Computer Security
[EN] securityvulns.ru no-pyccku


Symantec LiveUpdate Administrator security vulnerabilities
Published:31.03.2014
Source:
SecurityVulns ID:13646
Type:remote
Threat Level:
6/10
Description:Unaurhorized access, SQL injection.
Affected:SYMANTEC : Symantec LiveUpdate Administrator 2.3
CVE:CVE-2014-1645 (SQL injection vulnerability in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator (LUA) 2.x before 2.3.2.110 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.)
 CVE-2014-1644 (The forgotten-password feature in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator (LUA) 2.x before 2.3.2.110 allows remote attackers to reset arbitrary passwords by providing the e-mail address associated with a user account.)
Original documentdocumentSEC Consult Vulnerability Lab, SEC Consult SA-20140328-0 :: Multiple vulnerabilities in Symantec LiveUpdate Administrator (31.03.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod