulnerability exists in the management console of...
Symantec Endpoint Protection Manager Authentication Bypass Vulnerability
Symantec Endpoint Protection Manager SEPM is a suite of enterprise-grade virus protection software from Symantec USA. The software protects against malicious attacks such as viruses, worms, and Trojan horses. SEPM 12.1-RU6-MP1 A security vulnerability exists in the management console of previous...
Symantec Endpoint Protection Manager Privilege Gain Vulnerability
Symantec Endpoint Protection Manager SEPM is a suite of enterprise-grade virus protection software from Symantec USA. The software protects against malicious attacks such as viruses, worms, and Trojan horses. SEPM 12.1-RU6-MP1 A security vulnerability exists in the management console of previous...
Symantec Endpoint Protection Manager Untrusted Search Path Vulnerability
Symantec Endpoint Protection Manager SEPM is a suite of enterprise-grade virus protection software from Symantec USA. The software protects against malicious attacks such as viruses, worms, and Trojan horses. SEPM 12.1-RU6-MP1 An untrustworthy search path vulnerability exists in the client prior ...
CVE-2015-1489
The management console in Symantec Endpoint Protection Manager SEPM 12.1 before 12.1-RU6-MP1 allows remote authenticated users to gain privileges via unspecified vectors...
CVE-2015-1487
The management console in Symantec Endpoint Protection Manager SEPM 12.1 before 12.1-RU6-MP1 allows remote authenticated users to write to arbitrary files, and consequently obtain administrator privileges, via a crafted filename...
CVE-2015-1486
The management console in Symantec Endpoint Protection Manager SEPM 12.1 before 12.1-RU6-MP1 allows remote attackers to bypass authentication via a crafted password-reset action that triggers a new administrative session...
Directory traversal
Directory traversal vulnerability in the management console in Symantec Endpoint Protection Manager SEPM 12.1 before 12.1-RU6-MP1 allows remote authenticated users to read arbitrary files via a relative pathname in a client installation package...
Code injection
The management console in Symantec Endpoint Protection Manager SEPM 12.1 before 12.1-RU6-MP1 allows remote authenticated users to write to arbitrary files, and consequently obtain administrator privileges, via a crafted filename...
Design/Logic Flaw
The management console in Symantec Endpoint Protection Manager SEPM 12.1 before 12.1-RU6-MP1 allows remote authenticated users to gain privileges via unspecified vectors...
Design/Logic Flaw
An unspecified action handler in the management console in Symantec Endpoint Protection Manager SEPM 12.1 before 12.1-RU6-MP1 allows remote authenticated users to read arbitrary files via unknown vectors...
Sql injection
SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager SEPM 12.1 before 12.1-RU6-MP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...
CVE-2015-1489
The management console in Symantec Endpoint Protection Manager SEPM 12.1 before 12.1-RU6-MP1 allows remote authenticated users to gain privileges via unspecified vectors...
CVE-2015-1491
Symantec Endpoint Protection Manager (SEPM) 12.1 prior to 12.1-RU6-MP1 is affected by CVE-2015-1491, a SQL injection vulnerability in the SEPM management console that allows an authenticated remote user to execute arbitrary SQL commands. The issue is part of a broader set of vulnerabilities (SYM1...
CVE-2015-1486
CVE-2015-1486 affects Symantec Endpoint Protection Manager (SEPM) 12.1 prior to 12.1-RU6-MP1, enabling remote authentication bypass via a crafted password-reset action that creates a new admin session. Related materials show exploit paths (e.g., Metasploit module, exploit-db entry) indicating pra...
CVE-2015-1490
Symantec Endpoint Protection Manager (SEPM) 12.1 prior to 12.1-RU6-MP1 is affected by CVE-2015-1490, a directory traversal vulnerability in the SEPM management console. An authenticated remote attacker can read arbitrary files via a relative pathname in a client installation package due to improp...
CVE-2015-1487
The SEPM (Symantec Endpoint Protection Manager) product is affected by CVE-2015-1487: a flaw in the management console prior to 12.1-RU6-MP1 allows remote authenticated users to write arbitrary files via a crafted filename, potentially elevating to administrator privileges. Technical context from...