Filtered by vendor Symantec
Subscriptions
Total
571 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2006-3072 | 1 Symantec | 1 Security Information Manager | 2024-11-21 | N/A |
M4 Macro Library in Symantec Security Information Manager before 4.0.2.29 HOTFIX 1 allows local users to execute arbitrary commands via crafted "rule definitions", which produces dangerous Java code during M4 transformation. | ||||
CVE-2006-2630 | 1 Symantec | 2 Client Security, Norton Antivirus | 2024-11-21 | N/A |
Stack-based buffer overflow in Symantec Antivirus 10.1 and Client Security 3.1 allows remote attackers to execute arbitrary code via unknown attack vectors. | ||||
CVE-2006-2341 | 1 Symantec | 2 Enterprise Firewall, Gateway Security | 2024-11-21 | N/A |
The HTTP proxy in Symantec Gateway Security 5000 Series 2.0.1 and 3.0, and Enterprise Firewall 8.0, when NAT is being used, allows remote attackers to determine internal IP addresses by using malformed HTTP requests, as demonstrated using a get request without a space separating the URI. | ||||
CVE-2006-1836 | 1 Symantec | 6 Liveupdate, Norton Antivirus, Norton Internet Security and 3 more | 2024-11-21 | N/A |
Untrusted search path vulnerability in unspecified components in Symantec LiveUpdate for Macintosh 3.0.0 through 3.5.0 do not set the execution path, which allows local users to gain privileges via a Trojan horse program. | ||||
CVE-2006-1286 | 1 Symantec | 2 Ghost Solutions Suite, Norton Ghost | 2024-11-21 | N/A |
Buffer overflow in the login dialog in dbisqlc.exe in SQLAnywhere for Symantec Ghost 8.0 and 8.2, as used in Symantec Ghost Solutions Suite (SGSS) 1.0, might allow local users to read certain sensitive information from the database. | ||||
CVE-2006-1285 | 1 Symantec | 2 Ghost Solutions Suite, Norton Ghost | 2024-11-21 | N/A |
SQLAnywhere in Symantec Ghost 8.0 and 8.2, as used in Symantec Ghost Solutions Suite (SGSS) 1.0, gives read and write permissions to all users for database shared memory sections, which allows local users to access and possibly modify certain information. | ||||
CVE-2006-1284 | 1 Symantec | 2 Ghost Solutions Suite, Norton Ghost | 2024-11-21 | N/A |
The installation of SQLAnywhere in Symantec Ghost 8.0 and 8.2, as used in Symantec Ghost Solutions Suite (SGSS) 1.0, includes a default administrator login account and password, which allows local users to gain privileges or modify tasks. | ||||
CVE-2006-0522 | 1 Symantec | 1 Sygate Management Server | 2024-11-21 | N/A |
SQL injection vulnerability in the Authentication Servlet in Symantec Sygate Management Server (SMS) version 4.1 build 1417 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via unknown attack vectors related to a URL. | ||||
CVE-2006-0232 | 1 Symantec | 1 Antivirus Scan Engine | 2024-11-21 | N/A |
Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, stores sensitive log and virus definition files under the web root with insufficient access control, which allows remote attackers to obtain the information via direct requests. | ||||
CVE-2006-0231 | 1 Symantec | 1 Antivirus Scan Engine | 2024-11-21 | N/A |
Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, uses the same private DSA key for each installation, which allows remote attackers to conduct man-in-the-middle attacks and decrypt communications. | ||||
CVE-2006-0230 | 1 Symantec | 1 Antivirus Scan Engine | 2024-11-21 | N/A |
Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, uses a client-side check to verify a password, which allows remote attackers to gain administrator privileges via a modified client that sends certain XML requests. | ||||
CVE-2006-0166 | 1 Symantec | 1 Norton System Works | 2024-11-21 | N/A |
Symantec Norton SystemWorks and SystemWorks Premier 2005 and 2006 stores temporary copies of files in the Norton Protected Recycle Bin NProtect directory, which is hidden from the FindFirst and FindNext Windows APIs and allows remote attackers to hide arbitrary files from virus scanners and other products. | ||||
CVE-2005-4695 | 1 Symantec | 1 Brightmail Antispam | 2024-11-21 | N/A |
Symantec Brightmail AntiSpam 6.0 build 1 and 2 allows remote attackers to cause a denial of service (bmserver component termination) via malformed MIME messages. | ||||
CVE-2005-3934 | 1 Symantec | 1 Pcanywhere | 2024-11-21 | N/A |
Buffer overflow in Symantec pcAnywhere 11.0.1, 11.5.1, and all other 32-bit versions allows remote attackers to cause a denial of service (application crash) via unknown attack vectors. | ||||
CVE-2005-3768 | 1 Symantec | 10 Enterprise Firewall, Firewall Vpn Appliance 100, Firewall Vpn Appliance 200 and 7 more | 2024-11-21 | N/A |
Buffer overflow in the Internet Key Exchange version 1 (IKEv1) implementation in Symantec Dynamic VPN Services, as used in Enterprise Firewall, Gateway Security, and Firewall /VPN Appliance products, allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. | ||||
CVE-2005-3316 | 1 Symantec | 2 Discovery, On Command Discovery | 2024-11-21 | N/A |
The installation of ON Symantec Discovery 4.5.x and Symantec Discovery 6.0 creates the (1) DiscoveryWeb and (2) DiscoveryRO database accounts with null passwords, which could allow attackers to gain privileges or prevent Discovery from running by setting another password. | ||||
CVE-2005-3270 | 1 Symantec | 1 Norton Antivirus | 2024-11-21 | N/A |
Untrusted search path vulnerability in DiskMountNotify for Symantec Norton AntiVirus 9.0.3 allows local users to gain privileges by modifying the PATH to reference a malicious (1) ps or (2) grep file. | ||||
CVE-2005-3217 | 1 Symantec | 1 Antivirus Scan Engine | 2024-11-21 | N/A |
Multiple interpretation error in unspecified versions of Symantec Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper. | ||||
CVE-2005-2766 | 1 Symantec | 1 Norton Antivirus | 2024-11-21 | N/A |
Symantec AntiVirus Corporate Edition 9.0.1.x and 9.0.4.x, and possibly other versions, when obtaining updates from an internal LiveUpdate server, stores sensitive information in cleartext in the Log.Liveupdate log file, which allows attackers to obtain the username and password to the internal LiveUpdate server. | ||||
CVE-2005-2759 | 1 Symantec | 1 Norton Antivirus | 2024-11-21 | N/A |
** SPLIT ** The jlucaller program in LiveUpdate for Symantec Norton AntiVirus 9.0.3 on Macintosh runs setuid when executing Java programs, which allows local users to gain privileges. NOTE: due to a CNA error, this candidate was also originally assigned to an issue in DiskMountNotify. Use CVE-2005-3270 for the DiskMountNotify issue, and CVE-2005-2759 for the LiveUpdate issue. |