CVE-2014-7285

Public exploit
The management console on the Symantec Web Gateway (SWG) appliance before 5.2.2 allows remote authenticated users to execute arbitrary OS commands by injecting command strings into unspecified PHP scripts.
Max CVSS
6.5
EPSS Score
45.07%
Published
2014-12-17
Updated
2017-01-03

CVE-2014-1649

Public exploit
The server in Symantec Workspace Streaming (SWS) before 7.5.0.749 allows remote attackers to access files and functionality by sending a crafted XMLRPC request over HTTPS.
Max CVSS
7.9
EPSS Score
97.49%
Published
2014-05-16
Updated
2014-07-24

CVE-2013-5015

Public exploit
SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 11.0 before 11.0.7405.1424 and 12.1 before 12.1.4023.4080, and Symantec Protection Center Small Business Edition 12.x before 12.1.4023.4080, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
Max CVSS
6.5
EPSS Score
0.57%
Published
2014-02-14
Updated
2015-07-30

CVE-2013-5014

Public exploit
The management console in Symantec Endpoint Protection Manager (SEPM) 11.0 before 11.0.7405.1424 and 12.1 before 12.1.4023.4080, and Symantec Protection Center Small Business Edition 12.x before 12.1.4023.4080, allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Max CVSS
7.5
EPSS Score
83.18%
Published
2014-02-14
Updated
2014-03-26
Buffer overflow in AClient in Symantec Deployment Solution 6.9 and earlier on Windows XP and Server 2003 allows local users to gain privileges via unspecified vectors.
Max CVSS
7.2
EPSS Score
0.06%
Published
2014-12-22
Updated
2019-02-26
ConsoleServlet in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 allows remote attackers to write to arbitrary files via unspecified vectors.
Max CVSS
6.1
EPSS Score
0.93%
Published
2014-11-07
Updated
2018-10-09
Multiple cross-site scripting (XSS) vulnerabilities in console interface scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
4.3
EPSS Score
4.83%
Published
2014-11-07
Updated
2018-10-09
The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 allows remote attackers to read arbitrary files or send TCP requests to intranet servers via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Max CVSS
7.5
EPSS Score
6.16%
Published
2014-11-07
Updated
2018-10-09
Symantec Encryption Desktop 10.3.x before 10.3.2 MP3, and Symantec PGP Desktop 10.0.x through 10.2.x, allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted encrypted e-mail message that decompresses to a larger size.
Max CVSS
5.0
EPSS Score
0.17%
Published
2014-08-22
Updated
2017-08-29
Buffer overflow in the sysplant driver in Symantec Endpoint Protection (SEP) Client 11.x and 12.x before 12.1 RU4 MP1b, and Small Business Edition before SEP 12.1, allows local users to execute arbitrary code via a long argument to a 0x00222084 IOCTL call.
Max CVSS
6.9
EPSS Score
0.06%
Published
2014-08-06
Updated
2017-08-29
Cross-site scripting (XSS) vulnerability in the management console in Symantec Data Insight 3.x and 4.x before 4.5 allows remote attackers to inject arbitrary web script or HTML via an unspecified form field, related to an "HTML script injection" issue.
Max CVSS
4.3
EPSS Score
1.03%
Published
2014-06-27
Updated
2014-07-24
Cross-site scripting (XSS) vulnerability in the management console in Symantec Data Insight 3.x and 4.x before 4.5 allows remote attackers to inject arbitrary web script or HTML via an unspecified form field.
Max CVSS
4.3
EPSS Score
70.97%
Published
2014-06-27
Updated
2014-07-24
Symantec PGP Desktop 10.x, and Encryption Desktop Professional 10.3.x before 10.3.2 MP2, on OS X uses world-writable permissions for temporary files, which allows local users to bypass intended restrictions on file reading, modification, creation, and permission changes via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.04%
Published
2014-06-21
Updated
2017-01-07
Multiple cross-site scripting (XSS) vulnerabilities in the management console in Symantec Web Gateway (SWG) before 5.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified report parameters.
Max CVSS
2.3
EPSS Score
26.04%
Published
2014-06-18
Updated
2017-12-28
SQL injection vulnerability in clientreport.php in the management console in Symantec Web Gateway (SWG) before 5.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Max CVSS
5.8
EPSS Score
3.14%
Published
2014-06-18
Updated
2017-12-28
SQL injection vulnerability in user.php in the management console in Symantec Web Gateway (SWG) before 5.2.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
Max CVSS
5.2
EPSS Score
0.20%
Published
2014-06-18
Updated
2017-12-28
Cross-site scripting (XSS) vulnerability in brightmail/setting/compliance/DlpConnectFlow$view.flo in the management console in Symantec Messaging Gateway 10.x before 10.5.2 allows remote attackers to inject arbitrary web script or HTML via the displayTab parameter.
Max CVSS
4.3
EPSS Score
43.03%
Published
2014-04-23
Updated
2015-08-06
Symantec PGP Desktop 10.0.x through 10.2.x and Encryption Desktop Professional 10.3.x before 10.3.2 MP1 do not properly perform block-data moves, which allows remote attackers to cause a denial of service (read access violation and application crash) via a malformed certificate.
Max CVSS
2.6
EPSS Score
0.31%
Published
2014-04-23
Updated
2014-04-24
Symantec PGP Desktop 10.0.x through 10.2.x and Encryption Desktop Professional 10.3.x before 10.3.2 MP1 do not properly perform memory copies, which allows remote attackers to cause a denial of service (read access violation and application crash) via a malformed certificate.
Max CVSS
2.6
EPSS Score
0.31%
Published
2014-04-23
Updated
2014-04-24
SQL injection vulnerability in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator (LUA) 2.x before 2.3.2.110 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Max CVSS
7.5
EPSS Score
43.00%
Published
2014-03-29
Updated
2014-03-31
The forgotten-password feature in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator (LUA) 2.x before 2.3.2.110 allows remote attackers to reset arbitrary passwords by providing the e-mail address associated with a user account.
Max CVSS
7.5
EPSS Score
86.07%
Published
2014-03-29
Updated
2014-03-31
The Web Email Protection component in Symantec Encryption Management Server (aka PGP Universal Server) before 3.3.2 allows remote authenticated users to read the stored outbound e-mail messages of arbitrary users via a modified URL.
Max CVSS
4.0
EPSS Score
0.16%
Published
2014-02-07
Updated
2018-01-03
SNMPConfig.php in the management console in Symantec Web Gateway (SWG) before 5.2.1 allows remote attackers to execute arbitrary commands via unspecified vectors.
Max CVSS
9.8
EPSS Score
1.55%
Published
2014-06-18
Updated
2017-12-28
Multiple cross-site scripting (XSS) vulnerabilities in the management console on the Symantec Web Gateway (SWG) appliance before 5.2 allow remote attackers to inject arbitrary web script or HTML via (1) vectors involving PHP scripts and (2) unspecified other vectors.
Max CVSS
4.3
EPSS Score
70.97%
Published
2014-02-11
Updated
2015-07-30
Multiple SQL injection vulnerabilities in the management console on the Symantec Web Gateway (SWG) appliance before 5.2 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
Max CVSS
6.5
EPSS Score
0.08%
Published
2014-02-11
Updated
2014-02-11
28 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!