359 matches found
CVE-2016-5307
Directory traversal vulnerability in Symantec Endpoint Protection Manager SEPM 12.1 before RU6 MP5 allows remote authenticated users to read arbitrary files in the web-root directory tree via unspecified vectors...
CVE-2016-5307
Directory traversal vulnerability in Symantec Endpoint Protection Manager SEPM 12.1 before RU6 MP5 allows remote authenticated users to read arbitrary files in the web-root directory tree via unspecified vectors...
CVE-2016-5306
Symantec Endpoint Protection Manager SEPM 12.1 before RU6 MP5 does not properly implement the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information by sniffing the network for unintended HTTP traffic on port 8445...
CVE-2016-3653
Multiple cross-site request forgery CSRF vulnerabilities in management scripts in Symantec Endpoint Protection Manager SEPM 12.1 before RU6 MP5 allow remote authenticated users to hijack the authentication of arbitrary users...
CVE-2016-3651
Symantec Endpoint Protection Manager SEPM 12.1 before RU6 MP5 allows remote authenticated users to discover the PHP JSESSIONID value via unspecified vectors...
CVE-2016-3651
Symantec Endpoint Protection Manager SEPM 12.1 before RU6 MP5 allows remote authenticated users to discover the PHP JSESSIONID value via unspecified vectors...
CVE-2016-3650
Symantec Endpoint Protection Manager SEPM 12.1 before RU6 MP5 allows remote authenticated users to discover credentials via a brute-force attack...
CVE-2016-3649
Symantec Endpoint Protection Manager SEPM 12.1 before RU6 MP5 allows remote authenticated administrators to enumerate administrator accounts via modified GET requests...
CVE-2016-3648
Symantec Endpoint Protection Manager SEPM 12.1 before RU6 MP5 allows remote authenticated users to bypass the Authentication Lock protection mechanism, and conduct brute-force password-guessing attacks against management-console accounts, by entering data into the authorization window...
CVE-2016-3647
Symantec Endpoint Protection Manager SEPM 12.1 before RU6 MP5 allows remote authenticated users to conduct server-side request forgery SSRF attacks, and trigger network traffic to arbitrary intranet hosts, via a crafted request...
Design/Logic Flaw
Symantec Endpoint Protection Manager SEPM 12.1 before RU6 MP5 does not properly implement the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information by sniffing the network for unintended HTTP traffic on port 8445...
Authentication flaw
Symantec Endpoint Protection Manager SEPM 12.1 before RU6 MP5 allows remote authenticated users to bypass the Authentication Lock protection mechanism, and conduct brute-force password-guessing attacks against management-console accounts, by entering data into the authorization window...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in management scripts in Symantec Endpoint Protection Manager SEPM 12.1 before RU6 MP5 allow remote authenticated users to inject arbitrary web script or HTML via a "DOM link manipulation" attack...
Design/Logic Flaw
Symantec Endpoint Protection Manager SEPM 12.1 before RU6 MP5 allows remote authenticated users to discover the PHP JSESSIONID value via unspecified vectors...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in management scripts in Symantec Endpoint Protection Manager SEPM 12.1 before RU6 MP5 allow remote authenticated users to hijack the authentication of arbitrary users...
Server side request forgery (ssrf)
Symantec Endpoint Protection Manager SEPM 12.1 before RU6 MP5 allows remote authenticated users to conduct server-side request forgery SSRF attacks, and trigger network traffic to arbitrary intranet hosts, via a crafted request...
Directory traversal
Directory traversal vulnerability in Symantec Endpoint Protection Manager SEPM 12.1 before RU6 MP5 allows remote authenticated users to read arbitrary files in the web-root directory tree via unspecified vectors...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in management scripts in Symantec Endpoint Protection Manager SEPM 12.1 before RU6 MP5 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...
Open redirect
Open redirect vulnerability in a report-routing component in Symantec Endpoint Protection Manager SEPM 12.1 before RU6 MP5 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors...
CVE-2016-5304
Open redirect vulnerability (CVE-2016-5304) in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5. An authenticated remote attacker could exploit an open redirect in the externalurl.php path to send users to arbitrary sites, enabling phishing and potential session/credential exposure...