Vulnerabilities > Symantec > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-02-22 | CVE-2012-0291 | Improper Input Validation vulnerability in Symantec products Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), Altiris Client Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), and Altiris Deployment Solution Remote pcAnywhere Solution 7.1 (aka 12.5.x and 12.6.x) allow remote attackers to cause a denial of service (application crash or hang) via (1) malformed data from a client, (2) malformed data from a server, or (3) an invalid response. | 5.0 |
| 2012-01-25 | CVE-2011-3479 | Permissions, Privileges, and Access Controls vulnerability in Symantec Pcanywhere Symantec pcAnywhere 12.5.x through 12.5.3, and IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), uses world-writable permissions for product-installation files, which allows local users to gain privileges by modifying a file. | 6.8 |
| 2011-10-02 | CVE-2011-0552 | Cross-Site Scripting vulnerability in Symantec IM Manager Multiple cross-site scripting (XSS) vulnerabilities in the management console in Symantec IM Manager before 8.4.18 allow remote attackers to inject arbitrary web script or HTML via the (1) refreshRateSetting parameter to IMManager/Admin/IMAdminSystemDashboard.asp, the (2) nav or (3) menuitem parameter to IMManager/Admin/IMAdminTOC_simple.asp, or the (4) action parameter to IMManager/Admin/IMAdminEdituser.asp. | 4.3 |
| 2011-08-15 | CVE-2011-0551 | Cross-Site Request Forgery (CSRF) vulnerability in Symantec Endpoint Protection Cross-site request forgery (CSRF) vulnerability in the Web Interface in the Endpoint Protection Manager in Symantec Endpoint Protection (SEP) 11.0.600x through 11.0.6300 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts. | 6.8 |
| 2011-08-15 | CVE-2011-0550 | Cross-Site Scripting vulnerability in Symantec Endpoint Protection Multiple cross-site scripting (XSS) vulnerabilities in the Web Interface in the Endpoint Protection Manager in Symantec Endpoint Protection (SEP) 11.0.600x through 11.0.6300 allow remote attackers to inject arbitrary web script or HTML via (1) the token parameter to portal/Help.jsp or (2) the URI in a console/apps/sepm request. | 4.3 |
| 2011-05-31 | CVE-2011-0546 | Improper Input Validation vulnerability in Symantec Backup Exec Symantec Backup Exec 11.0, 12.0, 12.5, 13.0, and 13.0 R2 does not validate identity information sent between the media server and the remote agent, which allows man-in-the-middle attackers to execute NDMP commands via unspecified vectors. | 6.5 |
| 2011-03-28 | CVE-2011-1524 | Cross-Site Scripting vulnerability in Symantec Liveupdate Administrator Cross-site scripting (XSS) vulnerability in the management login GUI page in Symantec LiveUpdate Administrator (LUA) before 2.3 allows remote attackers to inject arbitrary web script or HTML via the username field, as demonstrated by injecting an IFRAME element into the event log, a different vulnerability than CVE-2011-0545. | 4.3 |
| 2011-03-28 | CVE-2011-0545 | Cross-Site Request Forgery (CSRF) vulnerability in Symantec Liveupdate Administrator 2.2.2.9 Cross-site request forgery (CSRF) vulnerability in adduser.do in Symantec LiveUpdate Administrator (LUA) before 2.3 allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts, and possibly have unspecified other impact, via the userRole parameter. | 6.8 |
| 2011-03-07 | CVE-2009-3028 | Unspecified vulnerability in Symantec products The Altiris eXpress NS SC Download ActiveX control in AeXNSPkgDLLib.dll, as used in Symantec Altiris Deployment Solution 6.9.x, Notification Server 6.0.x, and Symantec Management Platform 7.0.x exposes an unsafe method, which allows remote attackers to force the download of arbitrary files and possibly execute arbitrary code via the DownloadAndInstall method. network symantec | 6.8 |
| 2010-12-22 | CVE-2010-3268 | Improper Input Validation vulnerability in multiple products The GetStringAMSHandler function in prgxhndl.dll in hndlrsvc.exe in the Intel Alert Handler service (aka Symantec Intel Handler service) in Intel Alert Management System (AMS), as used in Symantec Antivirus Corporate Edition 10.1.4.4010 on Windows 2000 SP4 and Symantec Endpoint Protection before 11.x, does not properly validate the CommandLine field of an AMS request, which allows remote attackers to cause a denial of service (application crash) via a crafted request. | 5.0 |