Lucene search
K
SymantecLiveupdate Administrator

5 matches found

CVE
CVE
added 2012/06/22 10:0 a.m.70 views

CVE-2012-0304

The CVE-2012-0304 entry concerns Symantec LiveUpdate Administrator prior to 2.3.1. The installation directory was configured with weak permissions (Everyone: Full Control), enabling a local unprivileged user to replace or modify files that can be executed with SYSTEM privileges via a Trojan horse...

6.9CVSS6.6AI score0.00347EPSS
CVE
CVE
added 2014/03/29 1:0 a.m.60 views

CVE-2014-1644

CVE-2014-1644 affects Symantec LiveUpdate Administrator (LUA) 2.x pre-2.3.2.110. The root cause is a flawed forgotten-password flow in the management GUI (/lua/forcepasswd.do) that allows unauthenticated password resets when the attacker knows the target email address, enabling potential full acc...

7.5CVSS6.7AI score0.02639EPSS
Web
CVE
CVE
added 2011/03/28 4:0 p.m.58 views

CVE-2011-0545

CVE-2011-0545 describes a cross-site request forgery in Symantec LiveUpdate Administrator (LUA) prior to version 2.3. The vulnerability occurs in the adduser.do endpoint via the userRole parameter, allowing a remote attacker to hijack administrator authentication to create new administrative acco...

6.8CVSS7.6AI score0.02937EPSS
CVE
CVE
added 2011/03/28 6:0 p.m.54 views

CVE-2011-1524

CVE-2011-1524 is an XSS vulnerability in the Symantec LiveUpdate Administrator (LUA) management login GUI prior to version 2.3. The issue allows remote attackers to inject arbitrary script via the username field, demonstrated by inserting an IFRAME into the event log. Affected component is the LU...

4.3CVSS5.6AI score0.0421EPSS
CVE
CVE
added 2014/03/29 1:0 a.m.51 views

CVE-2014-1645

CVE-2014-1645 is an SQL injection flaw in Symantec LiveUpdate Administrator (LUA) 2.x up to version 2.3.2.110, affecting the management GUI via forcepasswd.do and related password-recovery paths. The vulnerability allows remote attackers to execute arbitrary SQL commands, potentially exfiltrating...

7.5CVSS8.4AI score0.01412EPSS