Lucene search
+L

151 matches found

NVD
NVD
added 2014/03/29 1:55 a.m.18 views

CVE-2014-1644

The forgotten-password feature in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator LUA 2.x before 2.3.2.110 allows remote attackers to reset arbitrary passwords by providing the e-mail address associated with a user account...

7.5CVSS6.6AI score0.02639EPSS
Exploits1References4
Prion
Prion
added 2014/03/29 1:55 a.m.16 views

Default credentials

The forgotten-password feature in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator LUA 2.x before 2.3.2.110 allows remote attackers to reset arbitrary passwords by providing the e-mail address associated with a user account...

7.5CVSS7.1AI score0.02639EPSS
Exploits1References4Affected Software1
Prion
Prion
added 2014/03/29 1:55 a.m.29 views

Sql injection

SQL injection vulnerability in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator LUA 2.x before 2.3.2.110 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

7.5CVSS8.9AI score0.01412EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2014/03/29 1:0 a.m.24 views

CVE-2014-1645

SQL injection vulnerability in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator LUA 2.x before 2.3.2.110 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

8.2AI score0.01412EPSS
Exploits1References4
Cvelist
Cvelist
added 2014/03/29 1:0 a.m.35 views

CVE-2014-1644

The forgotten-password feature in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator LUA 2.x before 2.3.2.110 allows remote attackers to reset arbitrary passwords by providing the e-mail address associated with a user account...

6.6AI score0.02639EPSS
Exploits1References4
CVE
CVE
added 2014/03/29 1:0 a.m.60 views

CVE-2014-1644

CVE-2014-1644 affects Symantec LiveUpdate Administrator (LUA) 2.x pre-2.3.2.110. The root cause is a flawed forgotten-password flow in the management GUI (/lua/forcepasswd.do) that allows unauthenticated password resets when the attacker knows the target email address, enabling potential full acc...

7.5CVSS6.7AI score0.02639EPSS
Exploits1References4Affected Software1
Symantec
Symantec
added 2014/03/27 8:0 a.m.39 views

Symantec LiveUpdate Administrator Unauthenticated/Unauthorized Account Access Modification and SQL i

SUMMARY The management GUI for Symantec LiveUpdate Administrator does not properly protect the forgotten password functionality of the web interface. An unauthorized individual with knowledge of the email address for an authorized LUA user can potentially force an arbitrary password reset leading...

7.5CVSS0.2AI score0.02639EPSS
Exploits2Affected Software1
Tenable Nessus
Tenable Nessus
added 2012/06/28 12:0 a.m.37 views

Symantec LiveUpdate Administrator < 2.3.2 Privilege Escalation (SYM12-009)

The version of LiveUpdate Administrator running on the remote host is earlier than 2.3.2. Such versions have a privilege escalation vulnerability due to insecure file permissions set by a default installation. The webapps directory allows write access to the Everyone group. A local, unprivileged...

6.9CVSS5.6AI score0.00347EPSS
Exploits1References4
seebug.org
seebug.org
added 2012/06/23 12:0 a.m.46 views

Symantec LiveUpdate Administrator不安全文件权限本地特权提升漏洞

Bugtraq ID: 53903 CVE ID:CVE-2012-0304 Symantec LiveUpdate是Symantec用于自动更新Symantec病毒定义和产品的技术。 Symantec LiveUpdate Administrator不正确设置部分文件权限,本地攻击者可以利用漏洞删除操作和替换应用程序文件,可导致权限提升。 0 Symantec LiveUpdate Administrator 2.3 Symantec LiveUpdate Administrator 2.2.2.9 厂商补丁: Symantec ----------- Symantec...

6.9CVSS6.4AI score0.00347EPSS
Exploits1
NVD
NVD
added 2012/06/22 10:24 a.m.20 views

CVE-2012-0304

Symantec LiveUpdate Administrator before 2.3.1 uses weak permissions Everyone: Full Control for the installation directory, which allows local users to gain privileges via a Trojan horse file...

6.9CVSS6.4AI score0.00347EPSS
Exploits1References4
Prion
Prion
added 2012/06/22 10:24 a.m.20 views

Information disclosure

Symantec LiveUpdate Administrator before 2.3.1 uses weak permissions Everyone: Full Control for the installation directory, which allows local users to gain privileges via a Trojan horse file...

6.9CVSS7AI score0.00347EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2012/06/22 10:0 a.m.29 views

CVE-2012-0304

Symantec LiveUpdate Administrator before 2.3.1 uses weak permissions Everyone: Full Control for the installation directory, which allows local users to gain privileges via a Trojan horse file...

6.4AI score0.00347EPSS
Exploits1References4
CVE
CVE
added 2012/06/22 10:0 a.m.71 views

CVE-2012-0304

The CVE-2012-0304 entry concerns Symantec LiveUpdate Administrator prior to 2.3.1. The installation directory was configured with weak permissions (Everyone: Full Control), enabling a local unprivileged user to replace or modify files that can be executed with SYSTEM privileges via a Trojan horse...

6.9CVSS6.6AI score0.00347EPSS
Exploits1References4Affected Software1
Symantec
Symantec
added 2012/06/15 8:0 a.m.34 views

Symantec LiveUpdate Administrator 2.3 Insecure File Permissions

SUMMARY Symantec LiveUpdate Administrator 2.3 and prior install some files with insecure file permissions during a default installation. These files allow full control permission to everyone which could result in arbitrary command execution with elevated privileges on the system. AFFECTED PRODUCT...

6.9CVSS0.2AI score0.00347EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2012/05/18 12:0 a.m.37 views

Symantec LiveUpdate Administrator Installed (credentialed check)

Symantec LiveUpdate Administrator LUA was detected on the remote host. LUA provides centralized management for multiple internal LiveUpdate servers. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid59192; scriptversion"1.8";...

5.4AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2012/05/18 12:0 a.m.20 views

Symantec LiveUpdate Administrator Insecure Permissions Local Privilege Escalation (credentialed check)

The version of Symantec LiveUpdate Administrator LUA installed on the remote host has a privilege escalation vulnerability. The installation directory allows write access to the Everyone group. This directory contains batch files that are periodically executed as SYSTEM. A local, unprivileged...

6.9CVSS5.6AI score0.00347EPSS
Exploits1References3
seebug.org
seebug.org
added 2011/03/31 12:0 a.m.30 views

Symantec LiveUpdate Administrator控制请求伪造漏洞

CVE ID: CVE-2011-0545 Symantecs LiveUpdate Administrator可对内容提供基础架构支持。 Symantec LiveUpdate Administrator在实现上存在控制请求伪造漏洞,远程攻击者可利用此漏洞以管理员身份执行HTML或脚本代码。 此漏洞源于登录界面未能正确过滤或验证外部输入中的变量。在向受影响系统的事件日志提交了恶意条目后,授权管理员必须登录到管理界面GUI并访问事件登录页面触发漏洞。 Symantec LiveUpdate Administrator 2.2.2.9 厂商补丁: Symantec --------...

6.8CVSS6.4AI score0.02937EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2011/03/29 12:0 a.m.37 views

Symantec LiveUpdate Administrator Web Detection

Symantec LiveUpdate Administrator LUA was detected on the remote host. LUA provides centralized management for multiple internal LiveUpdate servers. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid53208; scriptversion"1.7"; scriptcvsdate"Date: 2019/11/22";...

5.4AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2011/03/29 12:0 a.m.25 views

Symantec LiveUpdate Administrator < 2.3 CSRF (SYM11-005)

The version of LiveUpdate Administrator running on the remote host is earlier than 2.3. Such versions have a cross-site request forgery CSRF vulnerability. Failed login attempts are logged and viewable from the web console. Usernames from these failed attempts are not sanitized before they are...

6.8CVSS5.7AI score0.0421EPSS
Exploits4References4
Prion
Prion
added 2011/03/28 6:55 p.m.20 views

Cross site scripting

Cross-site scripting XSS vulnerability in the management login GUI page in Symantec LiveUpdate Administrator LUA before 2.3 allows remote attackers to inject arbitrary web script or HTML via the username field, as demonstrated by injecting an IFRAME element into the event log, a different...

4.3CVSS6AI score0.0421EPSS
Exploits4References9Affected Software1
Rows per page
Query Builder