Search Results (575 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-5689 1 Symantec 2 Deployment Solution, Ghost Solutions Suite 2025-04-12 N/A
ghostexp.exe in Ghost Explorer Utility in Symantec Ghost Solutions Suite (GSS) before 3.0 HF2 12.0.0.8010 and Symantec Deployment Solution (DS) before 7.6 HF4 12.0.0.7045 performs improper sign-extend operations before array-element accesses, which allows remote attackers to execute arbitrary code, cause a denial of service (application crash), or possibly obtain sensitive information via a crafted Ghost image.
CVE-2015-6554 1 Symantec 1 Endpoint Protection Manager 2025-04-12 N/A
Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP3 allows remote attackers to execute arbitrary OS commands via crafted data.
CVE-2015-8156 1 Symantec 1 Endpoint Encryption 2025-04-12 N/A
Unquoted Windows search path vulnerability in EEDService in Symantec Endpoint Encryption (SEE) 11.x before 11.1.1 allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory, as demonstrated by program.exe.
CVE-2016-3647 1 Symantec 1 Endpoint Protection Manager 2025-04-12 N/A
Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks, and trigger network traffic to arbitrary intranet hosts, via a crafted request.
CVE-2016-3650 1 Symantec 1 Endpoint Protection Manager 2025-04-12 N/A
Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to discover credentials via a brute-force attack.
CVE-2015-1483 2 Linux, Symantec 2 Linux Kernel, Netbackup Opscenter 2025-04-12 N/A
Symantec NetBackup OpsCenter 7.6.0.2 through 7.6.1 on Linux and UNIX allows remote attackers to execute arbitrary JavaScript code via unspecified vectors.
CVE-2013-5017 1 Symantec 1 Web Gateway 2025-04-12 N/A
SNMPConfig.php in the management console in Symantec Web Gateway (SWG) before 5.2.1 allows remote attackers to execute arbitrary commands via unspecified vectors.
CVE-2015-8154 1 Symantec 1 Endpoint Protection Manager 2025-04-12 N/A
The SysPlant.sys driver in the Application and Device Control (ADC) component in the client in Symantec Endpoint Protection (SEP) 12.1 before RU6-MP4 allows remote attackers to execute arbitrary code via a crafted HTML document, related to "RWX Permissions."
CVE-2016-5307 1 Symantec 1 Endpoint Protection Manager 2025-04-12 N/A
Directory traversal vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to read arbitrary files in the web-root directory tree via unspecified vectors.
CVE-2015-5690 1 Symantec 1 Web Gateway 2025-04-12 N/A
The management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to bypass intended access restrictions and execute arbitrary commands by leveraging a "redirect."
CVE-2014-3433 1 Symantec 1 Data Insight 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the management console in Symantec Data Insight 3.x and 4.x before 4.5 allows remote attackers to inject arbitrary web script or HTML via an unspecified form field, related to an "HTML script injection" issue.
CVE-2014-3434 1 Symantec 1 Endpoint Protection 2025-04-12 N/A
Buffer overflow in the sysplant driver in Symantec Endpoint Protection (SEP) Client 11.x and 12.x before 12.1 RU4 MP1b, and Small Business Edition before SEP 12.1, allows local users to execute arbitrary code via a long argument to a 0x00222084 IOCTL call.
CVE-2014-3439 1 Symantec 1 Endpoint Protection Manager 2025-04-12 N/A
ConsoleServlet in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 allows remote attackers to write to arbitrary files via unspecified vectors.
CVE-2015-1486 1 Symantec 1 Endpoint Protection Manager 2025-04-12 N/A
The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote attackers to bypass authentication via a crafted password-reset action that triggers a new administrative session.
CVE-2014-1644 1 Symantec 1 Liveupdate Administrator 2025-04-12 N/A
The forgotten-password feature in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator (LUA) 2.x before 2.3.2.110 allows remote attackers to reset arbitrary passwords by providing the e-mail address associated with a user account.
CVE-2016-3653 1 Symantec 1 Endpoint Protection Manager 2025-04-12 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in management scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allow remote authenticated users to hijack the authentication of arbitrary users.
CVE-2016-3652 1 Symantec 1 Endpoint Protection Manager 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in management scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2016-3651 1 Symantec 1 Endpoint Protection Manager 2025-04-12 N/A
Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to discover the PHP JSESSIONID value via unspecified vectors.
CVE-2016-3648 1 Symantec 1 Endpoint Protection Manager 2025-04-12 N/A
Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to bypass the Authentication Lock protection mechanism, and conduct brute-force password-guessing attacks against management-console accounts, by entering data into the authorization window.
CVE-2014-1645 1 Symantec 1 Liveupdate Administrator 2025-04-12 N/A
SQL injection vulnerability in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator (LUA) 2.x before 2.3.2.110 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.