CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2011-3477
https://notcve.org/view.php?id=CVE-2011-3477
GEAR Software CD DVD Filter driver (aka GEARAspiWDM.sys), as used in Symantec Backup Exec System Recovery 8.5 and BESR 2010, Symantec System Recovery 2011, Norton 360, and Norton Ghost, allows local users to cause a denial of service (system crash) via unspecified vectors. GEAR Software CD DVD Filter driver (también conocido como GEARAspiWDM.sys), tal y como se usa en Symantec Backup Exec System Recovery 8.5 y BESR 2010, Symantec System Recovery 2011, Norton 360 y Norton Ghost, permite que los usuarios locales provoquen una denegación de servicio (cierre inesperado del sistema) mediante vectores no especificados. • http://www.securityfocus.com/bid/47822 https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20111109_00 • CWE-20: Improper Input Validation •
CVSS: 4.4EPSS: 0%CPEs: 3EXPL: 0CVE-2012-0305
https://notcve.org/view.php?id=CVE-2012-0305
Untrusted search path vulnerability in Symantec System Recovery 2011 before SP2 and Backup Exec System Recovery 2010 before SP5 allows local users to gain privileges via a Trojan horse DLL in the current working directory. Vulnerabilidad de path de búsqueda no confiable en Symantec System Recovery 2011 anteriores a SP2 y Backup Exec System Recovery 2010 anteriores a SP5, podría permitir a usuario locales obtener privilegios a través de una DLL troyanizada en el directorio de trabajo actual. • http://www.securityfocus.com/bid/54594 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120720_01 •
CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 0CVE-2008-2512
https://notcve.org/view.php?id=CVE-2008-2512
Directory traversal vulnerability in Symantec Backup Exec System Recovery Manager 7.x before 7.0.4 and 8.x before 8.0.2 allows remote attackers to read arbitrary files via unspecified vectors. Una vulnerabilidad de salto de directorio en Symantec Backup Exec System Recovery Manager versiones 7.x anteriores a 7.0.4 y versiones 8.x anteriores a 8.0.2, permite a los atacantes remotos leer archivos arbitrarios por medio de vectores no especificados. • http://secunia.com/advisories/30432 http://securityresponse.symantec.com/avcenter/security/Content/2008.05.28c.html http://www.securityfocus.com/bid/29350 http://www.securitytracker.com/id?1020128 http://www.vupen.com/english/advisories/2008/1686/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42714 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 14%CPEs: 2EXPL: 3CVE-2008-0457 – Symantec Backup Exec Remote File Upload Vulnerability
https://notcve.org/view.php?id=CVE-2008-0457
Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors. Una vulnerabilidad de carga de archivos sin restricciones en la clase FileUpload que se ejecuta en el servidor Symantec LiveState Apache Tomcat, tal y como es usado por Symantec Backup Exec System Recovery Manager versiones 7.0 y 7.0.1, permite a los atacantes remotos cargar y ejecutar archivos JSP arbitrarios por medio de vectores de ataque desconocidos. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Backup Exec System Recovery Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists in the FileUpload class running on the Symantec LiveState Apache Tomcat server. The server is found on TCP ports 8080 and 8443. • https://www.exploit-db.com/exploits/5078 https://www.exploit-db.com/exploits/31072 http://secunia.com/advisories/28787 http://seer.entsupport.symantec.com/docs/297171.htm http://www.securityfocus.com/archive/1/487688/100/0/threaded http://www.securityfocus.com/bid/27487 http://www.securitytracker.com/id?1019303 http://www.symantec.com/avcenter/security/Content/2008.02.04.html http://www.vupen.com/english/advisories/2008/0413 http://www.zerodayinitiative.com/advisories/ZDI- • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 2%CPEs: 2EXPL: 0CVE-2007-4346
https://notcve.org/view.php?id=CVE-2007-4346
The Job Engine (bengine.exe) service in Symantec Backup Exec for Windows Servers (BEWS) 11d build 11.0.7170 and 11.0.6.6235 allows remote attackers to cause a denial of service (NULL dereference and service crash) via a crafted packet to port 5633/tcp. El servicio Job Engine (bengine.exe) de Symantec Backup Exec for Windows Servers (BEWS) 11d buils 11.0.7170 y 11.0.6.6235 permite a atacantes remotos provocar una denegación de servicio (referencia a NULL y caída del servicio) mediante un paquete manipulado al puerto 5633/tcp. • http://secunia.com/advisories/26975 http://secunia.com/secunia_research/2007-74/advisory http://securityresponse.symantec.com/avcenter/security/Content/2007.11.27.html http://securitytracker.com/id?1019001 http://www.securityfocus.com/archive/1/484318/100/0/threaded http://www.securityfocus.com/archive/1/484333/100/0/threaded http://www.securityfocus.com/bid/26028 http://www.vupen.com/english/advisories/2007/4019 https://exchange.xforce.ibmcloud.com/vulnerabilities/38676 • CWE-399: Resource Management Errors •