149 matches found
CVE-2006-0231
Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, uses the same private DSA key for each installation, which allows remote attackers to conduct man-in-the-middle attacks and decrypt communications...
CVE-2006-0230
Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, uses a client-side check to verify a password, which allows remote attackers to gain administrator privileges via a modified client that sends certain XML requests...
CVE-2006-0231
Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, uses the same private DSA key for each installation, which allows remote attackers to conduct man-in-the-middle attacks and decrypt communications...
CVE-2006-0230
Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, uses a client-side check to verify a password, which allows remote attackers to gain administrator privileges via a modified client that sends certain XML requests...
CVE-2006-0230
Symantec Scan Engine 5.0.0.24 (and possibly earlier 5.0.x) is affected by an authentication design flaw that trusts the client-side applet to verify passwords. An unauthenticated remote attacker can gain administrative privileges by sending crafted XML requests to the server, effectively bypassin...
CVE-2006-0231
Symantec Scan Engine 5.0.0.24 (and possibly earlier versions before 5.1.0.7) uses the same private DSA key for all installations, enabling remote attackers to perform man-in-the-middle attacks and decrypt communications. Root cause: a single immutable DSA private key embedded in the SSL server ac...
CVE-2006-0232
Symantec Scan Engine CVE-2006-0232 affects v5.0.0.24 (and possibly earlier) where sensitive files (logs, virus definitions) are stored under the web root with weak access control, enabling unauthenticated remote downloads via direct HTTP requests. Rapid7 advisory confirms the vulnerability allows...
CVE-2006-0232
Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, stores sensitive log and virus definition files under the web root with insufficient access control, which allows remote attackers to obtain the information via direct requests...
Symantec AntiVirus Scan Engine Web Interface Multiple Remote Vulnerabilities
The remote host appears to be running Symantec Scan Engine. This version of Scan Engine is vulnerable to several flaws that could allow a remote attacker to take control of the scan engine. The following flaws are present: - Fixed HTTPS certificate key - Configuration file retrieval with...
Rapid7 Advisory R7-0021: Symantec Scan Engine Authentication Fundamental Design Error
Rapid7, LLC Security Advisory Rapid7 Advisory R7-0021 Symantec Scan Engine Authentication Fundamental Design Error Published: April 21, 2006 Revision: 1.0 http://www.rapid7.com/advisories/R7-0021.html CVE: CVE-2006-0230 1. Affected systems: KNOWN VULNERABLE: o Symantec Scan Engine v5.0.0.24 KNOWN...
Multiple Symantec Scan Engine network content filtering server security vulnerabilities
Administrative interface passwords are checked on client side, fixed encryption key is used, critical information leak...
Rapid7 Advisory R7-0022: Symantec Scan Engine Known Immutable DSA Private Key
Rapid7, LLC Security Advisory Rapid7 Advisory R7-0022 Symantec Scan Engine Known Immutable DSA Private Key Published: April 21, 2006 Revision: 1.0 http://www.rapid7.com/advisories/R7-0022.html CVE: CVE-2006-0231 1. Affected systems: KNOWN VULNERABLE: o Symantec Scan Engine v5.0.0.24 KNOWN FIXED: ...
Rapid7 Advisory R7-0023: Symantec Scan Engine File Disclosure Vulnerability
Rapid7, LLC Security Advisory Rapid7 Advisory R7-0023 Symantec Scan Engine File Disclosure Vulnerability Published: April 21, 2006 Revision: 1.0 http://www.rapid7.com/advisories/R7-0023.html CVE: CVE-2006-0232 1. Affected systems: KNOWN VULNERABLE: o Symantec Scan Engine v5.0.0.24 KNOWN FIXED: o...
[Symantec Security Advisor] Symantec Scan Engine Multiple Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Title: Symantec Scan Engine Multiple Vulnerabilities Threat: Moderate Impact: Unauthorized access Product: Symantec Scan Engine Situation Overview: Three vulnerabilities have been discovered in the Symantec Scan Engine. Symantec Scan Engine is a...
Symantec Scan Engine Multiple Vulnerabilities
SUMMARY Three vulnerabilities have been discovered in the Symantec Scan Engine. Symantec Scan Engine is a TCP/IP server and programming interface that enables third parties to incorporate support for Symantec content scanning technologies into their proprietary applications. This gateway-level...
Symantec Scan Engine 5.0.x - Change Admin Password
Symantec Scan Engine 5.0.x - Change Admin Password !/usr/bin/perl -w Remotely change the administrator password or password hash of Symantec Scan Engine. Author: Marc Bevand of Rapid7 Copyright 2006 Rapid7, LLC. All rights reserved. Redistribution and use in source and binary forms, with or witho...
Symantec Scan Engine 5.0.x.x Change Admin Password Remote Exploit
Exploit for cgi platform in category remote exploits ================================================================= Symantec Scan Engine 5.0.x.x Change Admin Password Remote Exploit ================================================================= !/usr/bin/perl -w Remotely change the...
Symantec Scan Engine 5.0.x - Change Admin Password
!/usr/bin/perl -w Remotely change the administrator password or password hash of Symantec Scan Engine. Author: Marc Bevand of Rapid7 Copyright 2006 Rapid7, LLC. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the...
Symantec Scan Engine 5.0.x.x Change Admin Password Remote Exploit
No description provided by source. !/usr/bin/perl -w Remotely change the administrator password or password hash of Symantec Scan Engine. Author: Marc Bevand of Rapid7 marcbevandatrapid7.com Copyright 2006 Rapid7, LLC. All rights reserved. Redistribution and use in source and binary forms, with o...
Symantec AntiVirus Decomposition Buffer Overflow
SUMMARY Symantec is aware of a buffer overflow in its AntiVirus component used to decompose RAR Roshal Archive. A specially crafted RAR file could potentially cause this buffer overflow to occur and possibly execute hostile content from the RAR file on the targeted system. Risk Impact High Remote...