Symantec : Security Vulnerabilities, CVEs, Published In October 2005
The installation of ON Symantec Discovery 4.5.x and Symantec Discovery 6.0 creates the (1) DiscoveryWeb and (2) DiscoveryRO database accounts with null passwords, which could allow attackers to gain privileges or prevent Discovery from running by setting another password.
Max CVSS
7.5
EPSS Score
0.20%
Published
2005-10-27
Updated
2013-07-07
Untrusted search path vulnerability in DiskMountNotify for Symantec Norton AntiVirus 9.0.3 allows local users to gain privileges by modifying the PATH to reference a malicious (1) ps or (2) grep file.
Max CVSS
7.2
EPSS Score
0.04%
Published
2005-10-21
Updated
2008-09-05
Multiple interpretation error in unspecified versions of Symantec Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.
Max CVSS
5.1
EPSS Score
0.16%
Published
2005-10-14
Updated
2016-10-18
** SPLIT ** The jlucaller program in LiveUpdate for Symantec Norton AntiVirus 9.0.3 on Macintosh runs setuid when executing Java programs, which allows local users to gain privileges. NOTE: due to a CNA error, this candidate was also originally assigned to an issue in DiskMountNotify. Use CVE-2005-3270 for the DiskMountNotify issue, and CVE-2005-2759 for the LiveUpdate issue.
Max CVSS
7.2
EPSS Score
N/A
Published
2005-10-20
Updated
2011-03-08
Integer signedness error in the administrative interface for Symantec AntiVirus Scan Engine 4.0 and 4.3 allows remote attackers to execute arbitrary code via crafted HTTP headers with negative values, which lead to a heap-based buffer overflow.
Max CVSS
10.0
EPSS Score
1.95%
Published
2005-10-05
Updated
2017-07-11
5 vulnerabilities found