6 matches found
CVE-2011-0554
Symantec IM Manager (web console) is affected by CVE-2011-0554. The vulnerability exists in the management console/web interface and stems from improper validation of HTTP parameters (rdProcess), allowing remote attackers to execute arbitrary code. Exploitation can occur via crafted requests sent...
CVE-2009-3036
Summary of CVE-2009-3036: Symantec IM Manager Console is affected by a cross-site scripting (XSS) vulnerability in the management console. The issue allows an attacker to inject arbitrary HTML/script into a user’s browser when authenticated to the console, due to improper input handling. Affected...
CVE-2010-0112
CVE-2010-0112 — Symantec IM Manager before version 8.4.16 is affected by multiple SQL injection vulnerabilities in the Administrative Interface (IIS extension). The issues allow remote attackers to inject SQL via numerous parameters (e.g., rdReport, DetailReportGroup, SummaryReportGroup, LoggedIn...
CVE-2011-0552
CVE-2011-0552 affects Symantec IM Manager
CVE-2011-0553
The CVE-2011-0553 entry concerns Symantec IM Manager: an SQL injection in the management console (IMAdminLDAPConfig.asp) due to insufficient input validation. A remote attacker could exploit the flaw to execute arbitrary SQL on the underlying database (some sources note authentication is required...
CVE-2010-3719
Summary: CVE-2010-3719 affects Symantec IM Manager. The vulnerability resides in the admin interface’s ScheduleTask function (IMAdminSchedTask.asp) and involves improper sanitization of POST input passed to an eval() call. Affected product is Symantec IM Manager up to version 8.4.16; exploitation...