4 matches found
SEC Consult SA-20140328-0 :: Multiple vulnerabilities in Symantec LiveUpdate Administrator
SEC Consult Vulnerability Lab Security Advisory 20140328-0 ======================================================================= title: Multiple critical vulnerabilities product: Symantec LiveUpdate Administrator vulnerable version: = 2.3.2.99 fixed version: 2.3.2.110 impact: critical CVE numbe...
Symantec LiveUpdate Administrator SQL注入漏洞
Bugtraq ID:66400 CVE ID:CVE-2014-1645 Symantec LiveUpdate Administrator是一款Symantec产品升级管理程序。 Symantec LiveUpdate Administrator管理GUI不正确过滤用户提交的输入,允许远程攻击者利用漏洞提交特制的SQL查询,操作或获取数据库数据。 0 Symantec LiveUpdate Administrator 2.x Symantec LiveUpdate Administrator 2.3.2.110已经修复该漏洞,建议用户下载更新:...
CVE-2014-1645
CVE-2014-1645 is an SQL injection flaw in Symantec LiveUpdate Administrator (LUA) 2.x up to version 2.3.2.110, affecting the management GUI via forcepasswd.do and related password-recovery paths. The vulnerability allows remote attackers to execute arbitrary SQL commands, potentially exfiltrating...
CVE-2014-1645
SQL injection vulnerability in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator LUA 2.x before 2.3.2.110 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...