35 matches found
EUVD-2014-1719
Malware in sbrugna...
EUVD-2012-0340
Malware in sbrugna...
EUVD-2014-1718
Malware in sbrugna...
Symantec LiveUpdate Administrator Management GUI HTML Injection
No description provided by source. Source: http://www.securityfocus.com/bid/46856/info Symantec LiveUpdate Administrator is prone to an HTML-injection vulnerability. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected application, potentiall...
Symantec LiveUpdate Administrator Security Bypass (CVE-2014-1644)
A security policy bypass vulnerability exists in Symantec LiveUpdate Administrator. The vulnerability is due to a failure to validate temporary passwords when processing a user account password reset. A remote unauthenticated attacker could exploit this vulnerability by sending a malicious reques...
Symantec LiveUpdate Administrator Multiple Vulnerabilities
Symantec LiveUpdate Administrator is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Symantec LiveUpdate Administrator Version Detection
Detects the installed version of Symantec LiveUpdate Administrator. This script sends an HTTP GET request and tries to get the version from the response. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...
Symantec LiveUpdate Administrator未授权访问漏洞
Bugtraq ID:66399 CVE ID:CVE-2014-1644 Symantec LiveUpdate Administrator是一款Symantec产品升级管理程序。 Symantec LiveUpdate Administrator管理GUI对登录/密码功能提供不正确的保护,允许攻击者在知道目标用户email地址的情况下,利用重置密码功能重置用户密码,未授权进行访问。 0 Symantec LiveUpdate Administrator 2.x Symantec LiveUpdate Administrator 2.3.2.110已经修复该漏洞,建议用户下载更新:...
Symantec LiveUpdate Administrator SQL注入漏洞
Bugtraq ID:66400 CVE ID:CVE-2014-1645 Symantec LiveUpdate Administrator是一款Symantec产品升级管理程序。 Symantec LiveUpdate Administrator管理GUI不正确过滤用户提交的输入,允许远程攻击者利用漏洞提交特制的SQL查询,操作或获取数据库数据。 0 Symantec LiveUpdate Administrator 2.x Symantec LiveUpdate Administrator 2.3.2.110已经修复该漏洞,建议用户下载更新:...
SEC Consult SA-20140328-0 :: Multiple vulnerabilities in Symantec LiveUpdate Administrator
SEC Consult Vulnerability Lab Security Advisory 20140328-0 ======================================================================= title: Multiple critical vulnerabilities product: Symantec LiveUpdate Administrator vulnerable version: = 2.3.2.99 fixed version: 2.3.2.110 impact: critical CVE numbe...
CVE-2014-1644
The forgotten-password feature in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator LUA 2.x before 2.3.2.110 allows remote attackers to reset arbitrary passwords by providing the e-mail address associated with a user account...
CVE-2014-1645
SQL injection vulnerability in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator LUA 2.x before 2.3.2.110 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
Sql injection
SQL injection vulnerability in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator LUA 2.x before 2.3.2.110 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2014-1644
CVE-2014-1644 affects Symantec LiveUpdate Administrator (LUA) 2.x pre-2.3.2.110. The root cause is a flawed forgotten-password flow in the management GUI (/lua/forcepasswd.do) that allows unauthenticated password resets when the attacker knows the target email address, enabling potential full acc...
CVE-2014-1644
The forgotten-password feature in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator LUA 2.x before 2.3.2.110 allows remote attackers to reset arbitrary passwords by providing the e-mail address associated with a user account...
CVE-2014-1645
SQL injection vulnerability in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator LUA 2.x before 2.3.2.110 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
Symantec LiveUpdate Administrator Unauthenticated/Unauthorized Account Access Modification and SQL i
SUMMARY The management GUI for Symantec LiveUpdate Administrator does not properly protect the forgotten password functionality of the web interface. An unauthorized individual with knowledge of the email address for an authorized LUA user can potentially force an arbitrary password reset leading...
Symantec LiveUpdate Administrator < 2.3.2 Privilege Escalation (SYM12-009)
The version of LiveUpdate Administrator running on the remote host is earlier than 2.3.2. Such versions have a privilege escalation vulnerability due to insecure file permissions set by a default installation. The webapps directory allows write access to the Everyone group. A local, unprivileged...
CVE-2012-0304
The CVE-2012-0304 entry concerns Symantec LiveUpdate Administrator prior to 2.3.1. The installation directory was configured with weak permissions (Everyone: Full Control), enabling a local unprivileged user to replace or modify files that can be executed with SYSTEM privileges via a Trojan horse...
CVE-2012-0304
Symantec LiveUpdate Administrator before 2.3.1 uses weak permissions Everyone: Full Control for the installation directory, which allows local users to gain privileges via a Trojan horse file...