Exploitation Summary
EIP tracks 1 public exploit for CVE-2014-9225.
AI-analyzed exploit summary This is a detailed security advisory from SEC Consult describing multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) and Symantec Critical System Protection (SCSP), including unauthenticated SQL injection, reflected XSS, information disclosure, and multiple policy bypasses. It includes technical details, affected scripts, and proof-of-concept code for the SQL injection vulnerability.
Description
The ajaxswing webui in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows remote authenticated users to obtain sensitive server information via unspecified vectors.
Exploits (1)
This is a detailed security advisory from SEC Consult describing multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) and Symantec Critical System Protection (SCSP), including unauthenticated SQL injection, reflected XSS, information disclosure, and multiple policy bypasses. It includes technical details, affected scripts, and proof-of-concept code for the SQL injection vulnerability.