46 matches found
Symantec杀毒软件Reporting Server组件URL处理漏洞
BUGTRAQ ID: 34668 CVECAN ID: CVE-2009-1432 Symantec AntiVirus是非常流行的杀毒解决方案。 Reporting Server是Symantec杀毒软件产品中所使用的用于创建有关企业网络中Symantec杀毒产品报表的可选组件。Reporting Server组件的登录屏幕存在URL处理错误,如果用户受骗跟随了恶意链接就会导致在登录屏幕上显示误导性消息,这有助于攻击者执行网络钓鱼类的欺骗攻击。 Symantec Client Security 3.1 Symantec AntiVirus Corporate Edition 10.2...
CVE-2009-1432
Symantec Reporting Server, as used in Symantec AntiVirus SAV Corporate Edition 10.1 before 10.1 MR8 and 10.2 before 10.2 MR2, Symantec Client Security SCS before 3.1 MR8, and the Symantec Endpoint Protection Manager SEPM component in Symantec Endpoint Protection SEP before 11.0 MR2, allows remote...
CVE-2009-1432
Symantec Reporting Server, as used in Symantec AntiVirus SAV Corporate Edition 10.1 before 10.1 MR8 and 10.2 before 10.2 MR2, Symantec Client Security SCS before 3.1 MR8, and the Symantec Endpoint Protection Manager SEPM component in Symantec Endpoint Protection SEP before 11.0 MR2, allows remote...
Symantec Reporting Server Improper URL Handling Exposure
SUMMARY The login web page in some versions of Symantec Reporting Server contains a URL handling error which could potentially allow an attacker to launch a phishing attack. AFFECTED PRODUCTS Product | Affected Version | Solution ---|---|--- Symantec AntiVirus Corporate Edition | 10.1 MR7 and...
SYM07-011 Symantec Reporting Server password disclosure
SYM07-011: Symantec Reporting Server Password Disclosure June 5, 2007 Risk Impact: Medium Remote Access: Yes Local Access: Yes Authentication Required:Yes Exploit available: No Overview The administrator password for Symantec Reporting Server could be disclosed after a failed login attempt...
Multiple Symantec antiviral products Reporting Server code execution
It's possible to spoof executable report file. Password hash is leaked during failed logon attempt...
Symantec System Center报告服务器远程特权提升漏洞
Symantec Reporting Server是一款Symantec系统中心控制台的可选WEB应用程序。 Symantec Reporting Server处理输出数据存在设计错误,远程攻击者可以利用漏洞以应用程序权限执行任意程序。 报告服务器导出数据处理建立的文件可被未授权用户建立恶意可执行文件并执行。导致获得对应用程序的控制。 Symantec Reporting Server 1.0.197.0 Symantec Client Security 3.1 .401 Symantec Client Security 3.1 .400 Symantec Client Security...
Symantec Reporting Server < 1.0.224.0 Multiple Vulnerabilities
The remote host is running Symantec Reporting Server, a web-based tool for creating reports about Symantec enterprise antivirus products. The version of Symantec Reporting Server installed on the remote host allows a remote attacker to bypass authentication to various scripts and gain access to t...
Symantec Reporting Server远程权限提升漏洞
Symantec Reporting Server是Symantec System Center控制台中的一个可选组件,用于创建报表。 Symantec Reporting Server在执行数据导出的过程中存在漏洞,远程攻击者可能利用此漏洞非授权访问服务器。 由于没有正确地初始化变量,非授权用户可能在从Reporting Server导出数据过程中控制所创建的文件,然后执行该文件,导致以Web Server用户的权限访问服务器。 Symantec Reporting Server 1.0.197.0 卸载Reporting Server,限制对SCS控制台和Reporting...
CVE-2007-3095
Unspecified vulnerability in Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition SAV CE 10.1 and later, allows attackers to "disable the authentication system" and bypass authenticati...
Authentication flaw
Unspecified vulnerability in Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition SAV CE 10.1 and later, allows attackers to "disable the authentication system" and bypass authenticati...
CVE-2007-3095
Unspecified vulnerability in Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition SAV CE 10.1 and later, allows attackers to "disable the authentication system" and bypass authenticati...
CVE-2007-3095
The vulnerability CVE-2007-3095 affects Symantec Reporting Server versions prior to 1.0.224.0 (including 1.0.197.0) as used with Symantec Client Security 3.1+ and SAV CE 10.1+. The issue is an authentication bypass that allows an attacker to disable authentication and access restricted functional...
SYM07-012 Symantec Reporting Server elevation of privilege
SYM07-012 Symantec Reporting Server Elevation of Privilege June 5, 2007 Risk Impact Medium Remote Access: Yes Local Access: Yes Authentication Required: No Exploit available: No Overview Files created by a Reporting Server may be accessible to an unauthorized user. Affected Products Reporting...
CVE-2007-3022
Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition SAV CE 10.1 and later, displays the password hash for a user after a failed login attempt, which makes it easier for remote attacke...
Code injection
Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition SAV CE 10.1 and later, does not initialize a critical variable, which allows attackers to create arbitrary executable files via...
Design/Logic Flaw
Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition SAV CE 10.1 and later, displays the password hash for a user after a failed login attempt, which makes it easier for remote attacke...
CVE-2007-3021
Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition SAV CE 10.1 and later, does not initialize a critical variable, which allows attackers to create arbitrary executable files via...
CVE-2007-3022
Symantec Reporting Server (versions affected: 1.0.197.0 up to 1.0.224.0), used with Symantec Client Security 3.1 and SAV CE 10.1, discloses the password hash for a user after a failed login. This plaintext-like disclosure enables brute-force attempts and could let an attacker gain access to the R...
CVE-2007-3022
Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition SAV CE 10.1 and later, displays the password hash for a user after a failed login attempt, which makes it easier for remote attacke...