Vulnerabilities > Symantec
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-03-15 | CVE-2004-0192 | Cross-Site Scripting vulnerability in Symantec Gateway Security 5400 2.0 Cross-site scripting (XSS) vulnerability in the Management Service for Symantec Gateway Security 2.0 allows remote attackers to steal cookies and hijack a management session via a /sgmi URL that contains malicious script, which is not quoted in the resulting error page. network symantec | 6.8 |
| 2004-03-15 | CVE-2004-0190 | Unspecified vulnerability in Symantec products Symantec FireWall/VPN Appliance model 200 records a cleartext password for the password administration page, which may be cached on the administrator's local system or in a proxy, which allows attackers to steal the password and gain privileges. | 7.5 |
| 2004-02-03 | CVE-2003-0994 | Unspecified vulnerability in Symantec products The GUI functionality for an interactive session in Symantec LiveUpdate 1.70.x through 1.90.x, as used in Norton Internet Security 2001 through 2004, SystemWorks 2001 through 2004, and AntiVirus and Norton AntiVirus Pro 2001 through 2004, AntiVirus for Handhelds v3.0, allows local users to gain SYSTEM privileges. | 7.2 |
| 2003-12-31 | CVE-2003-1451 | Buffer Errors vulnerability in Symantec Norton Antivirus 2002 Buffer overflow in Symantec Norton AntiVirus 2002 allows remote attackers to execute arbitrary code via an e-mail attachment with a compressed ZIP file that contains a file with a long filename. | 6.4 |
| 2003-12-31 | CVE-2003-1310 | Unspecified vulnerability in Symantec Norton Antivirus 2002/2003 The DeviceIoControl function in the Norton Device Driver (NAVAP.sys) in Symantec Norton AntiVirus 2002 allows local users to gain privileges by overwriting memory locations via certain control codes (aka "Device Driver Attack"). | 4.6 |
| 2003-12-15 | CVE-2003-0936 | Unspecified vulnerability in Symantec Pcanywhere 10.0/10.5/11.0 Symantec PCAnywhere 10.x and 11, when started as a service, allows attackers to gain SYSTEM privileges via the help interface using AWHOST32.exe. | 7.2 |
| 2003-10-27 | CVE-2003-1149 | Cross-Site Scripting vulnerability in Symantec Norton Internet Security 20036.0.4.34 Cross-site scripting (XSS) vulnerability in Symantec Norton Internet Security 2003 6.0.4.34 allows remote attackers to inject arbitrary web script or HTML via a URL to a blocked site, which is displayed on the blocked sites error page. network symantec | 4.3 |
| 2003-08-07 | CVE-2003-0470 | Buffer Overflow vulnerability in Symantec Security Check RuFSI ActiveX Control Buffer overflow in the "RuFSI Utility Class" ActiveX control (aka "RuFSI Registry Information Class"), as used for the Symantec Security Check service, allows remote attackers to execute arbitrary code via a long argument to CompareVersionStrings. | 7.5 |
| 2003-06-09 | CVE-2002-1463 | Unspecified vulnerability in Symantec products Symantec Raptor Firewall 6.5 and 6.5.3, Enterprise Firewall 6.5.2 and 7.0, VelociRaptor Models 500/700/1000 and 1100/1200/1300, and Gateway Security 5110/5200/5300 generate easily predictable initial sequence numbers (ISN), which allows remote attackers to spoof connections. | 7.5 |
| 2003-04-02 | CVE-2003-0106 | Unspecified vulnerability in Symantec Enterprise Firewall 7.0 The HTTP proxy for Symantec Enterprise Firewall (SEF) 7.0 allows proxy users to bypass pattern matching for blocked URLs via requests that are URL-encoded with escapes, Unicode, or UTF-8. | 7.5 |