167 matches found
Design/Logic Flaw
Unspecified vulnerability in a tooltip element in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 allows local users to gain privileges via unknown attack vectors...
CVE-2008-2286
SQL injection vulnerability in axengine.exe in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 allows remote attackers to execute arbitrary SQL commands via unspecified string fields in a notification packet...
CVE-2008-2290
Unspecified vulnerability in the Agent user interface in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 allows local users to gain privileges via unknown attack vectors...
CVE-2008-2287
Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 does not properly protect the install directory, which might allow local users to gain privileges by replacing an application component with a Trojan horse...
Command injection
axengine.exe in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 generates credentials with a fixed salt or without any salt, which makes it easier for remote attackers to guess encrypted domain credentials...
CVE-2008-2289
Unspecified vulnerability in a tooltip element in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 allows local users to gain privileges via unknown attack vectors...
Design/Logic Flaw
Unspecified vulnerability in the Agent user interface in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 allows local users to gain privileges via unknown attack vectors...
CVE-2008-2291
axengine.exe in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 generates credentials with a fixed salt or without any salt, which makes it easier for remote attackers to guess encrypted domain credentials...
Design/Logic Flaw
Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 does not properly protect the install directory, which might allow local users to gain privileges by replacing an application component with a Trojan horse...
CVE-2008-2291
Symantec Altiris Deployment Solution 6.8.x and 6.9.x prior to 6.9.176 are affected by CVE-2008-2291 due to an insecure credential mechanism in axengine.exe. The service, listening on TCP port 402, generates domain credentials with a fixed salt or no salt at all, enabling remote attackers to guess...
CVE-2008-2288
Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 has insufficient access control for deletion and modification of registry keys, enabling local users to cause a denial of service or obtain sensitive information. This CVE (CVE-2008-2288) is documented in NVD and related Nessus e...
CVE-2008-2290
CVE-2008-2290 affects Symantec Altiris Deployment Solution Agent in 6.8.x and 6.9.x prior to 6.9.176. It is described as an unspecified local privilege escalation via the Agent user interface, with a CVSS v2 base score of 7.2 (LOCAL attack vector, HIGH impact). Public references note multiple loc...
CVE-2008-2286
CVE-2008-2286 describes an SQL injection in Symantec Altiris Deployment Solution (DS) via axengine.exe, affecting 6.8.x and 6.9.x before 6.9.176. The vulnerability allows remote execution of arbitrary SQL commands through crafted notification packets (Port 402/tcp), with network access and no aut...
CVE-2008-2289
The CVE-2008-2289 entry concerns Symantec Altiris Deployment Solution 6.8.x and 6.9.x prior to 6.9.176. A vulnerability in a tooltip element enables local users to gain privileges via unspecified attack vectors. Connected documents corroborate the issue as part of multiple local vulnerabilities a...
CVE-2008-2288
Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 has insufficient access control for deletion and modification of registry keys, which allows local users to cause a denial of service or obtain sensitive information...
CVE-2008-2290
Unspecified vulnerability in the Agent user interface in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 allows local users to gain privileges via unknown attack vectors...
CVE-2008-2291
axengine.exe in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 generates credentials with a fixed salt or without any salt, which makes it easier for remote attackers to guess encrypted domain credentials...
CVE-2008-2287
Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 does not properly protect the install directory, which might allow local users to gain privileges by replacing an application component with a Trojan horse...
CVE-2008-2287
Affected product: Symantec Altiris Deployment Solution 6.8.x and 6.9.x prior to 6.9.176. Issue: insufficient protection of the install directory may allow a local user to gain privileges by replacing an application component with a Trojan horse. Documented impact: local privilege escalation with ...
Symantec Altiris Deployment Solution多个安全漏洞
BUGTRAQ ID: 29198,29199,29194,29218,29196,29197 Symantec Altiris Deployment Solution是自动化的操作系统部署解决方案,用于从统一的位置部署和管理服务器、桌面和笔记本等。 Symantec Altiris Deployment Solution中存在多个安全漏洞,可能允许恶意的本地或远程用户获得权限提升、操控某些数据、泄露敏感信息、执行SQL注入攻击或入侵有漏洞的系统。 1 默认监听于TCP...