CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2009-3030
https://notcve.org/view.php?id=CVE-2009-3030
Cross-site scripting (XSS) vulnerability in Symantec SecurityExpressions Audit and Compliance Server 4.1.1, 4.1, and earlier allows remote attackers to inject arbitrary web script or HTML via vectors that trigger an error message in a response, related to an "HTML Injection issue." Vulnerabilidad de Ejecución de secuencias de comandos en sitios cruzados (XSS) en Symantec SecurityExpressions Audit y Compliance Server v4.1.1, v4.1 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores que desencadenan un mensaje de error en una respuesta, relacionada con una "incidencia de inyección HTML". • http://secunia.com/advisories/36972 http://securitytracker.com/id?1022989 http://www.osvdb.org/58650 http://www.securityfocus.com/bid/36571 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20091006_00 http://www.vupen.com/english/advisories/2009/2849 https://exchange.xforce.ibmcloud.com/vulnerabilities/53669 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.5EPSS: 0%CPEs: 2EXPL: 0CVE-2009-3029
https://notcve.org/view.php?id=CVE-2009-3029
Cross-site scripting (XSS) vulnerability in the console in Symantec SecurityExpressions Audit and Compliance Server 4.1.1, 4.1, and earlier allows remote authenticated users to inject arbitrary web script or HTML via "external client input" that triggers crafted error messages. Ejecución de comandos en sitios cruzados (XSS) en la consola de Symantec SecurityExpressions Audit y Compliance Server v4.1.1, v4.1 y anteriores permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML a través de la "entrada de clientes externos" lo cual provoca mensajes de error manipulados. • http://secunia.com/advisories/36972 http://securitytracker.com/id?1022989 http://www.osvdb.org/58651 http://www.securityfocus.com/bid/36570 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20091006_00 http://www.vupen.com/english/advisories/2009/2849 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2009-3179
https://notcve.org/view.php?id=CVE-2009-3179
Multiple unspecified vulnerabilities in Symantec Altiris Deployment Solution 6.9 might allow remote attackers to execute arbitrary code via unknown client-side attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 7.17, as identified by (1) "Symantec Altiris Deployment Solution 6.9 exploit, (2) "Symantec Altiris Deployment Solution 6.9 exploit (II)," and (3) "Symantec Altiris Deployment Solution 6.9 exploit (III)." NOTE: as of 20090909, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. Múltiples vulnerabilidades no especificadas en Symantec Altiris Deployment Solution v6.9, podrían permitir a atacantes remotos ejecutar código de su elección a través de vectores de ataque del lado del cliente, como se demostró por un módulo concreto en VulnDisco Pack Professional v7.17, como se identificó por (1) exploit "Symantec Altiris Deployment Solution v6.9, (2) exploit "Symantec Altiris Deployment Solution v6.9 (II)," y (3) exploit "Symantec Altiris Deployment Solution v6.9 (III)." NOTA, como en 20090909, de esta información no se tiene información de la acción. • http://intevydis.com/vd-list.shtml http://secunia.com/advisories/36587 http://www.securityfocus.com/bid/36247 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2009-3178
https://notcve.org/view.php?id=CVE-2009-3178
Unspecified vulnerability in mm.exe in Symantec Altiris Deployment Solution 6.9 allows remote attackers to cause a denial of service via unknown attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 7.18, "Symantec Altiris Deployment Solution 6.9 DoS." NOTE: as of 20090909, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. Vulnerabilidad no específica en mm.exe en Symantec Altiris Deployment Solution v6.9, permite a atacantes remotos provocar una denegación de servicio a través de vectores de ataque desconocidos, como se demostró por un módulo concreto en VulnDisco Pack Professional v7.18, " Symantec Altiris Deployment Solution 6.9 DoS". NOTA, como en 20090909, de esta información no se tiene información de la acción. • http://intevydis.com/vd-list.shtml http://secunia.com/advisories/36587 http://www.securityfocus.com/bid/36247 •
CVSS: 5.8EPSS: 0%CPEs: 6EXPL: 0CVE-2009-3110
https://notcve.org/view.php?id=CVE-2009-3110
Race condition in the file transfer functionality in Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 allows remote attackers to read sensitive files and prevent client updates by connecting to the file transfer port before the expected client does. Condición de carrera en la funcionalidad de transferencia de ficheros en Symantec Altiris Deployment Solution v6.9.x anterior a v6.9 SP3 Build 430, permite a atacantes remotos leer archivos sensibles y prevenir las actualizaciones de los clientes mediante la conexión a un puerto de transferencia antes de que lo haga el autentico cliente. • http://secunia.com/advisories/36502 http://www.securityfocus.com/bid/36113 http://www.securitytracker.com/id?1022779 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090826_00 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •