Lucene search
K

4 matches found

securityvulns
securityvulns
added 2014/03/31 12:0 a.m.79 views

SEC Consult SA-20140328-0 :: Multiple vulnerabilities in Symantec LiveUpdate Administrator

SEC Consult Vulnerability Lab Security Advisory 20140328-0 ======================================================================= title: Multiple critical vulnerabilities product: Symantec LiveUpdate Administrator vulnerable version: = 2.3.2.99 fixed version: 2.3.2.110 impact: critical CVE numbe...

7.5CVSS0.5AI score0.02639EPSS
Exploits2
seebug.org
seebug.org
added 2014/03/31 12:0 a.m.28 views

Symantec LiveUpdate Administrator SQL注入漏洞

Bugtraq ID:66400 CVE ID:CVE-2014-1645 Symantec LiveUpdate Administrator是一款Symantec产品升级管理程序。 Symantec LiveUpdate Administrator管理GUI不正确过滤用户提交的输入,允许远程攻击者利用漏洞提交特制的SQL查询,操作或获取数据库数据。 0 Symantec LiveUpdate Administrator 2.x Symantec LiveUpdate Administrator 2.3.2.110已经修复该漏洞,建议用户下载更新:...

7.5CVSS6.6AI score0.01412EPSS
Exploits1
CVE
CVE
added 2014/03/29 1:0 a.m.50 views

CVE-2014-1645

CVE-2014-1645 is an SQL injection flaw in Symantec LiveUpdate Administrator (LUA) 2.x up to version 2.3.2.110, affecting the management GUI via forcepasswd.do and related password-recovery paths. The vulnerability allows remote attackers to execute arbitrary SQL commands, potentially exfiltrating...

7.5CVSS8.4AI score0.01412EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2014/03/29 1:0 a.m.23 views

CVE-2014-1645

SQL injection vulnerability in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator LUA 2.x before 2.3.2.110 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

8.2AI score0.01412EPSS
Exploits1References4
Rows per page
Query Builder