20 matches found
EUVD-2012-0340
Malware in sbrugna...
EUVD-2014-1719
Malware in sbrugna...
EUVD-2014-1718
Malware in sbrugna...
Symantec LiveUpdate Administrator Management GUI HTML Injection
No description provided by source. Source: http://www.securityfocus.com/bid/46856/info Symantec LiveUpdate Administrator is prone to an HTML-injection vulnerability. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected application, potentiall...
Symantec LiveUpdate Administrator Version Detection
Detects the installed version of Symantec LiveUpdate Administrator. This script sends an HTTP GET request and tries to get the version from the response. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...
SEC Consult SA-20140328-0 :: Multiple vulnerabilities in Symantec LiveUpdate Administrator
SEC Consult Vulnerability Lab Security Advisory 20140328-0 ======================================================================= title: Multiple critical vulnerabilities product: Symantec LiveUpdate Administrator vulnerable version: = 2.3.2.99 fixed version: 2.3.2.110 impact: critical CVE numbe...
CVE-2014-1644
The forgotten-password feature in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator LUA 2.x before 2.3.2.110 allows remote attackers to reset arbitrary passwords by providing the e-mail address associated with a user account...
CVE-2014-1645
SQL injection vulnerability in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator LUA 2.x before 2.3.2.110 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
Sql injection
SQL injection vulnerability in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator LUA 2.x before 2.3.2.110 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2014-1645
SQL injection vulnerability in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator LUA 2.x before 2.3.2.110 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
Symantec LiveUpdate Administrator < 2.3.2 Privilege Escalation (SYM12-009)
The version of LiveUpdate Administrator running on the remote host is earlier than 2.3.2. Such versions have a privilege escalation vulnerability due to insecure file permissions set by a default installation. The webapps directory allows write access to the Everyone group. A local, unprivileged...
Symantec LiveUpdate Administrator 2.3 Insecure File Permissions
SUMMARY Symantec LiveUpdate Administrator 2.3 and prior install some files with insecure file permissions during a default installation. These files allow full control permission to everyone which could result in arbitrary command execution with elevated privileges on the system. AFFECTED PRODUCT...
Symantec LiveUpdate Administrator Insecure Permissions Local Privilege Escalation (credentialed check)
The version of Symantec LiveUpdate Administrator LUA installed on the remote host has a privilege escalation vulnerability. The installation directory allows write access to the Everyone group. This directory contains batch files that are periodically executed as SYSTEM. A local, unprivileged...
Symantec LiveUpdate Administrator Web Detection
Symantec LiveUpdate Administrator LUA was detected on the remote host. LUA provides centralized management for multiple internal LiveUpdate servers. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid53208; scriptversion"1.7"; scriptcvsdate"Date: 2019/11/22";...
Cross site scripting
Cross-site scripting XSS vulnerability in the management login GUI page in Symantec LiveUpdate Administrator LUA before 2.3 allows remote attackers to inject arbitrary web script or HTML via the username field, as demonstrated by injecting an IFRAME element into the event log, a different...
CVE-2011-1524
Cross-site scripting XSS vulnerability in the management login GUI page in Symantec LiveUpdate Administrator LUA before 2.3 allows remote attackers to inject arbitrary web script or HTML via the username field, as demonstrated by injecting an IFRAME element into the event log, a different...
CVE-2011-1524
CVE-2011-1524 is an XSS vulnerability in the Symantec LiveUpdate Administrator (LUA) management login GUI prior to version 2.3. The issue allows remote attackers to inject arbitrary script via the username field, demonstrated by inserting an IFRAME into the event log. Affected component is the LU...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in adduser.do in Symantec LiveUpdate Administrator LUA before 2.3 allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts, and possibly have unspecified other impact, via the userRole...
CVE-2011-0545
CVE-2011-0545 describes a cross-site request forgery in Symantec LiveUpdate Administrator (LUA) prior to version 2.3. The vulnerability occurs in the adduser.do endpoint via the userRole parameter, allowing a remote attacker to hijack administrator authentication to create new administrative acco...
Symantec LiveUpdate Administrator Cross Site Request Forgery
NSOADV-2011-001: Symantec LiveUpdate Administrator CSRF vulnerability 111101111 11111 00110 00110001111 111111 01 01 1 11111011111111 11111 0 11 01 0 11 1 1 111011001 11111111101 1 11 0110111 1 1111101111 1001 0 1 10 11 0 10 11 1111111 1 111 111001 111111111 0 10 1111 0 11 11 111111111 1 1101 10...