Symantec IM Manager 'eval()' Code Injection Vulnerability

This host is installed with Symantec IM Manager and is prone to code injection vulnerability. OpenVAS Vulnerability Test $Id: secpodsymantecimmanagercodeinjvuln.nasl 7573 2017-10-26 09:18:50Z cfischer $ Symantec IM Manager 'eval' Code Injection Vulnerability Authors: Sooraj KS Copyright: Copyrigh...

Symantec IM Manager IMAdminSchedTask.asp Eval Code Injection Remote Code Execution (SYM11-004)

The version of Symantec IM Manager installed on the remote Windows host is earlier than 8.4.17. The 'ScheduleTask' method exposed by the 'IMAdminSchedTask.asp' page fails to properly sanitize user input to a POST variable before using it in an 'eval' call. If a logged in console user can be trick...

ZDI-11-037: Symantec IM Manager Administrative Interface IMAdminSchedTask.asp Eval Code Injection Remote Code Execution Vulnerability

ZDI-11-037: Symantec IM Manager Administrative Interface IMAdminSchedTask.asp Eval Code Injection Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-037 January 31, 2011 -- CVE ID: CVE-2010-3719 -- CVSS: 8.5, AV:N/AC:M/Au:S/C:C/I:C/A:C -- Affected Vendors:...

CVE-2010-3719

Summary: CVE-2010-3719 affects Symantec IM Manager. The vulnerability resides in the admin interface’s ScheduleTask function (IMAdminSchedTask.asp) and involves improper sanitization of POST input passed to an eval() call. Affected product is Symantec IM Manager up to version 8.4.16; exploitation...