Lucene search
K

149 matches found

NVD
NVD
added 2006/04/25 1:2 a.m.25 views

CVE-2006-0231

Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, uses the same private DSA key for each installation, which allows remote attackers to conduct man-in-the-middle attacks and decrypt communications...

6.4CVSS6.7AI score0.01936EPSS
Exploits0References9
NVD
NVD
added 2006/04/25 1:2 a.m.23 views

CVE-2006-0230

Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, uses a client-side check to verify a password, which allows remote attackers to gain administrator privileges via a modified client that sends certain XML requests...

10CVSS6.9AI score0.16109EPSS
Exploits1References9
Cvelist
Cvelist
added 2006/04/25 1:0 a.m.27 views

CVE-2006-0231

Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, uses the same private DSA key for each installation, which allows remote attackers to conduct man-in-the-middle attacks and decrypt communications...

6.7AI score0.01936EPSS
Exploits0References9
Cvelist
Cvelist
added 2006/04/25 1:0 a.m.22 views

CVE-2006-0230

Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, uses a client-side check to verify a password, which allows remote attackers to gain administrator privileges via a modified client that sends certain XML requests...

6.9AI score0.16109EPSS
Exploits1References9
CVE
CVE
added 2006/04/25 1:0 a.m.55 views

CVE-2006-0230

Symantec Scan Engine 5.0.0.24 (and possibly earlier 5.0.x) is affected by an authentication design flaw that trusts the client-side applet to verify passwords. An unauthenticated remote attacker can gain administrative privileges by sending crafted XML requests to the server, effectively bypassin...

10CVSS6.9AI score0.16109EPSS
Exploits1References9Affected Software1
CVE
CVE
added 2006/04/25 1:0 a.m.61 views

CVE-2006-0231

Symantec Scan Engine 5.0.0.24 (and possibly earlier versions before 5.1.0.7) uses the same private DSA key for all installations, enabling remote attackers to perform man-in-the-middle attacks and decrypt communications. Root cause: a single immutable DSA private key embedded in the SSL server ac...

6.4CVSS6.7AI score0.01936EPSS
Exploits0References9Affected Software1
CVE
CVE
added 2006/04/25 1:0 a.m.55 views

CVE-2006-0232

Symantec Scan Engine CVE-2006-0232 affects v5.0.0.24 (and possibly earlier) where sensitive files (logs, virus definitions) are stored under the web root with weak access control, enabling unauthenticated remote downloads via direct HTTP requests. Rapid7 advisory confirms the vulnerability allows...

5CVSS6.4AI score0.02402EPSS
Exploits1References11Affected Software1
Cvelist
Cvelist
added 2006/04/25 1:0 a.m.22 views

CVE-2006-0232

Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, stores sensitive log and virus definition files under the web root with insufficient access control, which allows remote attackers to obtain the information via direct requests...

6.4AI score0.02402EPSS
Exploits1References11
Tenable Nessus
Tenable Nessus
added 2006/04/24 12:0 a.m.37 views

Symantec AntiVirus Scan Engine Web Interface Multiple Remote Vulnerabilities

The remote host appears to be running Symantec Scan Engine. This version of Scan Engine is vulnerable to several flaws that could allow a remote attacker to take control of the scan engine. The following flaws are present: - Fixed HTTPS certificate key - Configuration file retrieval with...

10CVSS5.5AI score0.16109EPSS
Exploits2References3
securityvulns
securityvulns
added 2006/04/22 12:0 a.m.56 views

Rapid7 Advisory R7-0021: Symantec Scan Engine Authentication Fundamental Design Error

Rapid7, LLC Security Advisory Rapid7 Advisory R7-0021 Symantec Scan Engine Authentication Fundamental Design Error Published: April 21, 2006 Revision: 1.0 http://www.rapid7.com/advisories/R7-0021.html CVE: CVE-2006-0230 1. Affected systems: KNOWN VULNERABLE: o Symantec Scan Engine v5.0.0.24 KNOWN...

10CVSS0.1AI score0.16109EPSS
Exploits1
securityvulns
securityvulns
added 2006/04/22 12:0 a.m.41 views

Multiple Symantec Scan Engine network content filtering server security vulnerabilities

Administrative interface passwords are checked on client side, fixed encryption key is used, critical information leak...

1.7AI score
Exploits0References4Affected Software1
securityvulns
securityvulns
added 2006/04/22 12:0 a.m.38 views

Rapid7 Advisory R7-0022: Symantec Scan Engine Known Immutable DSA Private Key

Rapid7, LLC Security Advisory Rapid7 Advisory R7-0022 Symantec Scan Engine Known Immutable DSA Private Key Published: April 21, 2006 Revision: 1.0 http://www.rapid7.com/advisories/R7-0022.html CVE: CVE-2006-0231 1. Affected systems: KNOWN VULNERABLE: o Symantec Scan Engine v5.0.0.24 KNOWN FIXED: ...

6.4CVSS0.4AI score0.01936EPSS
Exploits0
securityvulns
securityvulns
added 2006/04/22 12:0 a.m.52 views

Rapid7 Advisory R7-0023: Symantec Scan Engine File Disclosure Vulnerability

Rapid7, LLC Security Advisory Rapid7 Advisory R7-0023 Symantec Scan Engine File Disclosure Vulnerability Published: April 21, 2006 Revision: 1.0 http://www.rapid7.com/advisories/R7-0023.html CVE: CVE-2006-0232 1. Affected systems: KNOWN VULNERABLE: o Symantec Scan Engine v5.0.0.24 KNOWN FIXED: o...

5CVSS6.7AI score0.02402EPSS
Exploits1
securityvulns
securityvulns
added 2006/04/22 12:0 a.m.38 views

[Symantec Security Advisor] Symantec Scan Engine Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Title: Symantec Scan Engine Multiple Vulnerabilities Threat: Moderate Impact: Unauthorized access Product: Symantec Scan Engine Situation Overview: Three vulnerabilities have been discovered in the Symantec Scan Engine. Symantec Scan Engine is a...

0.4AI score
Exploits0
Symantec
Symantec
added 2006/04/21 8:0 a.m.19 views

Symantec Scan Engine Multiple Vulnerabilities

SUMMARY Three vulnerabilities have been discovered in the Symantec Scan Engine. Symantec Scan Engine is a TCP/IP server and programming interface that enables third parties to incorporate support for Symantec content scanning technologies into their proprietary applications. This gateway-level...

0.2AI score
Exploits0Affected Software1
exploitpack
exploitpack
added 2006/04/21 12:0 a.m.20 views

Symantec Scan Engine 5.0.x - Change Admin Password

Symantec Scan Engine 5.0.x - Change Admin Password !/usr/bin/perl -w Remotely change the administrator password or password hash of Symantec Scan Engine. Author: Marc Bevand of Rapid7 Copyright 2006 Rapid7, LLC. All rights reserved. Redistribution and use in source and binary forms, with or witho...

0.3AI score
Exploits0
0day.today
0day.today
added 2006/04/21 12:0 a.m.16 views

Symantec Scan Engine 5.0.x.x Change Admin Password Remote Exploit

Exploit for cgi platform in category remote exploits ================================================================= Symantec Scan Engine 5.0.x.x Change Admin Password Remote Exploit ================================================================= !/usr/bin/perl -w Remotely change the...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2006/04/21 12:0 a.m.43 views

Symantec Scan Engine 5.0.x - Change Admin Password

!/usr/bin/perl -w Remotely change the administrator password or password hash of Symantec Scan Engine. Author: Marc Bevand of Rapid7 Copyright 2006 Rapid7, LLC. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2006/04/21 12:0 a.m.54 views

Symantec Scan Engine 5.0.x.x Change Admin Password Remote Exploit

No description provided by source. !/usr/bin/perl -w Remotely change the administrator password or password hash of Symantec Scan Engine. Author: Marc Bevand of Rapid7 marcbevandatrapid7.com Copyright 2006 Rapid7, LLC. All rights reserved. Redistribution and use in source and binary forms, with o...

7.1AI score
Exploits0
Symantec
Symantec
added 2005/12/21 8:0 a.m.24 views

Symantec AntiVirus Decomposition Buffer Overflow

SUMMARY Symantec is aware of a buffer overflow in its AntiVirus component used to decompose RAR Roshal Archive. A specially crafted RAR file could potentially cause this buffer overflow to occur and possibly execute hostile content from the RAR file on the targeted system. Risk Impact High Remote...

7.5CVSS7.2AI score0.06265EPSS
Exploits0Affected Software2
Rows per page
Query Builder