CVE-2015-8157

CVE-2015-8157 is a SQL injection in the Management Server of Symantec SES:CSP and related products. The issue allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Affected products/versions include SES:CSP 1.0.x before 1.0 MP5, SES:CSP for Controllers and D...

CVE-2015-8798

CVE-2015-8798 describes a directory traversal vulnerability in the Management Server of Symantec’s SES:CSP/SDCS:SA family. Affected products include SES:CSP 1.0.x (before 1.0 MP5), SES:CSP for Controllers and Devices 6.5.0 (before MP1), SCSP 5.2.9 (before MP6), DCS:SA 6.x (before 6.5 MP1) and 6.6...

Symantec Data Center Security - Multiple Vulnerabilities

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple critical vulnerabilities products: Symantec Data Center Security: Server Advanced SDCS:SA Symantec Critical System Protection SCSP vulnerable version: see:...

Symantec Data Center Security - Multiple Vulnerabilities

Symantec Data Center Security - Multiple Vulnerabilities SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple critical vulnerabilities products: Symantec Data Center Security: Server Advanced SDCS:SA Symantec...

Symantec Data Center Security: Server Advanced (SDCS:SA) & SCSP security vulnerabilities

SQL injections, crossite scripting, information disclosure, protection bypass...

SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) & SCSP

SEC Consult Vulnerability Lab Security Advisory 20150122-0 ======================================================================= title: Multiple critical vulnerabilities products: Symantec Data Center Security: Server Advanced SDCS:SA Symantec Critical System Protection SCSP vulnerable version:...

Symantec SDCS:SA / SCSP XSS / Bypass / SQL Injection / Disclosure

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple critical vulnerabilities products: Symantec Data Center Security: Server Advanced SDCS:SA Symantec Critical System Protection SCSP vulnerable version: see:...

CVE-2014-9226

The management server in Symantec Critical System Protection SCSP 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced SDCS:SA 6.0.x through 6.0 MP1 allows local users to bypass intended Protection Policies via unspecified vectors...

Code injection

The ajaxswing webui in the management server in Symantec Critical System Protection SCSP 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced SDCS:SA 6.0.x through 6.0 MP1 allows remote authenticated users to obtain sensitive server information via unspecified vectors...

CVE-2014-7289

CVE-2014-7289 is a SQL injection vulnerability in the management server of Symantec Data Center Security: Server Advanced (SDCS:SA) and Symantec Critical System Protection (SCSP). Affected versions include SCSP 5.2.9 before MP6 and SDCS:SA 6.0.x before 6.0 MP1, with exploitation via the /sis-ui/a...

CVE-2014-9225

The ajaxswing webui in the management server in Symantec Critical System Protection SCSP 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced SDCS:SA 6.0.x through 6.0 MP1 allows remote authenticated users to obtain sensitive server information via unspecified vectors...

CVE-2014-3440

CVE-2014-3440 affects Symantec Critical System Protection (SCSP) 5.2.9.x before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1. The issue is an remote code execution vulnerability due to improper sanitization of user-uploaded log files in the Management Serv...

CVE-2014-9226

CVE-2014-9226 affects Symantec Data Center Security: Server Advanced (SDCS:SA) version 6.0 MP1 and Symantec Critical System Protection (SCSP) 5.2.9 MP6. The SEC Consult advisory documents multiple default Protection Policy bypasses in the SDCS:SA Client and related components that allow an unauth...

CVE-2014-9224

CVE-2014-9224 is a cross-site scripting vulnerability in the ajaxswing webui of the Symantec Critical System Protection (SCSP) Management Console and Symantec Data Center Security: Server Advanced (SDCS:SA). It allows remote authenticated users to inject arbitrary web script or HTML, via unspecif...

CVE-2014-3440

The Agent Control Interface in the management server in Symantec Critical System Protection SCSP 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced SDCS:SA 6.0.x before 6.0 MP1 allows remote authenticated users to execute arbitrary commands by leveraging client-system access to...

CVE-2014-7289

SQL injection vulnerability in the management server in Symantec Critical System Protection SCSP 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced SDCS:SA 6.0.x before 6.0 MP1 allows remote authenticated users to execute arbitrary SQL commands via a crafted HTTP request...

CVE-2014-9225

The CVE-2014-9225 issue affects the ajaxswing webui in the Symantec Critical System Protection (SCSP) management server and the Symantec Data Center Security: Server Advanced (SDCS:SA) server. Affected versions are SCSP 5.2.9 through MP6 and SDCS:SA 6.0.x through 6.0 MP1. The vulnerability enable...

Symantec Data Center Security: Server Advanced, Multiple Security Issues on Management Server and Pr

SUMMARY The management server for Symantec Critical System Protection SCSP 5.2.9 and Data Center Security: Server Advanced SDCS:SA 6.0.x is susceptible to security issues which could enable privileged access to the management server. Rules in the prevention policies could be bypassed if deployed ...

CVE-2013-5016

Symantec Critical System Protection SCSP before 5.2.9, when installed on an unpatched Windows Server 2003 R2 platform, allows remote attackers to bypass policy settings via unspecified vectors...

CVE-2013-5016

Symantec Critical System Protection (SCSP) for Windows is affected by CVE-2013-5016 when installed on unpatched Windows Server 2003 R2 and running SCSP version prior to 5.2.9. Remote attackers could bypass default policy settings via unspecified vectors, as discussed in the SYM14-008 advisory and...