Page 69 of 598 results (0.010 seconds)

CVSS: 9.3EPSS: 90%CPEs: 1EXPL: 3

CVE-2009-2570 – Symantec Fax Viewer Control 10 - 'DCCFAXVW.dll' Remote Buffer Overflow

https://notcve.org/view.php?id=CVE-2009-2570

Stack-based buffer overflow in the Symantec.FaxViewerControl.1 ActiveX control in WinFax\DCCFAXVW.DLL in Symantec WinFax Pro 10.03 allows remote attackers to execute arbitrary code via a long argument to the AppendFax method. Desbordamiento de búfer basado en pila en Symantec.FaxViewerControl.1 ActiveX control en WinFax\DCCFAXVW.DLL en Symantec WinFax Pro v10.03, permite a atacantes remotos ejecutar código de su elección mediante una argumento largo en el método AppendFax. • https://www.exploit-db.com/exploits/8562 http://osvdb.org/54137 http://retrogod.altervista.org/9sg_symantec_win_fuck_pro.html http://secunia.com/advisories/34925 http://www.securityfocus.com/archive/1/503074/100/0/threaded http://www.securityfocus.com/archive/1/503086/100/0/threaded http://www.securityfocus.com/archive/1/503163/100/0/threaded http://www.securityfocus.com/bid/34766 http://www.securitytracker.com/id?1022147 http://www.vupen.com/english/advisories/2009 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1

CVE-2008-6827

https://notcve.org/view.php?id=CVE-2008-6827

The ListView control in the Client GUI (AClient.exe) in Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 allows local users to gain SYSTEM privileges and execute arbitrary commands via a "Shatter" style attack on the "command prompt" hidden GUI button to (1) overwrite the CommandLine parameter to cmd.exe to use SYSTEM privileges and (2) modify the DLL that is loaded using the LoadLibrary API function. El control "ListView" (vista de lista) del cliente de interfaz gráfico (AClient.exe) en Altiris Deployment Solution v6.x anterior a 6.9.355 SP1 de Symantec permite a usuarios locales obtener privilegios de SYSTEM y ejecutar comandos de su elección a través un tipo de ataque "Shatter" en el botón oculto del interfaz gráfico "command prompt" para (1) sobreescribir el parámetro CommandLine a cmd.exe para usar privilegios de SYSTEM y (2) modificar la DLL que es cargada usando la función de la API LoadLibrary. • https://github.com/alt3kx/CVE-2008-6827 http://marc.info/?l=bugtraq&m=122460544316205&w=2 http://osvdb.org/49426 http://secunia.com/advisories/31773 http://www.insomniasec.com/advisories/ISVA-081020.1.htm http://www.securityfocus.com/bid/31766 http://www.securitytracker.com/id?1021071 http://www.symantec.com/avcenter/security/Content/2008.10.20a.html http://www.vupen.com/english/advisories/2008/2876 https://exchange.xforce.ibmcloud.com/vulnerabilities/46006 • CWE-306: Missing Authentication for Critical Function •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2008-6828

https://notcve.org/view.php?id=CVE-2008-6828

Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 stores the Application Identity Account password in memory in cleartext, which allows local users to gain privileges and modify clients of the Deployment Solution Server. Altiris Deployment Solution v6.x anterior a 6.9.355 SP1 de Symantec almacena la contraseña de "Application Identity Account" (cuenta de identidad de aplicación) en texto claro, lo que permite a usuarios locales obtener privilegios y modificar clientes de "Deployment Solution Server". • http://secunia.com/advisories/31773 http://securityresponse.symantec.com/avcenter/security/Content/2008.10.20b.html http://www.securityfocus.com/bid/31767 http://www.securitytracker.com/id?1021072 http://www.vupen.com/english/advisories/2008/2876 https://exchange.xforce.ibmcloud.com/vulnerabilities/46007 • CWE-312: Cleartext Storage of Sensitive Information •

CVSS: 4.3EPSS: 5%CPEs: 1EXPL: 3

CVE-2009-1517 – Norton Ghost Support module for EasySetup wizard - Remote Denial of Service (PoC)

https://notcve.org/view.php?id=CVE-2009-1517

Multiple insecure method vulnerabilities in the Symantec.EasySetup.1 ActiveX control in EasySetupInt.dll 14.0.4.30167 in the EasySetup wizard in Symantec Norton Ghost 14.0 allow remote attackers to cause a denial of service (browser crash) and possibly execute arbitrary code via unspecified input to the (1) GetBackupLocationPath, (2) CallUninstall, (3) SetupDeleteVolume, (4) CanUseEasySetup, (5) CallAddInitialProtection, and (6) CallTour methods. Múltiples vulnerabilidades de método inseguro en el control ActiveX Symantec.EasySetup.1 en EasySetupInt.dll v14.0.4.30167 en el asistente EasySetup en Symantec Norton Ghost v14.0 permite a atacantes remotos provocar una denegación de servicio (caída del navegador) y posiblemente ejecución de código de su elección a través de una entrada no específica en los métodos (1) GetBackupLocationPath, (2) CallUninstall, (3) SetupDeleteVolume, (4) CanUseEasySetup, (5) CallAddInitialProtection, y (6) CallTour. • https://www.exploit-db.com/exploits/8523 http://www.securityfocus.com/bid/34696 http://www.securitytracker.com/id?1022120 http://www.shinnai.net/xplits/TXT_Gl6RHStS23c9DANArcJE.html https://exchange.xforce.ibmcloud.com/vulnerabilities/50098 •

CVSS: 5.0EPSS: 1%CPEs: 8EXPL: 0

CVE-2009-1432

https://notcve.org/view.php?id=CVE-2009-1432

Symantec Reporting Server, as used in Symantec AntiVirus (SAV) Corporate Edition 10.1 before 10.1 MR8 and 10.2 before 10.2 MR2, Symantec Client Security (SCS) before 3.1 MR8, and the Symantec Endpoint Protection Manager (SEPM) component in Symantec Endpoint Protection (SEP) before 11.0 MR2, allows remote attackers to inject arbitrary text into the login screen, and possibly conduct phishing attacks, via vectors involving a URL that is not properly handled. Symantec Reporting Server, utilizado en Symantec AntiVirus (SAV) Corporate Edition v10.1 anterior a v10.1 MR8 y v10,2 antes de v10.2 MR2, Symantec Client Security (SCS), antes de v3.1 MR8, y el componente Symantec Endpoint Protection Manager (SEPM) en Symantec Endpoint Protection (SEP) anterior a v11.0 MR2, permite a atacantes remotos inyectar texto arbitrario en la pantalla de inicio de sesión y, posiblemente, realizar ataques de phishing, a través de vectores relacionados con un URL que no está bien manejada. • http://secunia.com/advisories/34856 http://secunia.com/advisories/34935 http://securitytracker.com/id?1022136 http://securitytracker.com/id?1022137 http://securitytracker.com/id?1022138 http://www.securityfocus.com/bid/34668 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090428_00 http://www.vupen.com/english/advisories/2009/1202 http://www.vupen.com/english/advisories/2009/1204 https://exchange.xforce.ibmcloud&# • CWE-20: Improper Input Validation •