69 matches found
EUVD-2015-8042
Malware in sbrugna...
EUVD-2020-26983
Malware in sbrugna...
Symantec Endpoint Protection Manager < 14.3 RU2 Session Token Exposure (SYMSA18255)
The version of Symantec Endpoint Protection Manager SEPM installed on the remote host is prior to 14.3 RU2. It is therefore affected by a vulnerability. HTTPS GET parameters may include session tokens, which could be logged. Note that Nessus has not tested for this issue but has instead relied on...
CVE-2020-5834
Symantec Endpoint Protection Manager, prior to 14.3, may be susceptible to a directory traversal attack that could allow a remote actor to determine the size of files in the directory...
CVE-2020-5834
Summary: CVE-2020-5834 affects Symantec Endpoint Protection Manager (SEPM) prior to v14.3. A directory traversal vulnerability could allow a remote attacker to determine the size of files in a directory. Root cause / affected components: Directory traversal flaw in SEPM before 14.3 (as per multip...
Symantec Endpoint Protection Manager Information Disclosure Vulnerability (CNVD-2020-09963)
Symantec Endpoint Protection Manager SEPM is a suite of enterprise-grade virus protection software from Symantec USA. The software protects against malicious attacks such as viruses, worms, and Trojan horses. Symantec Endpoint Protection Manager suffers from an information disclosure vulnerabilit...
CVE-2020-5831
Symantec Endpoint Protection Manager SEPM, prior to 14.2 RU2 MP1, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program...
CVE-2020-5831
Symantec Endpoint Protection Manager (SEPM) is affected by CVE-2020-5831, a local, out-of-bounds read vulnerability present in SEPM prior to 14.2 RU2 MP1 (and pre-14.2 RU2 MP1 refresh noted in the advisories). Exploitation could allow a local attacker to read memory outside allocated bounds via t...
CVE-2020-5827
Symantec Endpoint Protection Manager SEPM, prior to 14.2 RU2 MP1, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program...
Privilege escalation
Symantec Endpoint Protection Manager SEPM and Symantec Mail Security for MS Exchange SMSMSE, prior to versions 14.2 RU2 and 7.5.x respectively, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software applicati...
Symantec Endpoint Protection Manager CVE-2018-18368 Local Privilege Escalation Vulnerability
Description Symantec Endpoint Protection Manager is prone to a local privilege-escalation vulnerability. A local attacker can leverage this issue to gain elevated privileges. Symantec Endpoint Protection Manager versions prior to 14.2 RU1 are vulnerable. Technologies Affected Symantec Endpoint...
CVE-2016-3653
Multiple cross-site request forgery CSRF vulnerabilities in management scripts in Symantec Endpoint Protection Manager SEPM 12.1 before RU6 MP5 allow remote authenticated users to hijack the authentication of arbitrary users...
CVE-2016-3649
Symantec Endpoint Protection Manager SEPM 12.1 before RU6 MP5 allows remote authenticated administrators to enumerate administrator accounts via modified GET requests...
CVE-2016-3648
Symantec Endpoint Protection Manager SEPM 12.1 before RU6 MP5 allows remote authenticated users to bypass the Authentication Lock protection mechanism, and conduct brute-force password-guessing attacks against management-console accounts, by entering data into the authorization window...
Design/Logic Flaw
Symantec Endpoint Protection Manager SEPM 12.1 before RU6 MP5 does not properly implement the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information by sniffing the network for unintended HTTP traffic on port 8445...
Directory traversal
Directory traversal vulnerability in Symantec Endpoint Protection Manager SEPM 12.1 before RU6 MP5 allows remote authenticated users to read arbitrary files in the web-root directory tree via unspecified vectors...
Server side request forgery (ssrf)
Symantec Endpoint Protection Manager SEPM 12.1 before RU6 MP5 allows remote authenticated users to conduct server-side request forgery SSRF attacks, and trigger network traffic to arbitrary intranet hosts, via a crafted request...
Open redirect
Open redirect vulnerability in a report-routing component in Symantec Endpoint Protection Manager SEPM 12.1 before RU6 MP5 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in management scripts in Symantec Endpoint Protection Manager SEPM 12.1 before RU6 MP5 allow remote authenticated users to hijack the authentication of arbitrary users...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in management scripts in Symantec Endpoint Protection Manager SEPM 12.1 before RU6 MP5 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...