CVSS: 7.5EPSS: 5%CPEs: 23EXPL: 3CVE-2012-0292 – pcAnywhere 12.5.0 build 463 - Denial of Service
https://notcve.org/view.php?id=CVE-2012-0292
08 Mar 2012 — The awhost32 service in Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), Altiris Client Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), and Altiris Deployment Solution Remote pcAnywhere Solution 7.1 (aka 12.5.x and 12.6.x) allows remote attackers to cause a denial of service (daemon crash) via a crafted TCP session on port 5631. El servicio awhost32 en Symantec pcAnywhere hasta v12.5.3, Altiris IT Managemen... • https://www.exploit-db.com/exploits/18493 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 22EXPL: 0CVE-2012-0291
https://notcve.org/view.php?id=CVE-2012-0291
22 Feb 2012 — Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), Altiris Client Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), and Altiris Deployment Solution Remote pcAnywhere Solution 7.1 (aka 12.5.x and 12.6.x) allow remote attackers to cause a denial of service (application crash or hang) via (1) malformed data from a client, (2) malformed data from a server, or (3) an invalid response. Symantec pcAnywhere hasta la v1... • http://secunia.com/advisories/48092 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 31EXPL: 0CVE-2012-0290
https://notcve.org/view.php?id=CVE-2012-0290
06 Feb 2012 — Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), Altiris Client Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), and Altiris Deployment Solution Remote pcAnywhere Solution 7.1 (aka 12.5.x and 12.6.x) do not properly handle the client state after abnormal termination of a remote session, which allows remote attackers to obtain access to the client by leveraging an "open client session." Symantec pcAnywhere ha... • http://secunia.com/advisories/48092 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 1CVE-2011-3479 – Symantec pcAnywhere - Insecure File Permissions Privilege Escalation
https://notcve.org/view.php?id=CVE-2011-3479
25 Jan 2012 — Symantec pcAnywhere 12.5.x through 12.5.3, and IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), uses world-writable permissions for product-installation files, which allows local users to gain privileges by modifying a file. Symantec pcAnywhere v12.5.x a través de c12.5.3, y IT Management Suite pcAnywhere solución c7.0 (aka 12.5.x) y c7.1 (también conocido como 12.6.x), utiliza el mundo pueda escribir permisos para los archivos de instalación del producto, que permite a usuario... • https://www.exploit-db.com/exploits/18823 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 87%CPEs: 8EXPL: 2CVE-2011-3478 – Symantec PCAnywhere awhost32 Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-3478
25 Jan 2012 — The host-services component in Symantec pcAnywhere 12.5.x through 12.5.3, and IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), does not properly filter login and authentication data, which allows remote attackers to execute arbitrary code via a crafted session on TCP port 5631. El componente de host de servicios de Symantec pcAnywhere v12.5.x a través de v12.5.3, y IT Management Suite pcAnywhere Solution v7.0 (aka 12.5.x) y v7.1 (también conocido como 12.6.x), de inicio de sesi... • https://www.exploit-db.com/exploits/19407 • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2009-0538
https://notcve.org/view.php?id=CVE-2009-0538
18 Mar 2009 — Format string vulnerability in Symantec pcAnywhere before 12.5 SP1 allows local users to read and modify arbitrary memory locations, and cause a denial of service (application crash) or possibly have unspecified other impact, via format string specifiers in the pathname of a remote control file (aka .CHF file). Una vulnerabilidad de formato de cadena en Symantec pcAnywhere antes de 12.5 SP1 permite a atacantes remotos leer y modificar localizaciones de memoria de su elección y producir una denegación de ser... • http://osvdb.org/52797 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2006-3785
https://notcve.org/view.php?id=CVE-2006-3785
21 Jul 2006 — Symantec pcAnywhere 12.5 obfuscates the passwords in a GUI textbox with asterisks but does not encrypt them in the associated .cif (aka caller or CallerID) file, which allows local users to obtain the passwords from the window using tools such as Nirsoft Asterwin. Symantec pcAnywhere 12.5 ofusca la contraseña en un cuadro de texto del GUI con asteriscos, pero no la encripta en el fichero .cif asociado (también conocido como caller o CallerID), lo que permite a usuarios locales obtener la contraseña de la ve... • http://securityreason.com/securityalert/1261 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2006-3786
https://notcve.org/view.php?id=CVE-2006-3786
21 Jul 2006 — Symantec pcAnywhere 12.5 uses weak integrity protection for .cif (aka caller or CallerID) files, which allows local users to generate a custom .cif file and modify the superuser flag. Symantec pcAnywhere 12.5 utiliza protección de integridad débil para los ficheros .cif (también conocido como caller o CallerID), lo cual permite a usuarios locales generar un fichero .cif personalizado y modificar la bandera de super-usuario. • http://securityreason.com/securityalert/1261 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2006-3784
https://notcve.org/view.php?id=CVE-2006-3784
21 Jul 2006 — Symantec pcAnywhere 12.5 uses weak default permissions for the "Symantec\pcAnywhere\Hosts" folder, which allows local users to gain privileges by inserting a superuser .cif (aka caller or CallerID) file into the folder, and then using a pcAnywhere client to login as a local administrator. Symantec pcAnywhere 12.5 utiliza unos permisos por defecto débiles para la carpeta "Symantec\pcAnywhere\Hosts", lo cual permite a un usuario local ganar privilegios a través de la insercción de un superusuario archivo .cif... • http://secunia.com/advisories/21113 •