Search Results (Refine Search)
- Keyword (text search): cpe:2.3:a:symantec:liveupdate_administrator:2.3.0:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2014-1645 |
SQL injection vulnerability in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator (LUA) 2.x before 2.3.2.110 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Published: March 28, 2014; 9:55:07 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2014-1644 |
The forgotten-password feature in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator (LUA) 2.x before 2.3.2.110 allows remote attackers to reset arbitrary passwords by providing the e-mail address associated with a user account. Published: March 28, 2014; 9:55:07 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2012-0304 |
Symantec LiveUpdate Administrator before 2.3.1 uses weak permissions (Everyone: Full Control) for the installation directory, which allows local users to gain privileges via a Trojan horse file. Published: June 22, 2012; 6:24:06 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 6.9 MEDIUM |