CVSS: 4.6EPSS: 0%CPEs: 4EXPL: 0CVE-2008-4638
https://notcve.org/view.php?id=CVE-2008-4638
qioadmin in the Quick I/O for Database feature in Symantec Veritas File System (VxFS) on HP-UX, and before 5.0 MP3 on Solaris, Linux, and AIX, allows local users to read arbitrary files by causing qioadmin to write a file's content to standard error in an error message. qioadmin en E/S Quick para la funcionalidad Database en Veritas File System (VxFS) de Symantec en HP-UX, y MP3 anterior a versión 5.0 en Solaris, Linux y AIX, permite a los usuarios locales leer archivos arbitrarios al causar que qioadmin escriba un contenido de archivo para un error estándar en un mensaje de error. • http://seer.entsupport.symantec.com/docs/310872.htm http://www.security-objectives.com/advisories/SECOBJSADV-2008-05.txt http://www.securityfocus.com/archive/1/497675/100/0/threaded http://www.securityfocus.com/bid/31679 http://www.symantec.com/avcenter/security/Content/2008.10.20.html http://www.vupen.com/english/advisories/2008/2875 https://exchange.xforce.ibmcloud.com/vulnerabilities/46009 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 1%CPEs: 6EXPL: 0CVE-2008-4339
https://notcve.org/view.php?id=CVE-2008-4339
Unspecified vulnerability in the Java Administration GUI (jnbSA) in Symantec Veritas NetBackup Server and NetBackup Enterprise Server 5.1 before MP7, 6.0 before MP7, and 6.5 before 6.5.2 allows remote authenticated users to gain privileges via unknown attack vectors related to "bpjava* binaries." Vulnerabilidad no especificada en Java Administration GUI (jnbSA) de Symantec Veritas NetBackup Server y NetBackup Enterprise Server v5.1 antes de MP7, v6.0 antes de MP7, y v6.5 antes de v6.5.2 permite a usuarios autenticados obtener privilegios a través de vectores de ataque desconocidos relacionados a "binarios bpjava*" • http://sunsolve.sun.com/search/document.do?assetkey=1-26-239908-1 http://www.securityfocus.com/bid/31221 http://www.securitytracker.com/id?1020928 http://www.symantec.com/avcenter/security/Content/2008.09.24a.html http://www.vupen.com/english/advisories/2008/2672 https://exchange.xforce.ibmcloud.com/vulnerabilities/45386 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 92%CPEs: 3EXPL: 0CVE-2008-3703 – Symantec Veritas Storage Foundation Scheduler Service NULL Session Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2008-3703
The management console in the Volume Manager Scheduler Service (aka VxSchedService.exe) in Symantec Veritas Storage Foundation for Windows (SFW) 5.0, 5.0 RP1a, and 5.1 accepts NULL NTLMSSP authentication, which allows remote attackers to execute arbitrary code via requests to the service socket that create "snapshots schedules" registry values specifying future command execution. NOTE: this issue exists because of an incomplete fix for CVE-2007-2279. La consola de gestión en Volume Manager Scheduler Service (también conocido como VxSchedService.exe) de Symantec Veritas Storage Foundation para Windows (SFW) 5.0, 5.0 RP1a y 5.1 acepta autentificación NULL NTLMSSP, lo que permite a atacantes remotos ejecutar código de su elección mediante peticiones al socket del servicio que crea valores del registro de "snapshots schedules (horarios de ficheros de captura)" especificando la ejecución de comandos futuros. NOTA: este problema existe debido a una solución incompleta de CVE-2007-2279. This vulnerability allows an attacker to execute arbitrary code on vulnerable installations of Symantec Veritas Storage Foundation. • http://secunia.com/advisories/31486 http://securityreason.com/securityalert/4161 http://securitytracker.com/id?1020699 http://seer.entsupport.symantec.com/docs/306386.htm http://www.securityfocus.com/archive/1/495481 http://www.securityfocus.com/archive/1/495487/100/0/threaded http://www.securityfocus.com/bid/30596 http://www.symantec.com/avcenter/security/Content/2008.08.14a.html http://www.vupen.com/english/advisories/2008/2395 http://www.zerodayinitiative.com/advisories/ZDI-08- • CWE-287: Improper Authentication •
CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0CVE-2008-2794
https://notcve.org/view.php?id=CVE-2008-2794
Unspecified vulnerability in the GUI in Symantec Altiris Notification Server Agent 6.x before 6.0 SP3 R8 allows local users to gain privileges via unknown attack vectors. Vulnerabilidad no especificada en el GUI de Symantec Altiris Notification Server Agent versiones 6.x anteriores a 6.0 SP3 R8 permite a usuarios locales obtener mayores privilegios mediante vectores de ataque desconocidos. • http://secunia.com/advisories/30741 http://securityresponse.symantec.com/avcenter/security/Content/2008.06.17.html http://www.securityfocus.com/bid/29708 http://www.securitytracker.com/id?1020304 http://www.vupen.com/english/advisories/2008/1861/references https://exchange.xforce.ibmcloud.com/vulnerabilities/43154 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 0CVE-2008-2512
https://notcve.org/view.php?id=CVE-2008-2512
Directory traversal vulnerability in Symantec Backup Exec System Recovery Manager 7.x before 7.0.4 and 8.x before 8.0.2 allows remote attackers to read arbitrary files via unspecified vectors. Una vulnerabilidad de salto de directorio en Symantec Backup Exec System Recovery Manager versiones 7.x anteriores a 7.0.4 y versiones 8.x anteriores a 8.0.2, permite a los atacantes remotos leer archivos arbitrarios por medio de vectores no especificados. • http://secunia.com/advisories/30432 http://securityresponse.symantec.com/avcenter/security/Content/2008.05.28c.html http://www.securityfocus.com/bid/29350 http://www.securitytracker.com/id?1020128 http://www.vupen.com/english/advisories/2008/1686/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42714 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •