CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
Norton_core_firmware, Norton_core, Advanced_secure_gateway, Advanced_threat_protection, Altiris_client_management_suite_pcanywhere_solution, Altiris_climentent_manage_suite_pcanywhere_solution, Altiris_deployment_solution, Altiris_deployment_solution_remote_pcanywhere_solution, Altiris_it_management_suite, Altiris_it_management_suite_pcanywhere_solution
2017-08-17
N/A
N/A
The ListView control in the Client GUI (AClient.exe) in Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 allows local users to gain SYSTEM privileges and execute arbitrary commands via a "Shatter" style attack on the "command prompt" hidden GUI button to (1) overwrite the CommandLine parameter to cmd.exe to use SYSTEM privileges and (2) modify the DLL that is loaded using the LoadLibrary API function.
dhtml.pl in MHF Media Pro allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter, as demonstrated using the (1) advert_top.htm or (2) advert_login.htm pages.
Directory traversal vulnerability in user/index.php in Fonality trixbox CE 2.6.1 and earlier allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the langChoice parameter.
The management interface on the A-LINK WL54AP3 and WL54AP2 access points has a blank default password for the admin account, which makes it easier for remote attackers to obtain access.
Multiple cross-site request forgery (CSRF) vulnerabilities in the management interface on the A-LINK WL54AP3 and WL54AP2 access points before firmware 1.4.2-eng1 allow remote attackers to hijack the authentication of administrators for requests that (1) modify the network configuration via certain parameters to goform/formWanTcpipSetup or (2) modify credentials via certain parameters to goform/formPasswordSetup.
Unrestricted file upload vulnerability in uploadp.php in New Earth Programming Team (NEPT) imgupload (aka Image Uploader) 1.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension and a modified content type, then accessing this file via a direct request, as demonstrated by an upload with an image/jpeg content type. NOTE: some of these details are obtained from third party information.
Buffer overflow in the DAS server in IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 might allow attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors, a different vulnerability than CVE-2007-3676 and CVE-2008-3853.
The db2fmp process in IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 on Windows runs with "OS privilege," which has unknown impact and attack vectors, a different vulnerability than CVE-2008-3856.
win32k.sys in Microsoft Windows Server 2003 and Vista allows local users to cause a denial of service (system crash) via vectors related to CreateWindow, TranslateMessage, and DispatchMessage, possibly a race condition between threads, a different vulnerability than CVE-2008-1084. NOTE: some of these details are obtained from third party information.
Mole Group Real Estate Script 1.1 and earlier stores passwords in cleartext, which allows context-dependent attackers to obtain sensitive information. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.