Lucene search
+L

20 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2012-0340

Malware in sbrugna...

6.9CVSS6.3AI score0.00347EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2014-1719

Malware in sbrugna...

7.5CVSS6.2AI score0.01412EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2014-1718

Malware in sbrugna...

7.5CVSS6.1AI score0.02639EPSS
Exploits1References5
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.22 views

Symantec LiveUpdate Administrator Management GUI HTML Injection

No description provided by source. Source: http://www.securityfocus.com/bid/46856/info Symantec LiveUpdate Administrator is prone to an HTML-injection vulnerability. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected application, potentiall...

7.1AI score
Exploits0
OpenVAS
OpenVAS
added 2014/04/03 12:0 a.m.12 views

Symantec LiveUpdate Administrator Version Detection

Detects the installed version of Symantec LiveUpdate Administrator. This script sends an HTTP GET request and tries to get the version from the response. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

7AI score
Exploits0
securityvulns
securityvulns
added 2014/03/31 12:0 a.m.82 views

SEC Consult SA-20140328-0 :: Multiple vulnerabilities in Symantec LiveUpdate Administrator

SEC Consult Vulnerability Lab Security Advisory 20140328-0 ======================================================================= title: Multiple critical vulnerabilities product: Symantec LiveUpdate Administrator vulnerable version: = 2.3.2.99 fixed version: 2.3.2.110 impact: critical CVE numbe...

7.5CVSS0.5AI score0.02639EPSS
Exploits2
NVD
NVD
added 2014/03/29 1:55 a.m.20 views

CVE-2014-1644

The forgotten-password feature in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator LUA 2.x before 2.3.2.110 allows remote attackers to reset arbitrary passwords by providing the e-mail address associated with a user account...

7.5CVSS6.6AI score0.02639EPSS
Exploits1References4
NVD
NVD
added 2014/03/29 1:55 a.m.21 views

CVE-2014-1645

SQL injection vulnerability in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator LUA 2.x before 2.3.2.110 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

7.5CVSS8.2AI score0.01412EPSS
Exploits1References4
Prion
Prion
added 2014/03/29 1:55 a.m.30 views

Sql injection

SQL injection vulnerability in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator LUA 2.x before 2.3.2.110 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

7.5CVSS8.9AI score0.01412EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2014/03/29 1:0 a.m.25 views

CVE-2014-1645

SQL injection vulnerability in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator LUA 2.x before 2.3.2.110 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

8.2AI score0.01412EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2012/06/28 12:0 a.m.37 views

Symantec LiveUpdate Administrator < 2.3.2 Privilege Escalation (SYM12-009)

The version of LiveUpdate Administrator running on the remote host is earlier than 2.3.2. Such versions have a privilege escalation vulnerability due to insecure file permissions set by a default installation. The webapps directory allows write access to the Everyone group. A local, unprivileged...

6.9CVSS5.6AI score0.00347EPSS
Exploits1References4
Symantec
Symantec
added 2012/06/15 8:0 a.m.34 views

Symantec LiveUpdate Administrator 2.3 Insecure File Permissions

SUMMARY Symantec LiveUpdate Administrator 2.3 and prior install some files with insecure file permissions during a default installation. These files allow full control permission to everyone which could result in arbitrary command execution with elevated privileges on the system. AFFECTED PRODUCT...

6.9CVSS0.2AI score0.00347EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2012/05/18 12:0 a.m.20 views

Symantec LiveUpdate Administrator Insecure Permissions Local Privilege Escalation (credentialed check)

The version of Symantec LiveUpdate Administrator LUA installed on the remote host has a privilege escalation vulnerability. The installation directory allows write access to the Everyone group. This directory contains batch files that are periodically executed as SYSTEM. A local, unprivileged...

6.9CVSS5.6AI score0.00347EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2011/03/29 12:0 a.m.37 views

Symantec LiveUpdate Administrator Web Detection

Symantec LiveUpdate Administrator LUA was detected on the remote host. LUA provides centralized management for multiple internal LiveUpdate servers. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid53208; scriptversion"1.7"; scriptcvsdate"Date: 2019/11/22";...

5.4AI score
Exploits0References1
Prion
Prion
added 2011/03/28 6:55 p.m.20 views

Cross site scripting

Cross-site scripting XSS vulnerability in the management login GUI page in Symantec LiveUpdate Administrator LUA before 2.3 allows remote attackers to inject arbitrary web script or HTML via the username field, as demonstrated by injecting an IFRAME element into the event log, a different...

4.3CVSS6AI score0.0421EPSS
Exploits4References9Affected Software1
NVD
NVD
added 2011/03/28 6:55 p.m.20 views

CVE-2011-1524

Cross-site scripting XSS vulnerability in the management login GUI page in Symantec LiveUpdate Administrator LUA before 2.3 allows remote attackers to inject arbitrary web script or HTML via the username field, as demonstrated by injecting an IFRAME element into the event log, a different...

4.3CVSS5.5AI score0.0421EPSS
Exploits1References9
CVE
CVE
added 2011/03/28 6:0 p.m.54 views

CVE-2011-1524

CVE-2011-1524 is an XSS vulnerability in the Symantec LiveUpdate Administrator (LUA) management login GUI prior to version 2.3. The issue allows remote attackers to inject arbitrary script via the username field, demonstrated by inserting an IFRAME into the event log. Affected component is the LU...

4.3CVSS5.6AI score0.0421EPSS
Exploits1References9Affected Software1
Prion
Prion
added 2011/03/28 4:55 p.m.17 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in adduser.do in Symantec LiveUpdate Administrator LUA before 2.3 allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts, and possibly have unspecified other impact, via the userRole...

6.8CVSS7.7AI score0.02937EPSS
Exploits3References10Affected Software1
CVE
CVE
added 2011/03/28 4:0 p.m.58 views

CVE-2011-0545

CVE-2011-0545 describes a cross-site request forgery in Symantec LiveUpdate Administrator (LUA) prior to version 2.3. The vulnerability occurs in the adduser.do endpoint via the userRole parameter, allowing a remote attacker to hijack administrator authentication to create new administrative acco...

6.8CVSS7.6AI score0.02937EPSS
Exploits3References10Affected Software1
Packet Storm
Packet Storm
added 2011/03/22 12:0 a.m.65 views

Symantec LiveUpdate Administrator Cross Site Request Forgery

NSOADV-2011-001: Symantec LiveUpdate Administrator CSRF vulnerability 111101111 11111 00110 00110001111 111111 01 01 1 11111011111111 11111 0 11 01 0 11 1 1 111011001 11111111101 1 11 0110111 1 1111101111 1001 0 1 10 11 0 10 11 1111111 1 111 111001 111111111 0 10 1111 0 11 11 111111111 1 1101 10...

6.8CVSS6.5AI score0.02937EPSS
Exploits3
Rows per page
Query Builder