Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in Symantec Endpoint Protection Manager SEPM 12.1 before RU6-MP4 allows remote authenticated users to hijack the authentication of administrators for requests that execute arbitrary code by adding lines to a logging script...

CVE-2015-8153

Symantec Endpoint Protection Manager (SEPM) 12.1 prior to RU6-MP4 is affected by CVE-2015-8153 (SQL injection). Interfaces with the SEPM backend allow a remote authenticated attacker to execute arbitrary SQL via unspecified vectors, potentially impacting data confidentiality, integrity, and avail...