Published: 25/04/2006 Updated: 19/10/2018

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Symantec Scan Engine 5.0.0.24, and possibly other versions prior to 5.1.0.7, uses a client-side check to verify a password, which allows remote malicious users to gain administrator privileges via a modified client that sends certain XML requests.

Vulnerable Product	Search on Vulmon	Subscribe to Product
symantec antivirus scan engine 5.0.0.24

#!/usr/bin/perl -w # # Remotely change the administrator password (or password hash) of # Symantec Scan Engine # # Author: Marc Bevand of Rapid7 <marc_bevand(at)rapid7com> # Copyright 2006 Rapid7, LLC All rights reserved # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the ...

NVD-CWE-Other http://archives.neohapsis.com/archives/vulnwatch/2006-q2/0010.html http://www.symantec.com/avcenter/security/Content/2006.04.21.html http://www.securityfocus.com/bid/17637 http://secunia.com/advisories/19734 http://www.kb.cert.org/vuls/id/118388 http://www.vupen.com/english/advisories/2006/1464 https://exchange.xforce.ibmcloud.com/vulnerabilities/25972 http://www.securityfocus.com/archive/1/431734/100/0/threaded http://www.securityfocus.com/archive/1/431724/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/1703/https://www.kb.cert.org/vuls/id/118388

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2006-0230

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect