51 matches found
EUVD-2001-0541
Malware in sbrugna...
EUVD-2003-0984
Malware in sbrugna...
EUVD-2014-1719
Malware in sbrugna...
EUVD-2001-1107
Malware in sbrugna...
EUVD-2012-0340
Malware in sbrugna...
EUVD-2006-1836
Malware in sbrugna...
EUVD-2011-0563
Malware in sbrugna...
EUVD-2014-1718
Malware in sbrugna...
EUVD-2002-0341
Malware in sbrugna...
Symantec LiveUpdate Administrator Management GUI HTML Injection
No description provided by source. Source: http://www.securityfocus.com/bid/46856/info Symantec LiveUpdate Administrator is prone to an HTML-injection vulnerability. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected application, potentiall...
Symantec LiveUpdate Administrator Version Detection
Detects the installed version of Symantec LiveUpdate Administrator. This script sends an HTTP GET request and tries to get the version from the response. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...
SEC Consult SA-20140328-0 :: Multiple vulnerabilities in Symantec LiveUpdate Administrator
SEC Consult Vulnerability Lab Security Advisory 20140328-0 ======================================================================= title: Multiple critical vulnerabilities product: Symantec LiveUpdate Administrator vulnerable version: = 2.3.2.99 fixed version: 2.3.2.110 impact: critical CVE numbe...
Symantec LiveUpdate Administrator < 2.3.2.110 Multiple Vulnerabilities (SYM14-005)
The version of Symantec LiveUpdate Administrator 2.x hosted on the remote web server is prior to 2.3.2.110 2.3.2.1. It is, therefore, affected by the following vulnerabilities : - A flaw exists with the forgotten password functionality where the password for an authorized user account can be...
CVE-2014-1644
The forgotten-password feature in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator LUA 2.x before 2.3.2.110 allows remote attackers to reset arbitrary passwords by providing the e-mail address associated with a user account...
CVE-2014-1645
SQL injection vulnerability in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator LUA 2.x before 2.3.2.110 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
Sql injection
SQL injection vulnerability in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator LUA 2.x before 2.3.2.110 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2014-1645
SQL injection vulnerability in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator LUA 2.x before 2.3.2.110 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
Symantec LiveUpdate Administrator < 2.3.2 Privilege Escalation (SYM12-009)
The version of LiveUpdate Administrator running on the remote host is earlier than 2.3.2. Such versions have a privilege escalation vulnerability due to insecure file permissions set by a default installation. The webapps directory allows write access to the Everyone group. A local, unprivileged...
Information disclosure
Symantec LiveUpdate Administrator before 2.3.1 uses weak permissions Everyone: Full Control for the installation directory, which allows local users to gain privileges via a Trojan horse file...
Symantec LiveUpdate Administrator 2.3 Insecure File Permissions
SUMMARY Symantec LiveUpdate Administrator 2.3 and prior install some files with insecure file permissions during a default installation. These files allow full control permission to everyone which could result in arbitrary command execution with elevated privileges on the system. AFFECTED PRODUCT...