CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2007-3874 – iDEFENSE Security Advisory 2007-10-31.2
https://notcve.org/view.php?id=CVE-2007-3874
31 Oct 2007 — Directory traversal vulnerability in the tftp/mftp daemon in the PXE server component (pxemtftp.exe) in Symantec Altiris Deployment Solution 6.x before 6.8.380.0 allows remote attackers to read arbitrary files via unspecified vectors. Vulnerabilidad de salto de directorio en el demonio tftp/mftp en el componente del servidor PXE (pxemtftp.exe) en Symantec Altiris Deployment Solution 6.x anterior a 6.8.380.0 permite a atacantes remotos leer archivos de su elección a través de vectores no especificados. Remot... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=619 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 3CVE-2005-1590 – Altiris Deployment Solution 5.6 - Client Service Privilege Escalation
https://notcve.org/view.php?id=CVE-2005-1590
16 May 2005 — The Altiris Client Service for Windows (ACLIENT.EXE) 6.0.88 allows local users to disable password protection and access the administrative interface by finding and showing the "Altiris Client Service" hidden window, disabling the password protection, disabling the "Hide client tray icon box" option, then opening the AClient tray icon and using the View Log File option, a different vulnerability than CVE-2004-2070. • https://www.exploit-db.com/exploits/24754 •