Password disclosure in the web interface on socomec DIRIS A-40 devices before 48250501 allows a remote attacker to get full access to a device via the /password.jsn URI.

In irisnet-crypto before 1.1.7 for IRISnet, the util/utils.js file allows code execution because of unsafe eval usage.

Datto ALTO and SIRIS devices allow remote attackers to obtain sensitive information about data, software versions, configuration, and virtual machines via a request to a Web Virtual Directory.

Datto ALTO and SIRIS devices allow remote attackers to obtain sensitive information via access to device/VM restore mount points, because they do not have ACLs by default.

Datto ALTO and SIRIS devices have a default VNC password.

Datto ALTO and SIRIS devices allow Remote Code Execution via unauthenticated requests to PHP scripts.

DBManager in Symantec Altiris Deployment Solution 6.9.x before DS 6.9 SP4 allows remote attackers to cause a denial of service via a crafted request.

The Inventory Solution component in the Management Agent in the client in Symantec Altiris IT Management Suite (ITMS) through 7.6 HF7 allows local users to bypass intended application-blacklist restrictions via unspecified vectors.

Multiple SQL injection vulnerabilities in Symantec Altiris WISE Package Studio before 8.0MR1 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.

The awhost32 service in Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), Altiris Client Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), and Altiris Deployment Solution Remote pcAnywhere Solution 7.1 (aka 12.5.x and 12.6.x) allows remote attackers to cause a denial of service (daemon crash) via a crafted TCP session on port 5631.