CVE-2016-5305

Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 contains multiple DOM-based cross-site scripting vulnerabilities in SEPM management scripts. The issue is triggered by unsanitized input in the DOM link manipulation pathway, allowing remote authenticated users to inject arbitrary we...

CVE-2015-8152

CVE-2015-8152 affects Symantec Endpoint Protection Manager (SEPM) 12.1 up to RU6-MP4. The issue is a cross-site request forgery (CSRF) vulnerability in logging scripts that enables a remote authenticated attacker to hijack administrator authentication and execute arbitrary code through crafted lo...

CVE-2015-6555

Symantec Endpoint Protection Manager SEPM 12.1 before 12.1-RU6-MP3 allows remote attackers to execute arbitrary Java code by connecting to the console Java port...

Authentication flaw

The management console in Symantec Endpoint Protection Manager SEPM 12.1 before 12.1-RU6-MP1 allows remote attackers to bypass authentication via a crafted password-reset action that triggers a new administrative session...

Symantec Endpoint Protection Manager Remote Command Execution Exploit

Symantec Endpoint Protection Manager suffers from a remote command execution vulnerability. Versions 11.0, 12.0, and 12.1 are affected. import argparse import httplib """ Exploit Title: Symantec Endpoint Protection Manager Remote Command Execution Exploit Author: Chris Graham @cgrahamseven CVE:...

Symantec Endpoint Protection Manager Vulnerabilities

SUMMARY The management console for Symantec Endpoint Protection Manager does not properly handle external XML data, which could potentially allow unauthorized access to restricted server-side data and console management functionality. The management console for Symantec Endpoint Protection Manage...