Lucene search
Brett Moore of Insomnia Security www.insomniasec.comZDI-08-024HistoryMay 15, 2008 - 12:00 a.m.
Symantec Altiris Deployment Solution SQL Injection Vulnerability
2008-05-1500:00:00
Brett Moore of Insomnia Security www.insomniasec.com
www.zerodayinitiative.com
13
0.362 Low
EPSS
Percentile
97.2%
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Symantec Altiris Deployment Solution. User interaction is not required to exploit this vulnerability. The specific flaw exists within the axengine.exe process listening by default on TCP port 402. A lack of proper sanitation while parsing requests allows for a remote attacker to inject arbitrary SQL statements into the database. Exploitation of this vulnerability can result in arbitrary code execution under the context of the SYSTEM user.
Related
prion
prion
Sql injection
2008-05-18 14:20:00
nvd
nvd
CVE-2008-2286
2008-05-18 14:20:00
cve
cve
CVE-2008-2286
2008-05-18 14:20:00
zdt
zdt
Symantec Altiris DS SQL Injection Exploit
2013-11-13 00:00:00
saint
saint
Symantec Altiris DS SQL injection
2013-11-18 00:00:00
Symantec Altiris DS SQL injection
2013-11-18 00:00:00
Symantec Altiris DS SQL injection
2013-11-18 00:00:00
cvelist
cvelist
CVE-2008-2286
2008-05-18 14:00:00
packetstorm
packetstorm
Symantec Altiris DS SQL Injection
2013-11-09 00:00:00
nessus
nessus
Altiris Deployment Solution < 6.9.176 Multiple Vulnerabilities
2008-05-15 00:00:00