Lucene search
+L

46 matches found

seebug.org
seebug.org
added 2009/05/01 12:0 a.m.33 views

Symantec杀毒软件Reporting Server组件URL处理漏洞

BUGTRAQ ID: 34668 CVECAN ID: CVE-2009-1432 Symantec AntiVirus是非常流行的杀毒解决方案。 Reporting Server是Symantec杀毒软件产品中所使用的用于创建有关企业网络中Symantec杀毒产品报表的可选组件。Reporting Server组件的登录屏幕存在URL处理错误,如果用户受骗跟随了恶意链接就会导致在登录屏幕上显示误导性消息,这有助于攻击者执行网络钓鱼类的欺骗攻击。 Symantec Client Security 3.1 Symantec AntiVirus Corporate Edition 10.2...

5CVSS6.4AI score0.04225EPSS
Exploits1
NVD
NVD
added 2009/04/30 8:30 p.m.25 views

CVE-2009-1432

Symantec Reporting Server, as used in Symantec AntiVirus SAV Corporate Edition 10.1 before 10.1 MR8 and 10.2 before 10.2 MR2, Symantec Client Security SCS before 3.1 MR8, and the Symantec Endpoint Protection Manager SEPM component in Symantec Endpoint Protection SEP before 11.0 MR2, allows remote...

5CVSS6.6AI score0.04225EPSS
Exploits1References10
Cvelist
Cvelist
added 2009/04/30 8:0 p.m.27 views

CVE-2009-1432

Symantec Reporting Server, as used in Symantec AntiVirus SAV Corporate Edition 10.1 before 10.1 MR8 and 10.2 before 10.2 MR2, Symantec Client Security SCS before 3.1 MR8, and the Symantec Endpoint Protection Manager SEPM component in Symantec Endpoint Protection SEP before 11.0 MR2, allows remote...

6.6AI score0.04225EPSS
Exploits1References10
Symantec
Symantec
added 2009/04/28 8:0 a.m.32 views

Symantec Reporting Server Improper URL Handling Exposure

SUMMARY The login web page in some versions of Symantec Reporting Server contains a URL handling error which could potentially allow an attacker to launch a phishing attack. AFFECTED PRODUCTS Product | Affected Version | Solution ---|---|--- Symantec AntiVirus Corporate Edition | 10.1 MR7 and...

5CVSS6.6AI score0.04225EPSS
Exploits1Affected Software1
securityvulns
securityvulns
added 2007/06/11 12:0 a.m.87 views

SYM07-011 Symantec Reporting Server password disclosure

SYM07-011: Symantec Reporting Server Password Disclosure June 5, 2007 Risk Impact: Medium Remote Access: Yes Local Access: Yes Authentication Required:Yes Exploit available: No Overview The administrator password for Symantec Reporting Server could be disclosed after a failed login attempt...

4.3CVSS0.02052EPSS
Exploits0
securityvulns
securityvulns
added 2007/06/11 12:0 a.m.62 views

Multiple Symantec antiviral products Reporting Server code execution

It's possible to spoof executable report file. Password hash is leaked during failed logon attempt...

7.5CVSS1.6AI score0.02052EPSS
Exploits0References2Affected Software2
seebug.org
seebug.org
added 2007/06/10 12:0 a.m.29 views

Symantec System Center报告服务器远程特权提升漏洞

Symantec Reporting Server是一款Symantec系统中心控制台的可选WEB应用程序。 Symantec Reporting Server处理输出数据存在设计错误,远程攻击者可以利用漏洞以应用程序权限执行任意程序。 报告服务器导出数据处理建立的文件可被未授权用户建立恶意可执行文件并执行。导致获得对应用程序的控制。 Symantec Reporting Server 1.0.197.0 Symantec Client Security 3.1 .401 Symantec Client Security 3.1 .400 Symantec Client Security...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2007/06/08 12:0 a.m.37 views

Symantec Reporting Server < 1.0.224.0 Multiple Vulnerabilities

The remote host is running Symantec Reporting Server, a web-based tool for creating reports about Symantec enterprise antivirus products. The version of Symantec Reporting Server installed on the remote host allows a remote attacker to bypass authentication to various scripts and gain access to t...

9CVSS5.6AI score0.02155EPSS
Exploits0References5
seebug.org
seebug.org
added 2007/06/07 12:0 a.m.32 views

Symantec Reporting Server远程权限提升漏洞

Symantec Reporting Server是Symantec System Center控制台中的一个可选组件,用于创建报表。 Symantec Reporting Server在执行数据导出的过程中存在漏洞,远程攻击者可能利用此漏洞非授权访问服务器。 由于没有正确地初始化变量,非授权用户可能在从Reporting Server导出数据过程中控制所创建的文件,然后执行该文件,导致以Web Server用户的权限访问服务器。 Symantec Reporting Server 1.0.197.0 卸载Reporting Server,限制对SCS控制台和Reporting...

7.1AI score
Exploits0
NVD
NVD
added 2007/06/06 10:30 p.m.22 views

CVE-2007-3095

Unspecified vulnerability in Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition SAV CE 10.1 and later, allows attackers to "disable the authentication system" and bypass authenticati...

9CVSS6.7AI score0.02155EPSS
Exploits0References7
Prion
Prion
added 2007/06/06 10:30 p.m.25 views

Authentication flaw

Unspecified vulnerability in Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition SAV CE 10.1 and later, allows attackers to "disable the authentication system" and bypass authenticati...

9CVSS6.9AI score0.02155EPSS
Exploits0References7Affected Software3
Cvelist
Cvelist
added 2007/06/06 10:0 p.m.29 views

CVE-2007-3095

Unspecified vulnerability in Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition SAV CE 10.1 and later, allows attackers to "disable the authentication system" and bypass authenticati...

6.7AI score0.02155EPSS
Exploits0References7
CVE
CVE
added 2007/06/06 10:0 p.m.55 views

CVE-2007-3095

The vulnerability CVE-2007-3095 affects Symantec Reporting Server versions prior to 1.0.224.0 (including 1.0.197.0) as used with Symantec Client Security 3.1+ and SAV CE 10.1+. The issue is an authentication bypass that allows an attacker to disable authentication and access restricted functional...

9CVSS6.7AI score0.02155EPSS
Exploits0References7Affected Software3
securityvulns
securityvulns
added 2007/06/06 12:0 a.m.116 views

SYM07-012 Symantec Reporting Server elevation of privilege

SYM07-012 Symantec Reporting Server Elevation of Privilege June 5, 2007 Risk Impact Medium Remote Access: Yes Local Access: Yes Authentication Required: No Exploit available: No Overview Files created by a Reporting Server may be accessible to an unauthorized user. Affected Products Reporting...

7.5CVSS0.1AI score0.02024EPSS
Exploits0
NVD
NVD
added 2007/06/05 9:30 p.m.27 views

CVE-2007-3022

Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition SAV CE 10.1 and later, displays the password hash for a user after a failed login attempt, which makes it easier for remote attacke...

4.3CVSS6.6AI score0.02052EPSS
Exploits0References7
Prion
Prion
added 2007/06/05 9:30 p.m.21 views

Code injection

Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition SAV CE 10.1 and later, does not initialize a critical variable, which allows attackers to create arbitrary executable files via...

7.5CVSS6.8AI score0.02024EPSS
Exploits0References7Affected Software3
Prion
Prion
added 2007/06/05 9:30 p.m.27 views

Design/Logic Flaw

Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition SAV CE 10.1 and later, displays the password hash for a user after a failed login attempt, which makes it easier for remote attacke...

4.3CVSS7AI score0.02052EPSS
Exploits0References7Affected Software3
NVD
NVD
added 2007/06/05 9:30 p.m.21 views

CVE-2007-3021

Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition SAV CE 10.1 and later, does not initialize a critical variable, which allows attackers to create arbitrary executable files via...

7.5CVSS6.5AI score0.02024EPSS
Exploits0References7
CVE
CVE
added 2007/06/05 9:0 p.m.68 views

CVE-2007-3022

Symantec Reporting Server (versions affected: 1.0.197.0 up to 1.0.224.0), used with Symantec Client Security 3.1 and SAV CE 10.1, discloses the password hash for a user after a failed login. This plaintext-like disclosure enables brute-force attempts and could let an attacker gain access to the R...

4.3CVSS6.6AI score0.02052EPSS
Exploits0References7Affected Software3
Cvelist
Cvelist
added 2007/06/05 9:0 p.m.27 views

CVE-2007-3022

Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition SAV CE 10.1 and later, displays the password hash for a user after a failed login attempt, which makes it easier for remote attacke...

6.6AI score0.02052EPSS
Exploits0References7
Rows per page
Query Builder