Symantec Antivirus Scan Engine 5.0.0.24

This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor	Symantec	First view	2006-04-24
Product	Antivirus Scan Engine	Last view	2006-04-24
Version	5.0.0.24	Type	Application
Update	*
Edition	*
Language	*
Sofware Edition	*
Target Software	*
Target Hardware	*
Other	*

CPE Product	cpe:2.3:a:symantec:antivirus_scan_engine

Activity : Overall

Related : CVE

	Date	Alert	Description
5	2006-04-24	CVE-2006-0232	Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, stores sensitive log and virus definition files under the web root with insufficient access control, which allows remote attackers to obtain the information via direct requests.
6.4	2006-04-24	CVE-2006-0231	Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, uses the same private DSA key for each installation, which allows remote attackers to conduct man-in-the-middle attacks and decrypt communications.
10	2006-04-24	CVE-2006-0230	Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, uses a client-side check to verify a password, which allows remote attackers to gain administrator privileges via a modified client that sends certain XML requests.

Open Source Vulnerability Database (OSVDB)

id	Description
24904	Symantec AntiVirus Scan Engine Unauthenticated Arbitrary File Access
24903	Symantec AntiVirus Scan Engine Static DSA Key Encryption Weakness
24902	Symantec AntiVirus Scan Engine Authentication Bypass

Snort® IPS/IDS

Date	Description
2014-01-10	Symantec Scan Engine authentication bypass attempt RuleID : 16056 - Type : SERVER-WEBAPP - Revision : 8

Nessus® Vulnerability Scanner

id	Description
2006-04-24	Name: It is possible to take control of the remote scan engine. File: symantec_scan_engine_multiple.nasl - Type: ACT_GATHER_INFO

Copyright Security-Database 2006-2025 - Powered by themself ;) in 0.0180s

Facebook rss twitter linkedin mail