Lucene search
K

361 matches found

Saint
Saint
added 2015/08/26 12:0 a.m.85 views

Symantec Endpoint Protection Manager authentication bypass

Added: 08/26/2015 CVE: CVE-2015-1486 BID: 76074 Background Symantec Endpoint Protection, by Symantec Corporation, is an antivirus and personal firewall product designed to be centrally managed in corporate environments by the Symantec Endpoint Protection Manager SEPM. Problem Symantec Endpoint...

7.5CVSS7.1AI score0.64487EPSS
Exploits9
Packet Storm
Packet Storm
added 2015/08/17 12:0 a.m.43 views

Symantec Endpoint Protection Manager Authentication Bypass / Code Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 'Symantec Endpoint Protection Manager Authentication Bypass and Code Execution', 'Description' = %q This module exploits three separa...

8.5CVSS0.6AI score0.64487EPSS
Exploits9
Tenable Nessus
Tenable Nessus
added 2015/08/13 12:0 a.m.131 views

Symantec Endpoint Protection Manager < 12.1 RU6 MP1 Multiple Vulnerabilities (SYM15-007)

The version of Symantec Endpoint Protection Manager SEPM running on the remote host is prior to 12.1 RU6 MP1. It is, therefore, affected by the following vulnerabilities : - A flaw exists in the password reset functionality that allows a remote attacker, using a crafted password reset action, to...

8.5CVSS6.1AI score0.64487EPSS
Exploits9References5
CNVD
CNVD
added 2015/08/04 12:0 a.m.3 views

Symantec Endpoint Protection Manager SQL Injection Vulnerability

Symantec Endpoint Protection Manager SEPM is a suite of enterprise-grade virus protection software from Symantec USA. The software protects against malicious attacks such as viruses, worms, and Trojan horses. SEPM 12.1-RU6-MP1 A SQL injection vulnerability exists in the management console of...

6CVSS8.4AI score0.0162EPSS
Exploits1References1
CNVD
CNVD
added 2015/08/04 12:0 a.m.4 views

Symantec Endpoint Protection Manager Authentication Bypass Vulnerability

Symantec Endpoint Protection Manager SEPM is a suite of enterprise-grade virus protection software from Symantec USA. The software protects against malicious attacks such as viruses, worms, and Trojan horses. SEPM 12.1-RU6-MP1 A security vulnerability exists in the management console of previous...

7.5CVSS7.2AI score0.64487EPSS
Exploits9References1
CNVD
CNVD
added 2015/08/04 12:0 a.m.4 views

Symantec Endpoint Protection Manager Privilege Gain Vulnerability

Symantec Endpoint Protection Manager SEPM is a suite of enterprise-grade virus protection software from Symantec USA. The software protects against malicious attacks such as viruses, worms, and Trojan horses. SEPM 12.1-RU6-MP1 A security vulnerability exists in the management console of previous...

8.5CVSS7.2AI score0.24638EPSS
Exploits4References1
CNVD
CNVD
added 2015/08/04 12:0 a.m.3 views

Symantec Endpoint Protection Manager Untrusted Search Path Vulnerability

Symantec Endpoint Protection Manager SEPM is a suite of enterprise-grade virus protection software from Symantec USA. The software protects against malicious attacks such as viruses, worms, and Trojan horses. SEPM 12.1-RU6-MP1 An untrustworthy search path vulnerability exists in the client prior ...

8.5CVSS6.9AI score0.01738EPSS
Exploits1References1
NVD
NVD
added 2015/08/01 1:59 a.m.17 views

CVE-2015-1489

The management console in Symantec Endpoint Protection Manager SEPM 12.1 before 12.1-RU6-MP1 allows remote authenticated users to gain privileges via unspecified vectors...

8.5CVSS6.3AI score0.24638EPSS
Exploits4References4
NVD
NVD
added 2015/08/01 1:59 a.m.24 views

CVE-2015-1487

The management console in Symantec Endpoint Protection Manager SEPM 12.1 before 12.1-RU6-MP1 allows remote authenticated users to write to arbitrary files, and consequently obtain administrator privileges, via a crafted filename...

5.5CVSS6.2AI score0.47331EPSS
Exploits4References4
NVD
NVD
added 2015/08/01 1:59 a.m.29 views

CVE-2015-1486

The management console in Symantec Endpoint Protection Manager SEPM 12.1 before 12.1-RU6-MP1 allows remote attackers to bypass authentication via a crafted password-reset action that triggers a new administrative session...

7.5CVSS6.6AI score0.64487EPSS
Exploits9References4
Prion
Prion
added 2015/08/01 1:59 a.m.16 views

Directory traversal

Directory traversal vulnerability in the management console in Symantec Endpoint Protection Manager SEPM 12.1 before 12.1-RU6-MP1 allows remote authenticated users to read arbitrary files via a relative pathname in a client installation package...

5.5CVSS6.5AI score0.02375EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2015/08/01 1:59 a.m.12 views

Code injection

The management console in Symantec Endpoint Protection Manager SEPM 12.1 before 12.1-RU6-MP1 allows remote authenticated users to write to arbitrary files, and consequently obtain administrator privileges, via a crafted filename...

5.5CVSS6.6AI score0.47331EPSS
Exploits4References4Affected Software1
Prion
Prion
added 2015/08/01 1:59 a.m.13 views

Design/Logic Flaw

The management console in Symantec Endpoint Protection Manager SEPM 12.1 before 12.1-RU6-MP1 allows remote authenticated users to gain privileges via unspecified vectors...

8.5CVSS6.8AI score0.24638EPSS
Exploits4References4Affected Software1
Prion
Prion
added 2015/08/01 1:59 a.m.16 views

Design/Logic Flaw

An unspecified action handler in the management console in Symantec Endpoint Protection Manager SEPM 12.1 before 12.1-RU6-MP1 allows remote authenticated users to read arbitrary files via unknown vectors...

4CVSS6.6AI score0.01813EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2015/08/01 1:59 a.m.18 views

Sql injection

SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager SEPM 12.1 before 12.1-RU6-MP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...

6CVSS8.4AI score0.0162EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2015/08/01 1:0 a.m.25 views

CVE-2015-1489

The management console in Symantec Endpoint Protection Manager SEPM 12.1 before 12.1-RU6-MP1 allows remote authenticated users to gain privileges via unspecified vectors...

6.3AI score0.24638EPSS
Exploits4References4
CVE
CVE
added 2015/08/01 1:0 a.m.56 views

CVE-2015-1491

Symantec Endpoint Protection Manager (SEPM) 12.1 prior to 12.1-RU6-MP1 is affected by CVE-2015-1491, a SQL injection vulnerability in the SEPM management console that allows an authenticated remote user to execute arbitrary SQL commands. The issue is part of a broader set of vulnerabilities (SYM1...

6CVSS8AI score0.0162EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2015/08/01 1:0 a.m.69 views

CVE-2015-1486

CVE-2015-1486 affects Symantec Endpoint Protection Manager (SEPM) 12.1 prior to 12.1-RU6-MP1, enabling remote authentication bypass via a crafted password-reset action that creates a new admin session. Related materials show exploit paths (e.g., Metasploit module, exploit-db entry) indicating pra...

7.5CVSS6.6AI score0.64487EPSS
Exploits9References4Affected Software1
CVE
CVE
added 2015/08/01 1:0 a.m.61 views

CVE-2015-1490

Symantec Endpoint Protection Manager (SEPM) 12.1 prior to 12.1-RU6-MP1 is affected by CVE-2015-1490, a directory traversal vulnerability in the SEPM management console. An authenticated remote attacker can read arbitrary files via a relative pathname in a client installation package due to improp...

5.5CVSS6.2AI score0.02375EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2015/08/01 1:0 a.m.63 views

CVE-2015-1487

The SEPM (Symantec Endpoint Protection Manager) product is affected by CVE-2015-1487: a flaw in the management console prior to 12.1-RU6-MP1 allows remote authenticated users to write arbitrary files via a crafted filename, potentially elevating to administrator privileges. Technical context from...

5.5CVSS6.2AI score0.47331EPSS
Exploits4References4Affected Software1
Rows per page
Query Builder