Vulnerabilities > Symantec > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-07-23 | CVE-2012-0305 | Unspecified vulnerability in Symantec Backupexec System Recovery and System Recovery Untrusted search path vulnerability in Symantec System Recovery 2011 before SP2 and Backup Exec System Recovery 2010 before SP5 allows local users to gain privileges via a Trojan horse DLL in the current working directory. local symantec | 4.4 |
| 2012-07-05 | CVE-2012-0303 | Cross-Site Request Forgery (CSRF) vulnerability in Symantec Message Filter Multiple cross-site request forgery (CSRF) vulnerabilities in Brightmail Control Center in Symantec Message Filter 6.3 allow remote attackers to hijack the authentication of arbitrary users for requests that (1) execute application commands or (2) create admin accounts. | 6.8 |
| 2012-07-05 | CVE-2012-0302 | Cross-Site Scripting vulnerability in Symantec Message Filter 6.3 Cross-site scripting (XSS) vulnerability in Brightmail Control Center in Symantec Message Filter 6.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2012-07-05 | CVE-2012-0301 | Improper Authentication vulnerability in Symantec Message Filter Session fixation vulnerability in Brightmail Control Center in Symantec Message Filter 6.3 allows remote attackers to hijack web sessions via unspecified vectors. | 5.4 |
| 2012-06-22 | CVE-2012-0304 | Permissions, Privileges, and Access Controls vulnerability in Symantec Liveupdate Administrator Symantec LiveUpdate Administrator before 2.3.1 uses weak permissions (Everyone: Full Control) for the installation directory, which allows local users to gain privileges via a Trojan horse file. | 6.9 |
| 2012-05-24 | CVE-2012-1821 | Unspecified vulnerability in Symantec Endpoint Protection The Network Threat Protection module in the Manager component in Symantec Endpoint Protection (SEP) 11.0.600x through 11.0.700x on Windows Server 2003 allows remote attackers to cause a denial of service (web-server outage, or daemon crash or hang) via a flood of packets that triggers automated blocking of network traffic. | 5.0 |
| 2012-05-23 | CVE-2012-0294 | Path Traversal vulnerability in Symantec Endpoint Protection 12.1/12.1.1000/12.1.671 Directory traversal vulnerability in the Manager service in the management console in Symantec Endpoint Protection (SEP) 12.1 before 12.1 RU1-MP1 allows remote attackers to delete files via unspecified vectors. | 5.8 |
| 2012-05-21 | CVE-2012-0298 | Permissions, Privileges, and Access Controls vulnerability in Symantec web Gateway 5.0/5.0.1/5.0.2 The file-management scripts in the management GUI in Symantec Web Gateway 5.0.x before 5.0.3 allow remote attackers to (1) read or (2) delete arbitrary files via unspecified vectors. | 6.4 |
| 2012-05-21 | CVE-2012-0296 | Cross-Site Scripting vulnerability in Symantec web Gateway 5.0/5.0.1/5.0.2 Multiple cross-site scripting (XSS) vulnerabilities in the management GUI in Symantec Web Gateway 5.0.x before 5.0.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2012-03-21 | CVE-2012-1462 | Permissions, Privileges, and Access Controls vulnerability in multiple products The ZIP file parser in AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, Quick Heal (aka Cat QuickHeal) 11.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, Kaspersky Anti-Virus 7.0.0.125, Norman Antivirus 6.06.12, Sophos Anti-Virus 4.61.0, and AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11 allows remote attackers to bypass malware detection via a ZIP file containing an invalid block of data at the beginning. | 4.3 |