CVE-2017-6326

Public exploit
The Symantec Messaging Gateway can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machine or in a target process.
Max CVSS
10.0
EPSS Score
34.04%
Published
2017-06-26
Updated
2019-10-03

CVE-2016-2203

Public exploit
The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to discover an encrypted AD password by leveraging certain read privileges.
Max CVSS
7.8
EPSS Score
0.10%
Published
2016-04-22
Updated
2019-06-25

CVE-2015-1489

Public exploit
The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to gain privileges via unspecified vectors.
Max CVSS
8.5
EPSS Score
40.57%
Published
2015-08-01
Updated
2017-09-21

CVE-2015-1487

Public exploit
The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to write to arbitrary files, and consequently obtain administrator privileges, via a crafted filename.
Max CVSS
5.5
EPSS Score
72.55%
Published
2015-08-01
Updated
2017-09-21

CVE-2015-1486

Public exploit
The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote attackers to bypass authentication via a crafted password-reset action that triggers a new administrative session.
Max CVSS
7.5
EPSS Score
61.62%
Published
2015-08-01
Updated
2017-09-21

CVE-2014-7285

Public exploit
The management console on the Symantec Web Gateway (SWG) appliance before 5.2.2 allows remote authenticated users to execute arbitrary OS commands by injecting command strings into unspecified PHP scripts.
Max CVSS
6.5
EPSS Score
45.07%
Published
2014-12-17
Updated
2017-01-03

CVE-2014-1649

Public exploit
The server in Symantec Workspace Streaming (SWS) before 7.5.0.749 allows remote attackers to access files and functionality by sending a crafted XMLRPC request over HTTPS.
Max CVSS
7.9
EPSS Score
97.49%
Published
2014-05-16
Updated
2014-07-24

CVE-2013-5015

Public exploit
SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 11.0 before 11.0.7405.1424 and 12.1 before 12.1.4023.4080, and Symantec Protection Center Small Business Edition 12.x before 12.1.4023.4080, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
Max CVSS
6.5
EPSS Score
0.57%
Published
2014-02-14
Updated
2015-07-30

CVE-2013-5014

Public exploit
The management console in Symantec Endpoint Protection Manager (SEPM) 11.0 before 11.0.7405.1424 and 12.1 before 12.1.4023.4080, and Symantec Protection Center Small Business Edition 12.x before 12.1.4023.4080, allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Max CVSS
7.5
EPSS Score
83.18%
Published
2014-02-14
Updated
2014-03-26

CVE-2012-4347

Public exploit
Multiple directory traversal vulnerabilities in the management console in Symantec Messaging Gateway (SMG) 9.5.x allow remote authenticated users to read arbitrary files via a .. (dot dot) in the (1) logFile parameter in a logs action to brightmail/export or (2) localBackupFileSelection parameter in an APPLIANCE restoreSource action to brightmail/admin/restore/download.do.
Max CVSS
5.0
EPSS Score
90.96%
Published
2012-12-05
Updated
2013-10-11

CVE-2012-3579

Public exploit
Symantec Messaging Gateway (SMG) before 10.0 has a default password for an unspecified account, which makes it easier for remote attackers to obtain privileged access via an SSH session.
Max CVSS
7.9
EPSS Score
10.80%
Published
2012-08-29
Updated
2017-08-29

CVE-2012-2953

Public exploit
The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary commands via crafted input to application scripts.
Max CVSS
10.0
EPSS Score
96.27%
Published
2012-07-23
Updated
2017-12-22

CVE-2012-0299

Public exploit
The file-management scripts in the management GUI in Symantec Web Gateway 5.0.x before 5.0.3 allow remote attackers to upload arbitrary code to a designated pathname, and possibly execute this code, via unspecified vectors.
Max CVSS
10.0
EPSS Score
96.99%
Published
2012-05-21
Updated
2017-12-05

CVE-2012-0297

Public exploit
The management GUI in Symantec Web Gateway 5.0.x before 5.0.3 does not properly restrict access to application scripts, which allows remote attackers to execute arbitrary code by (1) injecting crafted data or (2) including crafted data.
Max CVSS
10.0
EPSS Score
97.42%
Published
2012-05-21
Updated
2017-12-05

CVE-2010-0111

Public exploit
HDNLRSVC.EXE in the Intel Alert Handler service (aka Symantec Intel Handler service) in Intel Alert Management System (aka AMS or AMS2), as used in Symantec AntiVirus Corporate Edition (SAVCE) 10.x before 10.1 MR10, Symantec System Center (SSC) 10.x, and Symantec Quarantine Server 3.5 and 3.6, allows remote attackers to execute arbitrary programs by sending msgsys.exe a UNC share pathname, which is used directly in a CreateProcessA (aka CreateProcess) call.
Max CVSS
9.3
EPSS Score
25.83%
Published
2011-01-31
Updated
2017-08-17

CVE-2009-3033

Public exploit
Buffer overflow in the RunCmd method in the Altiris eXpress NS Console Utilities ActiveX control in AeXNSConsoleUtilities.dll in the web console in Symantec Altiris Deployment Solution 6.9.x, Altiris Notification Server 6.0.x, and Management Platform 7.0.x allows remote attackers to execute arbitrary code via a long string in the second argument.
Max CVSS
9.3
EPSS Score
96.28%
Published
2009-11-25
Updated
2017-08-17

CVE-2009-3031

Public exploit
Stack-based buffer overflow in the BrowseAndSaveFile method in the Altiris eXpress NS ConsoleUtilities ActiveX control 6.0.0.1846 in AeXNSConsoleUtilities.dll in Symantec Altiris Notification Server (NS) 6.0 before R12, Deployment Server 6.8 and 6.9 in Symantec Altiris Deployment Solution 6.9 SP3, and Symantec Management Platform (SMP) 7.0 before SP3 allows remote attackers to execute arbitrary code via a long string in the second argument.
Max CVSS
9.3
EPSS Score
95.42%
Published
2009-11-03
Updated
2018-10-10

CVE-2009-3028

Public exploit
The Altiris eXpress NS SC Download ActiveX control in AeXNSPkgDLLib.dll, as used in Symantec Altiris Deployment Solution 6.9.x, Notification Server 6.0.x, and Symantec Management Platform 7.0.x exposes an unsafe method, which allows remote attackers to force the download of arbitrary files and possibly execute arbitrary code via the DownloadAndInstall method.
Max CVSS
6.8
EPSS Score
72.80%
Published
2011-03-07
Updated
2013-02-07

CVE-2009-1430

Public exploit
Multiple stack-based buffer overflows in IAO.EXE in the Intel Alert Originator Service in Symantec Alert Management System 2 (AMS2), as used in Symantec System Center (SSS); Symantec AntiVirus Server; Symantec AntiVirus Central Quarantine Server; Symantec AntiVirus (SAV) Corporate Edition 9 before 9.0 MR7, 10.0 and 10.1 before 10.1 MR8, and 10.2 before 10.2 MR2; Symantec Client Security (SCS) 2 before 2.0 MR7 and 3 before 3.1 MR8; and Symantec Endpoint Protection (SEP) before 11.0 MR3, allow remote attackers to execute arbitrary code via (1) a crafted packet or (2) data that ostensibly arrives from the MsgSys.exe process.
Max CVSS
9.3
EPSS Score
97.21%
Published
2009-04-29
Updated
2018-10-10

CVE-2009-1429

Public exploit
The Intel LANDesk Common Base Agent (CBA) in Symantec Alert Management System 2 (AMS2), as used in Symantec System Center (SSS); Symantec AntiVirus Server; Symantec AntiVirus Central Quarantine Server; Symantec AntiVirus (SAV) Corporate Edition 9 before 9.0 MR7, 10.0 and 10.1 before 10.1 MR8, and 10.2 before 10.2 MR2; Symantec Client Security (SCS) 2 before 2.0 MR7 and 3 before 3.1 MR8; and Symantec Endpoint Protection (SEP) before 11.0 MR3, allows remote attackers to execute arbitrary commands via a crafted packet whose contents are interpreted as a command to be launched in a new process by the CreateProcessA function.
Max CVSS
10.0
EPSS Score
97.03%
Published
2009-04-29
Updated
2017-08-17

CVE-2008-4388

Public exploit
The LaunchObj ActiveX control before 5.2.2.865 in launcher.dll in Symantec AppStream Client 5.2.x before 5.2.2 SP3 MP1 does not properly validate downloaded files, which allows remote attackers to execute arbitrary code via the installAppMgr method and unspecified other methods.
Max CVSS
9.3
EPSS Score
91.58%
Published
2009-01-20
Updated
2009-05-18

CVE-2008-2286

Public exploit
SQL injection vulnerability in axengine.exe in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 allows remote attackers to execute arbitrary SQL commands via unspecified string fields in a notification packet.
Max CVSS
7.5
EPSS Score
30.19%
Published
2008-05-18
Updated
2018-10-11

CVE-2007-6016

Public exploit
Multiple stack-based buffer overflows in the PVATLCalendar.PVCalendar.1 ActiveX control in pvcalendar.ocx in the scheduler component in the Media Server in Symantec Backup Exec for Windows Server (BEWS) 11d 11.0.6235 and 11.0.7170, and 12.0 12.0.1364, allow remote attackers to execute arbitrary code via a long (1) _DOWText0, (2) _DOWText1, (3) _DOWText2, (4) _DOWText3, (5) _DOWText4, (6) _DOWText5, (7) _DOWText6, (8) _MonthText0, (9) _MonthText1, (10) _MonthText2, (11) _MonthText3, (12) _MonthText4, (13) _MonthText5, (14) _MonthText6, (15) _MonthText7, (16) _MonthText8, (17) _MonthText9, (18) _MonthText10, or (19) _MonthText11 property value when executing the Save method. NOTE: the vendor states "Authenticated user involvement required," but authentication is not needed to attack a client machine that loads this control.
Max CVSS
9.3
EPSS Score
96.08%
Published
2008-02-29
Updated
2017-09-29

CVE-2007-1689

Public exploit
Buffer overflow in the ISAlertDataCOM ActiveX control in ISLALERT.DLL for Norton Personal Firewall 2004 and Internet Security 2004 allows remote attackers to execute arbitrary code via long arguments to the (1) Get and (2) Set functions.
Max CVSS
10.0
EPSS Score
95.59%
Published
2007-05-16
Updated
2018-10-16

CVE-2006-2630

Public exploit
Stack-based buffer overflow in Symantec Antivirus 10.1 and Client Security 3.1 allows remote attackers to execute arbitrary code via unknown attack vectors.
Max CVSS
10.0
EPSS Score
97.18%
Published
2006-05-27
Updated
2018-10-18
571 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!