Computer Security
[EN] no-pyccku

Symantec Endpoint Protection Management security vulnerabilities
SecurityVulns ID:12876
Threat Level:
Description:Executable planting, remote PHP code execution.
Affected:SYMANTEC : Symantec Endpoint Protection 11.0
 SYMANTEC : Symantec Network Access Control 12.1
CVE:CVE-2012-4349 (Unquoted Windows search path vulnerability in Symantec Network Access Control (SNAC) 12.1 before RU2 allows local users to gain privileges via unspecified vectors.)
 CVE-2012-4348 (The management console in Symantec Endpoint Protection (SEP) 11.0 before RU7-MP3 and 12.1 before RU2, and Symantec Endpoint Protection Small Business Edition 12.x before 12.1 RU2, does not properly validate input for PHP scripts, which allows remote authenticated users to execute arbitrary code via unspecified vectors.)
Original documentdocumentNCC Group Research, NGS00336 Patch Notification: Symantec Network Access Control Privilege Escalation (11.02.2013)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod