Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.5
CVSSv2

CVE-2013-5015

Published: 14/02/2014 Updated: 30/07/2015
CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8
VMScore: 660
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Subscribe to Symantec

Vulnerability Summary

SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 11.0 prior to 11.0.7405.1424 and 12.1 prior to 12.1.4023.4080, and Symantec Protection Center Small Business Edition 12.x prior to 12.1.4023.4080, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

Vulnerable Product Search on Vulmon Subscribe to Product

symantec endpoint protection manager 11.0

symantec protection center 12.0

symantec endpoint protection manager 12.1.0

symantec endpoint protection manager 12.1.1

symantec endpoint protection manager 12.1.2

symantec endpoint protection manager 12.1.3

Exploits

Exploit DB: Symantec Endpoint Protection Manager - Remote Command Execution (Metasploit)
## # This module requires Metasploit: http//metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core' require 'msf/core/exploit/powershell' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include REXML include Msf::Exploit::CmdStagerVBS include Msf::Exploit::Remote: ...
Exploit DB: Symantec Endpoint Protection Manager 11.0/12.0/12.1 - Remote Command Execution
import argparse import httplib """ Exploit Title: Symantec Endpoint Protection Manager Remote Command Execution Exploit Author: Chris Graham @cgrahamseven CVE: CVE-2013-5014, CVE-2013-5015 Date: February 22, 2014 Vendor Homepage: wwwsymanteccom/endpoint-protection Version: 110, 120, 121 Tested On: Windows Server 2003, default SEPM inst ...
Exploit DB: Symantec Endpoint Protection 12.1.4023.4080 XXE / XSS / Arbitrary File Write
Symantec Endpoint Protection version 12140234080 suffers from XXE injection, cross site scripting, and arbitrary file write vulnerabilities ...
Exploit DB: Symantec Endpoint Protection Manager Remote Command Execution
Symantec Endpoint Protection Manager suffers from a remote command execution vulnerability Versions 110, 120, and 121 are affected ...

References

CWE-89http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140213_00http://www.securityfocus.com/bid/65467https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140218-0_Symantec_Endpoint_Protection_Multiple_critical_vulnerabilities_wo_poc_v10.txthttp://www.exploit-db.com/exploits/31853http://www.exploit-db.com/exploits/31917http://osvdb.org/103306https://nvd.nist.govhttps://www.exploit-db.com/exploits/31917/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionCVE-2006-4304CVE-2023-26603CVE-2024-28327CVE-2023-50363CVE-2024-21905template injectionCVE-2024-3400cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook