CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2007-3874
https://notcve.org/view.php?id=CVE-2007-3874
Directory traversal vulnerability in the tftp/mftp daemon in the PXE server component (pxemtftp.exe) in Symantec Altiris Deployment Solution 6.x before 6.8.380.0 allows remote attackers to read arbitrary files via unspecified vectors. Vulnerabilidad de salto de directorio en el demonio tftp/mftp en el componente del servidor PXE (pxemtftp.exe) en Symantec Altiris Deployment Solution 6.x anterior a 6.8.380.0 permite a atacantes remotos leer archivos de su elección a través de vectores no especificados. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=619 http://secunia.com/advisories/27412 http://www.securityfocus.com/bid/26266 http://www.securitytracker.com/id?1018875 http://www.symantec.com/avcenter/security/Content/2007.10.31.html http://www.vupen.com/english/advisories/2007/3673 https://exchange.xforce.ibmcloud.com/vulnerabilities/38178 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.6EPSS: 0%CPEs: 4EXPL: 3CVE-2005-1590 – Altiris Deployment Solution 5.6 - Client Service Privilege Escalation
https://notcve.org/view.php?id=CVE-2005-1590
The Altiris Client Service for Windows (ACLIENT.EXE) 6.0.88 allows local users to disable password protection and access the administrative interface by finding and showing the "Altiris Client Service" hidden window, disabling the password protection, disabling the "Hide client tray icon box" option, then opening the AClient tray icon and using the View Log File option, a different vulnerability than CVE-2004-2070. • https://www.exploit-db.com/exploits/24754 http://archives.neohapsis.com/archives/fulldisclosure/2005-04/0614.html http://secunia.com/advisories/15159 http://www.osvdb.org/15897 •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2004-2070
https://notcve.org/view.php?id=CVE-2004-2070
The Altiris Client Service for Windows 5.6 SP1 Hotfix E (5.6.181) allows local users to execute arbitrary commands by opening the AClient tray icon and using the View Log File option, a different vulnerability than CVE-2005-1590. • http://www.securityfocus.com/archive/1/381649 •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2004-2622
https://notcve.org/view.php?id=CVE-2004-2622
AClient.exe in Altiris Deployment Solution 6.x and 5.x does not require authentication from the first Deployment Server that it connects to, which allows remote malicious servers to gain administrator access. • http://archives.neohapsis.com/archives/bugtraq/2004-10/0211.html http://archives.neohapsis.com/archives/bugtraq/2004-10/0266.html http://packetstorm.linuxsecurity.com/0410-advisories/index2.html http://secunia.com/advisories/12944 http://securitytracker.com/id?1011862 http://www.altiris.com/support/forum/Framesearch.aspx?vpath=/aexkb/public%20articles/6.x/deployment%20solution/kb/ds%20client%20security%20kb%20article%2010-22-04.doc&art=AKB6859&source=Altiris%20Helpdesk&artID=23644&refpara=532392&key=akb6859 h •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2004-1624
https://notcve.org/view.php?id=CVE-2004-1624
Carbon Copy 6.0.5257 does not drop system privileges when opening external programs through the help topic interface, which allows local users to gain privileges via (1) the help topic interface in CCW32.exe, which launches Notepad, or (2) the help button in the Carbon Copy Scheduler (CCSched.exe). • http://marc.info/?l=bugtraq&m=109846296406459&w=2 http://secunia.com/advisories/12962 http://www.securityfocus.com/bid/11500 https://exchange.xforce.ibmcloud.com/vulnerabilities/17838 •