Vulnerabilities > Symantec > Critical

DATE CVE VULNERABILITY TITLE RISK
2007-05-16 CVE-2007-1173 Remote Buffer Overflow vulnerability in Multiple Vendor XFERWAN.EXE
Multiple buffer overflows in the CentennialIPTransferServer service (XFERWAN.EXE), as used by (1) Centennial Discovery 2006 Feature Pack 1, (2) Numara Asset Manager 8.0, and (3) Symantec Discovery 6.5, allow remote attackers to execute arbitrary code via long strings in a crafted TCP packet.
network
low complexity
centennial numara symantec
critical
10.0
2007-05-16 CVE-2007-1689 Buffer Overflow vulnerability in Symantec Norton Personal Firewall 2004 ActiveX Control
Buffer overflow in the ISAlertDataCOM ActiveX control in ISLALERT.DLL for Norton Personal Firewall 2004 and Internet Security 2004 allows remote attackers to execute arbitrary code via long arguments to the (1) Get and (2) Set functions.
network
low complexity
symantec
critical
10.0
2007-04-30 CVE-2007-2375 Remote Upgrade Remote Code Execution vulnerability in Symantec Enterprise Security Manager
The agent remote upgrade interface in Symantec Enterprise Security Manager (ESM) before 20070405 does not verify the authenticity of upgrades, which allows remote attackers to execute arbitrary code via software that implements the agent upgrade protocol.
network
low complexity
symantec
critical
10.0
2007-03-03 CVE-2007-1252 Unspecified vulnerability in Symantec Mail Security 5.0
Buffer overflow in Symantec Mail Security for SMTP 5.0 before Patch 175 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted headers in an e-mail message.
network
symantec
critical
9.3
2007-02-22 CVE-2006-6490 Remote Buffer Overflow vulnerability in SupportSoft ActiveX Controls
Multiple buffer overflows in the SupportSoft (1) SmartIssue (tgctlsi.dll) and (2) ScriptRunner (tgctlsr.dll) ActiveX controls, as used by Symantec Automated Support Assistant and Norton AntiVirus, Internet Security, and System Works 2006, allows remote attackers to execute arbitrary code via a crafted HTML message.
network
low complexity
supportsoft symantec
critical
10.0
2006-12-14 CVE-2006-6222 Remote vulnerability in Symantec products
Stack-based buffer overflow in the NetBackup bpcd daemon (bpcd.exe) in Symantec Veritas NetBackup 5.0 before 5.0_MP7, 5.1 before 5.1_MP6, and 6.0 before 6.0_MP4 allows remote attackers to execute arbitrary code via a long request with a malformed length prefix.
network
low complexity
symantec
critical
10.0
2006-12-14 CVE-2006-5822 Remote vulnerability in Symantec products
Stack-based buffer overflow in the NetBackup bpcd daemon (bpcd.exe) in Symantec Veritas NetBackup 5.0 before 5.0_MP7, 5.1 before 5.1_MP6, and 6.0 before 6.0_MP4 allows remote attackers to execute arbitrary code via a long CONNECT_OPTIONS request, a different issue than CVE-2006-6222.
network
low complexity
symantec
critical
10.0
2006-12-14 CVE-2006-4902 Remote vulnerability in Symantec products
The NetBackup bpcd daemon (bpcd.exe) in Symantec Veritas NetBackup 5.0 before 5.0_MP7, 5.1 before 5.1_MP6, and 6.0 before 6.0_MP4 does not properly check for chained commands, which allows remote attackers to execute arbitrary commands by appending malicious commands to valid commands.
network
low complexity
symantec
critical
10.0
2006-05-27 CVE-2006-2630 Remote Stack Buffer Overflow vulnerability in Symantec Client Security and Norton Antivirus
Stack-based buffer overflow in Symantec Antivirus 10.1 and Client Security 3.1 allows remote attackers to execute arbitrary code via unknown attack vectors.
network
low complexity
symantec
critical
10.0
2006-04-25 CVE-2006-0230 Remote vulnerability in Symantec Antivirus Scan Engine 5.0.0.24
Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, uses a client-side check to verify a password, which allows remote attackers to gain administrator privileges via a modified client that sends certain XML requests.
network
low complexity
symantec
critical
10.0