Vulnerabilities > Symantec
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-08-05 | CVE-2006-3457 | Information Disclosure vulnerability in Symantec On-Demand Agent and On-Demand Protection Symantec On-Demand Agent (SODA) before 2.5 MR2 Build 2157, and the Virtual Desktop module in Symantec On-Demand Protection (SODP) before 2.6 Build 2233, do not properly encrypt files that are subject to policy-based automatic encryption, which might allow local users to read sensitive data via an unspecified decryption method. | 2.1 |
| 2006-07-24 | CVE-2006-3786 | Local Security vulnerability in Symantec Pcanywhere 12.5 Symantec pcAnywhere 12.5 uses weak integrity protection for .cif (aka caller or CallerID) files, which allows local users to generate a custom .cif file and modify the superuser flag. | 3.6 |
| 2006-07-24 | CVE-2006-3785 | Local Security vulnerability in Symantec Pcanywhere 12.5 Symantec pcAnywhere 12.5 obfuscates the passwords in a GUI textbox with asterisks but does not encrypt them in the associated .cif (aka caller or CallerID) file, which allows local users to obtain the passwords from the window using tools such as Nirsoft Asterwin. | 2.1 |
| 2006-07-24 | CVE-2006-3784 | Local Security vulnerability in Symantec Pcanywhere 12.5 Symantec pcAnywhere 12.5 uses weak default permissions for the "Symantec\pcAnywhere\Hosts" folder, which allows local users to gain privileges by inserting a superuser .cif (aka caller or CallerID) file into the folder, and then using a pcAnywhere client to login as a local administrator. | 7.2 |
| 2006-07-21 | CVE-2006-3725 | Denial-Of-Service vulnerability in Symantec Norton Personal Firewall 20069.1.0.33 Norton Personal Firewall 2006 9.1.0.33 allows local users to cause a denial of service (crash) via certain RegSaveKey, RegRestoreKey and RegDeleteKey operations on the (1) HKLM\SYSTEM\CurrentControlSet\Services\SNDSrvc and (2) HKLM\SYSTEM\CurrentControlSet\Services\SymEvent registry keys. | 2.1 |
| 2006-06-19 | CVE-2006-3072 | Authentication Bypass vulnerability in Symantec Security Information Manager M4 Macro Library in Symantec Security Information Manager before 4.0.2.29 HOTFIX 1 allows local users to execute arbitrary commands via crafted "rule definitions", which produces dangerous Java code during M4 transformation. | 4.6 |
| 2006-05-27 | CVE-2006-2630 | Remote Stack Buffer Overflow vulnerability in Symantec Client Security and Norton Antivirus Stack-based buffer overflow in Symantec Antivirus 10.1 and Client Security 3.1 allows remote attackers to execute arbitrary code via unknown attack vectors. | 10.0 |
| 2006-05-12 | CVE-2006-2341 | Information Exposure vulnerability in Symantec Enterprise Firewall and Gateway Security The HTTP proxy in Symantec Gateway Security 5000 Series 2.0.1 and 3.0, and Enterprise Firewall 8.0, when NAT is being used, allows remote attackers to determine internal IP addresses by using malformed HTTP requests, as demonstrated using a get request without a space separating the URI. | 5.0 |
| 2006-04-25 | CVE-2006-0232 | Remote vulnerability in Symantec Antivirus Scan Engine 5.0.0.24 Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, stores sensitive log and virus definition files under the web root with insufficient access control, which allows remote attackers to obtain the information via direct requests. | 5.0 |
| 2006-04-25 | CVE-2006-0231 | Remote vulnerability in Symantec Antivirus Scan Engine 5.0.0.24 Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, uses the same private DSA key for each installation, which allows remote attackers to conduct man-in-the-middle attacks and decrypt communications. | 6.4 |