Page 5 of 27 results (0.021 seconds)

CVSS: 7.5EPSS: 44%CPEs: 2EXPL: 2

SQL injection vulnerability in axengine.exe in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 allows remote attackers to execute arbitrary SQL commands via unspecified string fields in a notification packet. Vulnerabilidad de inyección SQL en axengine.exe en Symantec Altiris Deployment Solution 6.8.x y 6.9.x en versiones anteriores a 6.9.176 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de campos de cadena no especificado en un paquete de notificación. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Symantec Altiris Deployment Solution. User interaction is not required to exploit this vulnerability. The specific flaw exists within the axengine.exe process listening by default on TCP port 402. A lack of proper sanitation while parsing requests allows for a remote attacker to inject arbitrary SQL statements into the database. • https://www.exploit-db.com/exploits/29552 http://marc.info/?l=bugtraq&m=122167472229965&w=2 http://osvdb.org/show/osvdb/45313 http://secunia.com/advisories/30261 http://www.exploit-db.com/exploits/29552 http://www.securityfocus.com/archive/1/492127/100/0/threaded http://www.securityfocus.com/archive/1/492229/100/0/threaded http://www.securityfocus.com/bid/29198 http://www.securitytracker.com/id?1020024 http://www.symantec.com/avcenter/security/Content/2008.05.14a • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0

axengine.exe in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 generates credentials with a fixed salt or without any salt, which makes it easier for remote attackers to guess encrypted domain credentials. axengine.exe en Symantec Altiris Deployment Solution 6.8.x y 6.9.x en versiones anteriores a 6.9.176 genera credenciales con un sal fijado o sin sal, lo que hace que sea más fácil para atacantes remotos adivinar las credenciales de dominio cifradas. This vulnerability allows attackers to remotely obtain domain credentials on vulnerable installations of Symantec Altiris Deployment Solution. User interaction is not required to exploit this vulnerability. Authentication is not required to exploit this vulnerability. The specific flaw exists within the axengine.exe service listening by default on TCP port 402. The service allows a remote client to request encrypted domain credentials without authentication. • http://marc.info/?l=bugtraq&m=122167472229965&w=2 http://secunia.com/advisories/30261 http://www.insomniasec.com/advisories/ISVA-080516.2.htm http://www.securityfocus.com/archive/1/492128/100/0/threaded http://www.securityfocus.com/archive/1/492228/100/0/threaded http://www.securityfocus.com/bid/29199 http://www.securitytracker.com/id?1020024 http://www.symantec.com/avcenter/security/Content/2008.05.14a.html http://www.vupen.com/english/advisories/2008/1542/references http • CWE-255: Credentials Management Errors •

CVSS: 1.7EPSS: 0%CPEs: 3EXPL: 0

Symantec Altiris Deployment Solution before 6.9.164 stores the Deployment Solution Agent (aka AClient) password in cleartext in memory, which allows local users to obtain sensitive information by dumping the AClient.exe process memory. Symantec Altiris Deployment Solution anterior a 6.9.164 almacena en memoria las contraseñas de Deployment Solution Agent (aka AClient) en texto claro, el cual permite a los usuarios locales obtener información sensible volcando el proceso de memoria AClient.exe. • http://secunia.com/advisories/29771 http://securityresponse.symantec.com/avcenter/security/Content/2008.04.10.html http://www.osvdb.org/44388 http://www.securityfocus.com/bid/28707 http://www.securitytracker.com/id?1019825 http://www.vupen.com/english/advisories/2008/1197/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41771 • CWE-310: Cryptographic Issues •

CVSS: 7.2EPSS: 0%CPEs: 7EXPL: 0

The Altiris Client Service (AClient.exe) in Symantec Altiris Deployment Solution 6.8.x before 6.9.164 allows local users to gain privileges via a "Shatter" style attack. El Altiris Client Service (AClient.exe) en Symantec Altiris Deployment Solution versiones 6.8.x anteriores a 6.9.164, permite a los usuarios locales alcanzar privilegios mediante un ataque estilo "Shatter". • http://secunia.com/advisories/29319 http://securityresponse.symantec.com/avcenter/security/Content/2008.03.10.html http://www.securityfocus.com/bid/28110 http://www.securitytracker.com/id?1019569 http://www.vupen.com/english/advisories/2008/0843/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41100 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0

Aclient in Symantec Altiris Deployment Solution 6.x before 6.8.380.0 allows local users to gain local System privileges via the "Enable key-based authentication to Deployment server" browser option, a different issue than CVE-2007-4380. Aclient en Symantec Altiris Deployment Solution 6.x anterior a 6.8.380.0 permite a usuarios locales ganar privilegios de sistemas locales a través de la opción del navegador "servidor de despliegue con la autenticación basada en llave habilitados", un asundo diferente que CVE-2007-4380. • http://secunia.com/advisories/27412 http://www.irmplc.com/index.php/111-Vendor-Alerts http://www.irmplc.com/index.php/152-Advisory-022 http://www.securityfocus.com/bid/26265 http://www.securitytracker.com/id?1018876 http://www.symantec.com/avcenter/security/Content/2007.10.31a.html http://www.vupen.com/english/advisories/2007/3673 https://exchange.xforce.ibmcloud.com/vulnerabilities/38180 • CWE-16: Configuration •