CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 0CVE-2008-5543
https://notcve.org/view.php?id=CVE-2008-5543
Symantec AntiVirus (SAV) 10, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. Symantec AntiVirus (SAV) 10, cuando se utiliza Internet Explorer 6 o 7, permite a atacantes remotos eludir la detección de malware en un documento HTML colocando una cabecera MZ (alias "EXE info") al principio, y modificar el nombre del archivo a (1 ) sin extensión, (2) una extensión. txt, o (3) una extensión .jpg, como lo demuestra un documento que contiene un exploit CVE-2006-5745. • http://securityreason.com/securityalert/4723 http://www.securityfocus.com/archive/1/498995/100/0/threaded http://www.securityfocus.com/archive/1/499043/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/47435 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2008-5427
https://notcve.org/view.php?id=CVE-2008-5427
Norton Antivirus in Norton Internet Security 15.5.0.23 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a denial of service (stack consumption or other resource consumption) via a large e-mail message, a related issue to CVE-2006-1173. Norton Antivirus en Norton Internet Security v15.5.0.231 no gestiona apropiadamente (1) mensajes de correo multipart/mixed con muchas partes MIME y posiblemente (2) mensajes de correo electrónico con muchas cabeceras "Content-type: message/rfc822;", lo que permite a atacantes remotos provocar una denegación de servicio (consumo de pila o consumo de otros recursos) mediante un correo electrónico de gran tamaño, un problema relacionado a CVE-2006-1173. • http://mime.recurity.com/cgi-bin/twiki/view/Main/AttackIntro http://securityreason.com/securityalert/4721 http://www.securityfocus.com/archive/1/499038/100/0/threaded http://www.securityfocus.com/archive/1/499045/100/0/threaded • CWE-399: Resource Management Errors •
CVSS: 9.0EPSS: 1%CPEs: 4EXPL: 0CVE-2008-5408
https://notcve.org/view.php?id=CVE-2008-5408
Buffer overflow in the data management protocol in Symantec Backup Exec for Windows Servers 11.0 (aka 11d) builds 6235 and 7170, 12.0 build 1364, and 12.5 build 2213 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via unknown vectors. NOTE: this can be exploited by unauthenticated remote attackers by leveraging CVE-2008-5407. Desbordamiento de búfer en el protocolo de administración de datos en Symantec Backup Exec para Windows Servers 11.0 (alias 11d) builds 6235 y 7170, 12.0 build 1364, y 12.5 build 2213 permiten a los usuarios autenticados remotamente causar una denegación de servicios (caída de la aplicación) y posiblemente ejecutar arbitrariamente código a través de vectores desconocidos. NOTA: esto puede ser explotado por un atacante remoto no autentificado por la utilización de CVE-2008-5407. • http://secunia.com/advisories/32810 http://securityresponse.symantec.com/avcenter/security/Content/2008.11.19.html http://seer.entsupport.symantec.com/docs/314528.htm http://www.securityfocus.com/bid/32346 http://www.securitytracker.com/id?1021246 http://www.vupen.com/english/advisories/2008/3209 https://exchange.xforce.ibmcloud.com/vulnerabilities/46731 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.4EPSS: 0%CPEs: 4EXPL: 0CVE-2008-5407
https://notcve.org/view.php?id=CVE-2008-5407
Multiple unspecified vulnerabilities in the Backup Exec remote-agent logon process in Symantec Backup Exec for Windows Servers 11.0 (aka 11d) builds 6235 and 7170, 12.0 build 1364, and 12.5 build 2213 allow remote attackers to bypass authentication, and read or delete files, via unknown vectors. Múltiples vulnerabilidades sin especificar en el proceso de logon en Backup Exec remote-agent Symantec de Backup Exec para Servidores Windows v11.0 (también conocido como 11d) builds 6235 y 7170, v12.0 build 1364, y v12.5 build 2213, permite a atacantes remotos evitar la autenticación y leer o eliminar archivos a través de vectores desconocidos. • http://secunia.com/advisories/32810 http://securityresponse.symantec.com/avcenter/security/Content/2008.11.19.html http://seer.entsupport.symantec.com/docs/314528.htm http://www.securityfocus.com/bid/32347 http://www.securitytracker.com/id?1021246 http://www.vupen.com/english/advisories/2008/3209 https://exchange.xforce.ibmcloud.com/vulnerabilities/46730 • CWE-287: Improper Authentication •
CVSS: 4.6EPSS: 0%CPEs: 4EXPL: 0CVE-2008-3248
https://notcve.org/view.php?id=CVE-2008-3248
qiomkfile in the Quick I/O for Database feature in Symantec Veritas File System (VxFS) on HP-UX, and before 5.0 MP3 on Solaris, Linux, and AIX, does not initialize filesystem blocks during creation of a file, which allows local users to obtain sensitive information by creating and then reading files. qiomkfile en el Quick I/O para la base de datos en Symantec Veritas File System (VxFS) sobre HP-UX, y anterior a la v5.0 MP3 sobre Solaris, Linux, y AIX, no inicializa el bloque de ficheros durante la creación de un archivo, lo que permite obtener información sensible mediante la creación y lectura de archivos. • http://secunia.com/advisories/32332 http://seer.entsupport.symantec.com/docs/310872.htm http://www.security-objectives.com/advisories/SECOBJADV-2008-04.txt http://www.security-objectives.com/advisories/SECOBJSADV-2008-04.txt http://www.securityfocus.com/archive/1/497626/100/0/threaded http://www.securityfocus.com/bid/31678 http://www.securitytracker.com/id?1021074 http://www.symantec.com/avcenter/security/Content/2008.10.20.html http://www.vupen.com/english/advisories/2008/2875 https& • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •