Vulnerabilities > Symantec
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-10-27 | CVE-2005-3316 | Unspecified vulnerability in Symantec Discovery and ON Command Discovery The installation of ON Symantec Discovery 4.5.x and Symantec Discovery 6.0 creates the (1) DiscoveryWeb and (2) DiscoveryRO database accounts with null passwords, which could allow attackers to gain privileges or prevent Discovery from running by setting another password. | 7.5 |
| 2005-10-21 | CVE-2005-3270 | Local Privilege Escalation vulnerability in Symantec Norton Antivirus 9.0.3 Untrusted search path vulnerability in DiskMountNotify for Symantec Norton AntiVirus 9.0.3 allows local users to gain privileges by modifying the PATH to reference a malicious (1) ps or (2) grep file. | 7.2 |
| 2005-10-20 | CVE-2005-2759 | Local Privilege Escalation vulnerability in Symantec Norton Antivirus 9.0.3 ** SPLIT ** The jlucaller program in LiveUpdate for Symantec Norton AntiVirus 9.0.3 on Macintosh runs setuid when executing Java programs, which allows local users to gain privileges. | 7.2 |
| 2005-10-14 | CVE-2005-3217 | Unspecified vulnerability in Symantec Antivirus Scan Engine Multiple interpretation error in unspecified versions of Symantec Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper. | 5.1 |
| 2005-10-05 | CVE-2005-2758 | Buffer Overflow vulnerability in Symantec products Integer signedness error in the administrative interface for Symantec AntiVirus Scan Engine 4.0 and 4.3 allows remote attackers to execute arbitrary code via crafted HTTP headers with negative values, which lead to a heap-based buffer overflow. | 10.0 |
| 2005-09-02 | CVE-2005-2766 | Unspecified vulnerability in Symantec Norton Antivirus 9.0.1.1.1000/9.0.4 Symantec AntiVirus Corporate Edition 9.0.1.x and 9.0.4.x, and possibly other versions, when obtaining updates from an internal LiveUpdate server, stores sensitive information in cleartext in the Log.Liveupdate log file, which allows attackers to obtain the username and password to the internal LiveUpdate server. | 2.1 |
| 2005-08-30 | CVE-2005-2017 | Unspecified vulnerability in Symantec Norton Antivirus 9.0.1.1000 Symantec AntiVirus 9 Corporate Edition allows local users to gain privileges via the "Scan for viruses" option, which launches a help window with raised privileges, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2002-1540. | 10.0 |
| 2005-06-16 | CVE-2005-1970 | Local Privileged Command Execution vulnerability in Symantec PCAnywhere Symantec pcAnywhere 10.5x and 11.x before 11.5, with "Launch with Windows" enabled, allows local users with physical access to execute arbitrary commands via the Caller Properties feature. | 7.2 |
| 2005-06-09 | CVE-2005-1867 | Remote Security vulnerability in Brightmail Anti-Spam Symantec Brightmail AntiSpam before 6.0.2 has a hard-coded database administrator password, which allows remote attackers to gain privileges. | 7.5 |
| 2005-05-02 | CVE-2005-1346 | Denial-Of-Service vulnerability in Web Security Multiple Symantec AntiVirus products, including Norton AntiVirus 2005 11.0.0, Web Security Web Security 3.0.1.72, Mail Security for SMTP 4.0.5.66, AntiVirus Scan Engine 4.3.7.27, SAV/Filter for Domino NT 3.1.1.87, and Mail Security for Exchange 4.5.4.743, when running on Windows, allows remote attackers to cause a denial of service (component crash) and avoid detection via a crafted RAR file. | 2.6 |