Vulnerabilities > Symantec > High

DATE CVE VULNERABILITY TITLE RISK
2004-04-15 CVE-2004-0217 Link Following vulnerability in Symantec Antivirus Scan Engine 4.0/4.3
The LiveUpdate capability (liveupdate.sh) in Symantec AntiVirus Scan Engine 4.0 and 4.3 for Red Hat Linux allows local users to create or append to arbitrary files via a symlink attack on /tmp/LiveUpdate.log.
local
high complexity
symantec CWE-59
7.0
2004-03-15 CVE-2004-0190 Unspecified vulnerability in Symantec products
Symantec FireWall/VPN Appliance model 200 records a cleartext password for the password administration page, which may be cached on the administrator's local system or in a proxy, which allows attackers to steal the password and gain privileges.
network
low complexity
symantec
7.5
2004-02-03 CVE-2003-0994 Unspecified vulnerability in Symantec products
The GUI functionality for an interactive session in Symantec LiveUpdate 1.70.x through 1.90.x, as used in Norton Internet Security 2001 through 2004, SystemWorks 2001 through 2004, and AntiVirus and Norton AntiVirus Pro 2001 through 2004, AntiVirus for Handhelds v3.0, allows local users to gain SYSTEM privileges.
local
low complexity
symantec
7.2
2003-12-15 CVE-2003-0936 Unspecified vulnerability in Symantec Pcanywhere 10.0/10.5/11.0
Symantec PCAnywhere 10.x and 11, when started as a service, allows attackers to gain SYSTEM privileges via the help interface using AWHOST32.exe.
local
low complexity
symantec
7.2
2003-08-07 CVE-2003-0470 Buffer Overflow vulnerability in Symantec Security Check RuFSI ActiveX Control
Buffer overflow in the "RuFSI Utility Class" ActiveX control (aka "RuFSI Registry Information Class"), as used for the Symantec Security Check service, allows remote attackers to execute arbitrary code via a long argument to CompareVersionStrings.
network
low complexity
symantec
7.5
2003-06-09 CVE-2002-1463 Unspecified vulnerability in Symantec products
Symantec Raptor Firewall 6.5 and 6.5.3, Enterprise Firewall 6.5.2 and 7.0, VelociRaptor Models 500/700/1000 and 1100/1200/1300, and Gateway Security 5110/5200/5300 generate easily predictable initial sequence numbers (ISN), which allows remote attackers to spoof connections.
network
low complexity
symantec
7.5
2003-04-02 CVE-2003-0106 Unspecified vulnerability in Symantec Enterprise Firewall 7.0
The HTTP proxy for Symantec Enterprise Firewall (SEF) 7.0 allows proxy users to bypass pattern matching for blocked URLs via requests that are URL-encoded with escapes, Unicode, or UTF-8.
network
low complexity
symantec
7.5
2003-03-31 CVE-2002-1540 Unspecified vulnerability in Symantec Norton Antivirus Corporate7.5/Corporate7.51/Corporate7.6
The client for Symantec Norton AntiVirus Corporate Edition 7.5.x before 7.5.1 Build 62 and 7.6.x before 7.6.1 Build 35a runs winhlp32 with raised privileges, which allows local users to gain privileges by using certain features of winhlp32.
local
low complexity
symantec
7.2
2002-12-31 CVE-2002-2317 Information Exposure vulnerability in Symantec Velociraptor 1.0
Memory leak in the (1) httpd, (2) nntpd, and (3) vpn driver in VelociRaptor 1.0 allows remote attackers to cause a denial of service (memory consumption) via an unknown method.
network
low complexity
symantec CWE-200
7.8
2002-12-31 CVE-2002-2206 Local Denial of Service vulnerability in Symantec Norton Antivirus 2001
The POP3 proxy service (POPROXY.EXE) in Norton AntiVirus 2001 allows local users to cause a denial of service (CPU consumption and crash) via a long username with multiple /localhost entries.
network
low complexity
symantec
7.8