CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2007-5838
https://notcve.org/view.php?id=CVE-2007-5838
Aclient in Symantec Altiris Deployment Solution 6.x before 6.8.380.0 allows local users to gain local System privileges via the "Enable key-based authentication to Deployment server" browser option, a different issue than CVE-2007-4380. Aclient en Symantec Altiris Deployment Solution 6.x anterior a 6.8.380.0 permite a usuarios locales ganar privilegios de sistemas locales a través de la opción del navegador "servidor de despliegue con la autenticación basada en llave habilitados", un asundo diferente que CVE-2007-4380. • http://secunia.com/advisories/27412 http://www.irmplc.com/index.php/111-Vendor-Alerts http://www.irmplc.com/index.php/152-Advisory-022 http://www.securityfocus.com/bid/26265 http://www.securitytracker.com/id?1018876 http://www.symantec.com/avcenter/security/Content/2007.10.31a.html http://www.vupen.com/english/advisories/2007/3673 https://exchange.xforce.ibmcloud.com/vulnerabilities/38180 • CWE-16: Configuration •
CVSS: 6.0EPSS: 0%CPEs: 7EXPL: 0CVE-2007-5829
https://notcve.org/view.php?id=CVE-2007-5829
The Disk Mount scanner in Symantec AntiVirus for Macintosh 9.x and 10.x, Norton AntiVirus for Macintosh 10.0 and 10.1, and Norton Internet Security for Macintosh 3.x, uses a directory with weak permissions (group writable), which allows local admin users to gain root privileges by replacing unspecified files, which are executed when a user with physical access inserts a disk and the "Show Progress During Mount Scans" option is enabled. El escáner Disk Mount en Symantec AntiVirus para Macintosh versiones 9.x y 10.x, Norton AntiVirus para Macintosh versiones 10.0 y 10.1 y Norton Internet Security para Macintosh versiones 3.x , usa un directorio con permisos débiles (grupo grabable), que permite a usuarios administradores locales alcanzar privilegios de root mediante la sustitución de archivos no especificados, que se ejecutan cuando un usuario con acceso físico inserta un disco y la opción "Show Progress During Mount Scans" está habilitada. • http://osvdb.org/40864 http://secunia.com/advisories/27488 http://securityresponse.symantec.com/avcenter/security/Content/2007.11.02.html http://securitytracker.com/id?1018889 http://securitytracker.com/id?1018890 http://www.securityfocus.com/bid/26253 http://www.vupen.com/english/advisories/2007/3698 https://exchange.xforce.ibmcloud.com/vulnerabilities/38229 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 1CVE-2007-5796 – Blue Coat ProxySG Management Console - URI Handler Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-5796
Cross-site scripting (XSS) vulnerability in the management console in Blue Coat ProxySG before 4.2.6.1, and 5.x before 5.2.2.5, allows remote attackers to inject arbitrary web script or HTML by modifying the URL that is used for loading Certificate Revocation Lists. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la consola de administración del Blue Coat ProxySG anterior al 4.2.6.1, y el 5.x anterior al 5.2.2.5, permite a atacantes remotos la inyección de secuencias de comandos web o HTML de su elección mediante la modificación de la URL que se usa para la carga de las Listas de Certificados Revocados ("Certificate Revocation Lists"). • https://www.exploit-db.com/exploits/30729 http://secunia.com/advisories/27452 http://www.bluecoat.com/support/securityadvisories/advisory_cross-site_scripting_vulnerability http://www.securitytracker.com/id?1018888 http://www.vupen.com/english/advisories/2007/3678 https://exchange.xforce.ibmcloud.com/vulnerabilities/38213 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 88%CPEs: 11EXPL: 0CVE-2007-5909 – Verity KeyView SDK Multiple File Format Parsing Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-5909
Multiple stack-based buffer overflows in Autonomy (formerly Verity) KeyView Viewer, Filter, and Export SDK before 9.2.0.12, as used by ActivePDF DocConverter, IBM Lotus Notes before 7.0.3, Symantec Mail Security, and other products, allow remote attackers to execute arbitrary code via a crafted (1) AG file to kpagrdr.dll, (2) AW file to awsr.dll, (3) DLL or (4) EXE file to exesr.dll, (5) DOC file to mwsr.dll, (6) MIF file to mifsr.dll, (7) SAM file to lasr.dll, or (8) RTF file to rtfsr.dll. NOTE: the WPD (wp6sr.dll) vector is covered by CVE-2007-5910. Múltiples desbordamientos de búfer basados en pila en el Autonomy (antiguamente Verity) KeyView Viewer, en el Filter y en el Export SDK anterior al 9.2.0.12, como el utilizado en el ActivePDF DocConverter, en el IBM Lotus Notes anterior al 7.0.3, en el Symantec Mail Security y en otros productos, permiten a atacantes remotos ejecutar código de su elección a través de modificaciones en (1) el fichero AG del kpagrdr.dll, (2) en el fichero AW del awsr.dll, (3) en el fichero DLL o el (4) EXE del exesr.dll, (5) en el fichero DOC del mwsr.dll, (6) en el fichero MIF del mifsr.dll, (7) en el fichero SAM del lasr.dll o (8) en el fichero RTF del rtfsr.dll. NOTA: el vector WPD (wp6sr.dll) se trata en la vulnerabilidad CVE-2007-5910. Several vulnerabilities exist in the popular Verity KeyView SDK used in many enterprise applications like IBM Lotus Notes. • http://secunia.com/advisories/27304 http://securityreason.com/securityalert/3357 http://securityresponse.symantec.com/avcenter/security/Content/2007.11.01c.html http://securitytracker.com/id?1018853 http://securitytracker.com/id?1018886 http://vuln.sg/lotusnotes702-en.html http://vuln.sg/lotusnotes702doc-en.html http://vuln.sg/lotusnotes702mif-en.html http://vuln.sg/lotusnotes702sam-en.html http://www-1.ibm.com/support/docview.wss?rs=899&uid=swg21271111 http://www-1.ibm.com/suppor • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2007-5555
https://notcve.org/view.php?id=CVE-2007-5555
Unspecified vulnerability in Symantec Altiris Deployment Solution allows attackers to obtain authentication credentials via unknown vectors, aka "Authentication Credentials Information Leakage in Altiris Deployment Solution." NOTE: this description is based on a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. Una vulnerabilidad no especificada en Symantec Altiris Deployment Solution, permite a atacantes obtener credenciales de autenticación por medio de vectores desconocidos, también se conoce como "Authentication Credentials Information Leakage in Altiris Deployment Solution". NOTA: esta descripción está basada en un aviso preliminar vago sin información procesable. • http://www.irmplc.com/index.php/111-Vendor-Alerts • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •