CVE-2007-3874
https://notcve.org/view.php?id=CVE-2007-3874
Directory traversal vulnerability in the tftp/mftp daemon in the PXE server component (pxemtftp.exe) in Symantec Altiris Deployment Solution 6.x before 6.8.380.0 allows remote attackers to read arbitrary files via unspecified vectors. Vulnerabilidad de salto de directorio en el demonio tftp/mftp en el componente del servidor PXE (pxemtftp.exe) en Symantec Altiris Deployment Solution 6.x anterior a 6.8.380.0 permite a atacantes remotos leer archivos de su elección a través de vectores no especificados. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=619 http://secunia.com/advisories/27412 http://www.securityfocus.com/bid/26266 http://www.securitytracker.com/id?1018875 http://www.symantec.com/avcenter/security/Content/2007.10.31.html http://www.vupen.com/english/advisories/2007/3673 https://exchange.xforce.ibmcloud.com/vulnerabilities/38178 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2005-1590 – Altiris Deployment Solution 5.6 - Client Service Privilege Escalation
https://notcve.org/view.php?id=CVE-2005-1590
The Altiris Client Service for Windows (ACLIENT.EXE) 6.0.88 allows local users to disable password protection and access the administrative interface by finding and showing the "Altiris Client Service" hidden window, disabling the password protection, disabling the "Hide client tray icon box" option, then opening the AClient tray icon and using the View Log File option, a different vulnerability than CVE-2004-2070. • https://www.exploit-db.com/exploits/24754 http://archives.neohapsis.com/archives/fulldisclosure/2005-04/0614.html http://secunia.com/advisories/15159 http://www.osvdb.org/15897 •