| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| FTP proxy in Symantec Raptor Firewall 6.5.3 and Enterprise 7.0 rewrites an FTP server's "FTP PORT" responses in a way that allows remote attackers to redirect FTP data connections to arbitrary ports, a variant of the "FTP bounce" vulnerability. |
| Norton Anti-Virus (NAV) allows remote attackers to bypass content filtering via attachments whose Content-Type and Content-Disposition headers are mixed upper and lower case, which is ignored by some mail clients. |
| Symantec Ghost 7.0 stores usernames and passwords in plaintext in the NGServer\params registry key, which could allow an attacker to gain privileges. |
| Symantec LiveUpdate 1.5 and earlier in Norton Antivirus stores usernames and passwords for a local LiveUpdate server in cleartext in the registry, which may allow remote attackers to impersonate the LiveUpdate server. |
| SMTP proxy in Symantec Enterprise Firewall (SEF) 6.5.x includes the firewall's physical interface name and address in an SMTP protocol exchange when NAT translation is made to an address other than the firewall, which could allow remote attackers to determine certain firewall configuration information. |
| The Notify daemon for Symantec Enterprise Firewall (SEF) 6.5.x drops large alerts when SNMP is used as the transport, which could prevent some alerts from being sent in the event of an attack. |
| Symantec LiveUpdate 1.4 through 1.6, and possibly later versions, allows remote attackers to cause a denial of service (flood) via DNS spoofing of the update.symantec.com site. |
| Symantec LiveUpdate before 1.6 does not use cryptography to ensure the integrity of download files, which allows remote attackers to execute arbitrary code via DNS spoofing of the update.symantec.com site. |
| The default configuration of Norton AntiVirus for Microsoft Exchange 2000 2.x allows remote attackers to identify the recipient's INBOX file path by sending an email with an attachment containing malicious content, which includes the path in the rejection notice. |
| Symantec Ghost 6.5 and earlier allows a remote attacker to create a denial of service by sending large (> 45Kb) amounts of data to the Ghost Configuration Server on port 1347, which triggers an error that is not properly handled. |
| Symantec LiveUpdate 1.5 stores proxy passwords in cleartext in a registry key, which could allow local users to obtain the passwords. |
| Configuration error in Axent Raptor Firewall 6.5 allows remote attackers to use the firewall as a proxy to access internal web resources when the http.noproxy Rule is not set. |
| I-gear 3.5.7 and earlier does not properly process log entries in which a URL is longer than 255 characters, which allows an attacker to cause reporting errors. |
| Norton AntiVirus 5.00.01C with the Novell Netware client does not properly restart the auto-protection service after the first user has logged off of the system. |
| In some cases, Norton Antivirus for Exchange (NavExchange) enters a "fail-open" state which allows viruses to pass through the server. |
| Buffer overflow in Norton Antivirus for Exchange (NavExchange) allows remote attackers to cause a denial of service via a .zip file that contains long file names. |
| pcAnywhere 8.x and 9.0 allows remote attackers to cause a denial of service via a TCP SYN scan, e.g. by nmap. |
| The default encryption method of PcAnywhere 9.x uses weak encryption, which allows remote attackers to sniff and decrypt PcAnywhere or NT domain accounts. |
| PCAnywhere allows remote attackers to cause a denial of service by terminating the connection before PCAnywhere provides a login prompt. |
| Symantec Mail-Gear 1.0 web interface server allows remote users to read arbitrary files via a .. (dot dot) attack. |
