151 matches found
CVE-2014-1644
The forgotten-password feature in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator LUA 2.x before 2.3.2.110 allows remote attackers to reset arbitrary passwords by providing the e-mail address associated with a user account...
Default credentials
The forgotten-password feature in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator LUA 2.x before 2.3.2.110 allows remote attackers to reset arbitrary passwords by providing the e-mail address associated with a user account...
Sql injection
SQL injection vulnerability in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator LUA 2.x before 2.3.2.110 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2014-1645
SQL injection vulnerability in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator LUA 2.x before 2.3.2.110 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2014-1644
The forgotten-password feature in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator LUA 2.x before 2.3.2.110 allows remote attackers to reset arbitrary passwords by providing the e-mail address associated with a user account...
CVE-2014-1644
CVE-2014-1644 affects Symantec LiveUpdate Administrator (LUA) 2.x pre-2.3.2.110. The root cause is a flawed forgotten-password flow in the management GUI (/lua/forcepasswd.do) that allows unauthenticated password resets when the attacker knows the target email address, enabling potential full acc...
Symantec LiveUpdate Administrator Unauthenticated/Unauthorized Account Access Modification and SQL i
SUMMARY The management GUI for Symantec LiveUpdate Administrator does not properly protect the forgotten password functionality of the web interface. An unauthorized individual with knowledge of the email address for an authorized LUA user can potentially force an arbitrary password reset leading...
Symantec LiveUpdate Administrator < 2.3.2 Privilege Escalation (SYM12-009)
The version of LiveUpdate Administrator running on the remote host is earlier than 2.3.2. Such versions have a privilege escalation vulnerability due to insecure file permissions set by a default installation. The webapps directory allows write access to the Everyone group. A local, unprivileged...
Symantec LiveUpdate Administrator不安全文件权限本地特权提升漏洞
Bugtraq ID: 53903 CVE ID:CVE-2012-0304 Symantec LiveUpdate是Symantec用于自动更新Symantec病毒定义和产品的技术。 Symantec LiveUpdate Administrator不正确设置部分文件权限,本地攻击者可以利用漏洞删除操作和替换应用程序文件,可导致权限提升。 0 Symantec LiveUpdate Administrator 2.3 Symantec LiveUpdate Administrator 2.2.2.9 厂商补丁: Symantec ----------- Symantec...
CVE-2012-0304
Symantec LiveUpdate Administrator before 2.3.1 uses weak permissions Everyone: Full Control for the installation directory, which allows local users to gain privileges via a Trojan horse file...
Information disclosure
Symantec LiveUpdate Administrator before 2.3.1 uses weak permissions Everyone: Full Control for the installation directory, which allows local users to gain privileges via a Trojan horse file...
CVE-2012-0304
Symantec LiveUpdate Administrator before 2.3.1 uses weak permissions Everyone: Full Control for the installation directory, which allows local users to gain privileges via a Trojan horse file...
CVE-2012-0304
The CVE-2012-0304 entry concerns Symantec LiveUpdate Administrator prior to 2.3.1. The installation directory was configured with weak permissions (Everyone: Full Control), enabling a local unprivileged user to replace or modify files that can be executed with SYSTEM privileges via a Trojan horse...
Symantec LiveUpdate Administrator 2.3 Insecure File Permissions
SUMMARY Symantec LiveUpdate Administrator 2.3 and prior install some files with insecure file permissions during a default installation. These files allow full control permission to everyone which could result in arbitrary command execution with elevated privileges on the system. AFFECTED PRODUCT...
Symantec LiveUpdate Administrator Installed (credentialed check)
Symantec LiveUpdate Administrator LUA was detected on the remote host. LUA provides centralized management for multiple internal LiveUpdate servers. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid59192; scriptversion"1.8";...
Symantec LiveUpdate Administrator Insecure Permissions Local Privilege Escalation (credentialed check)
The version of Symantec LiveUpdate Administrator LUA installed on the remote host has a privilege escalation vulnerability. The installation directory allows write access to the Everyone group. This directory contains batch files that are periodically executed as SYSTEM. A local, unprivileged...
Symantec LiveUpdate Administrator控制请求伪造漏洞
CVE ID: CVE-2011-0545 Symantecs LiveUpdate Administrator可对内容提供基础架构支持。 Symantec LiveUpdate Administrator在实现上存在控制请求伪造漏洞,远程攻击者可利用此漏洞以管理员身份执行HTML或脚本代码。 此漏洞源于登录界面未能正确过滤或验证外部输入中的变量。在向受影响系统的事件日志提交了恶意条目后,授权管理员必须登录到管理界面GUI并访问事件登录页面触发漏洞。 Symantec LiveUpdate Administrator 2.2.2.9 厂商补丁: Symantec --------...
Symantec LiveUpdate Administrator Web Detection
Symantec LiveUpdate Administrator LUA was detected on the remote host. LUA provides centralized management for multiple internal LiveUpdate servers. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid53208; scriptversion"1.7"; scriptcvsdate"Date: 2019/11/22";...
Symantec LiveUpdate Administrator < 2.3 CSRF (SYM11-005)
The version of LiveUpdate Administrator running on the remote host is earlier than 2.3. Such versions have a cross-site request forgery CSRF vulnerability. Failed login attempts are logged and viewable from the web console. Usernames from these failed attempts are not sanitized before they are...
Cross site scripting
Cross-site scripting XSS vulnerability in the management login GUI page in Symantec LiveUpdate Administrator LUA before 2.3 allows remote attackers to inject arbitrary web script or HTML via the username field, as demonstrated by injecting an IFRAME element into the event log, a different...