CVSS: 10.0EPSS: 87%CPEs: 88EXPL: 0CVE-2009-3027 – Symantec Multiple Products VRTSweb.exe Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2009-3027
VRTSweb.exe in VRTSweb in Symantec Backup Exec Continuous Protection Server (CPS) 11d, 12.0, and 12.5; Veritas NetBackup Operations Manager (NOM) 6.0 GA through 6.5.5; Veritas Backup Reporter (VBR) 6.0 GA through 6.6; Veritas Storage Foundation (SF) 3.5; Veritas Storage Foundation for Windows High Availability (SFWHA) 4.3MP2, 5.0, 5.0RP1a, 5.0RP2, 5.1, and 5.1AP1; Veritas Storage Foundation for High Availability (SFHA) 3.5; Veritas Storage Foundation for Oracle (SFO) 4.1, 5.0, and 5.0.1; Veritas Storage Foundation for DB2 4.1 and 5.0; Veritas Storage Foundation for Sybase 4.1 and 5.0; Veritas Storage Foundation for Oracle Real Application Cluster (SFRAC) 3.5, 4.0, 4.1, and 5.0; Veritas Storage Foundation Manager (SFM) 1.0, 1.0 MP1, 1.1, 1.1.1Ux, 1.1.1Win, and 2.0; Veritas Cluster Server (VCS) 3.5, 4.0, 4.1, and 5.0; Veritas Cluster Server One (VCSOne) 2.0, 2.0.1, and 2.0.2; Veritas Application Director (VAD) 1.1 and 1.1 Platform Expansion; Veritas Cluster Server Management Console (VCSMC) 5.1, 5.5, and 5.5.1; Veritas Storage Foundation Cluster File System (SFCFS) 3.5, 4.0, 4.1, and 5.0; Veritas Storage Foundation Cluster File System for Oracle RAC (SFCFS RAC) 5.0; Veritas Command Central Storage (CCS) 4.x, 5.0, and 5.1; Veritas Command Central Enterprise Reporter (CC-ER) 5.0 GA, 5.0 MP1, 5.0 MP1RP1, and 5.1; Veritas Command Central Storage Change Manager (CC-SCM) 5.0 and 5.1; and Veritas MicroMeasure 5.0 does not properly validate authentication requests, which allows remote attackers to trigger the unpacking of a WAR archive, and execute arbitrary code in the contained files, via crafted data to TCP port 14300. El archivo VRTSweb.exe en VRTSweb en Backup Exec Continuous Protection Server de Symantec (CPS) versiones 11d, 12.0 y 12.5; Veritas NetBackup Operations Manager (NOM) versiones 6.0 GA hasta 6.5.5; Veritas Backup Reporter (VBR) versiones 6.0 GA hasta 6.6; Veritas Storage Foundation (SF) versión 3.5; Veritas Storage Foundation for Windows High Availability (SFWHA) versiones 4.3MP2, 5.0, 5.0RP1a, 5.0RP2, 5.1 y 5.1AP1; Veritas Storage Foundation for High Availability (SFHA) versión 3.5; Veritas Storage Foundation for Oracle (SFO) versiones 4.1, 5.0 y 5.0.1; Veritas Storage Foundation for DB2 versiones 4.1 y 5.0; Veritas Storage Foundation for Sybase versiones 4.1 y 5.0; Veritas Storage Foundation for Oracle Real Application Cluster (SFRAC) versiones 3.5, 4.0, 4.1 y 5.0; Veritas Storage Foundation Manager (SFM) versiones 1.0, 1.0 MP1, 1.1, 1.1.1Ux, 1.1.1Win y 2.0; Veritas Cluster Server (VCS) versiones 3.5, 4.0, 4.1 y 5.0; Veritas Cluster Server One (VCSOne) versiones 2.0, 2.0.1 y 2.0.2; Veritas Application Director (VAD) versiones 1.1 y 1.1 Platform Expansion; Veritas Cluster Server Management Console (VCSMC) versiones 5.1, 5.5 y 5.5.1; Veritas Storage Foundation Cluster File System (SFCFS) versiones 3.5, 4.0, 4.1 y 5.0; Veritas Storage Foundation Cluster File System for Oracle RAC (SFCFS RAC) versión 5.0; Veritas Command Central Storage (CCS) versiones 4.x, 5.0 y 5.1; Veritas Command Central Enterprise Reporter (CC-ER) versiones 5.0 GA, 5.0 MP1, 5.0 MP1RP1 y 5.1; Veritas Command Central Storage Change Manager (CC-SCM) versiones 5.0 y 5.1; y Veritas MicroMeasure versión 5.0, no comprueba apropiadamente las peticiones de autenticación, que permite a los atacantes remotos desencadenar el desempaquetado de un archivo WAR y ejecutar código arbitrario en los archivos contenidos, por medio de datos diseñados al puerto TCP 14300. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of multiple Symantec products. Authentication is not required to exploit this vulnerability. The specific flaw exists within the VRTSweb.exe Web Server component which listens by default on TCP ports 8181, 8443, and 14300. The process fails to properly validate an authentication request made to port 14300. • http://marc.info/?l=bugtraq&m=126046186917330&w=2 http://secunia.com/advisories/37631 http://secunia.com/advisories/37637 http://secunia.com/advisories/37685 http://securitytracker.com/id?1023309 http://securitytracker.com/id?1023312 http://seer.entsupport.symantec.com/docs/336988.htm http://seer.entsupport.symantec.com/docs/337279.htm http://seer.entsupport.symantec.com/docs/337293.htm http://seer.entsupport.symantec.com/docs/337392.htm http://seer.entsupport.symantec.com/docs&# • CWE-287: Improper Authentication •
CVSS: 9.4EPSS: 0%CPEs: 4EXPL: 0CVE-2008-5407
https://notcve.org/view.php?id=CVE-2008-5407
Multiple unspecified vulnerabilities in the Backup Exec remote-agent logon process in Symantec Backup Exec for Windows Servers 11.0 (aka 11d) builds 6235 and 7170, 12.0 build 1364, and 12.5 build 2213 allow remote attackers to bypass authentication, and read or delete files, via unknown vectors. Múltiples vulnerabilidades sin especificar en el proceso de logon en Backup Exec remote-agent Symantec de Backup Exec para Servidores Windows v11.0 (también conocido como 11d) builds 6235 y 7170, v12.0 build 1364, y v12.5 build 2213, permite a atacantes remotos evitar la autenticación y leer o eliminar archivos a través de vectores desconocidos. • http://secunia.com/advisories/32810 http://securityresponse.symantec.com/avcenter/security/Content/2008.11.19.html http://seer.entsupport.symantec.com/docs/314528.htm http://www.securityfocus.com/bid/32347 http://www.securitytracker.com/id?1021246 http://www.vupen.com/english/advisories/2008/3209 https://exchange.xforce.ibmcloud.com/vulnerabilities/46730 • CWE-287: Improper Authentication •
CVSS: 9.0EPSS: 1%CPEs: 4EXPL: 0CVE-2008-5408
https://notcve.org/view.php?id=CVE-2008-5408
Buffer overflow in the data management protocol in Symantec Backup Exec for Windows Servers 11.0 (aka 11d) builds 6235 and 7170, 12.0 build 1364, and 12.5 build 2213 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via unknown vectors. NOTE: this can be exploited by unauthenticated remote attackers by leveraging CVE-2008-5407. Desbordamiento de búfer en el protocolo de administración de datos en Symantec Backup Exec para Windows Servers 11.0 (alias 11d) builds 6235 y 7170, 12.0 build 1364, y 12.5 build 2213 permiten a los usuarios autenticados remotamente causar una denegación de servicios (caída de la aplicación) y posiblemente ejecutar arbitrariamente código a través de vectores desconocidos. NOTA: esto puede ser explotado por un atacante remoto no autentificado por la utilización de CVE-2008-5407. • http://secunia.com/advisories/32810 http://securityresponse.symantec.com/avcenter/security/Content/2008.11.19.html http://seer.entsupport.symantec.com/docs/314528.htm http://www.securityfocus.com/bid/32346 http://www.securitytracker.com/id?1021246 http://www.vupen.com/english/advisories/2008/3209 https://exchange.xforce.ibmcloud.com/vulnerabilities/46731 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.1EPSS: 78%CPEs: 3EXPL: 0CVE-2007-6017
https://notcve.org/view.php?id=CVE-2007-6017
The PVATLCalendar.PVCalendar.1 ActiveX control in pvcalendar.ocx in the scheduler component in the Media Server in Symantec Backup Exec for Windows Server (BEWS) 11d 11.0.6235 and 11.0.7170, and 12.0 12.0.1364, exposes the unsafe Save method, which allows remote attackers to cause a denial of service (browser crash), or create or overwrite arbitrary files, via string values of the (1) _DOWText0, (2) _DOWText1, (3) _DOWText2, (4) _DOWText3, (5) _DOWText4, (6) _DOWText5, (7) _DOWText6, (8) _MonthText0, (9) _MonthText1, (10) _MonthText2, (11) _MonthText3, (12) _MonthText4, (13) _MonthText5, (14) _MonthText6, (15) _MonthText7, (16) _MonthText8, (17) _MonthText9, (18) _MonthText10, and (19) _MonthText11 properties. NOTE: the vendor states "Authenticated user involvement required," but authentication is not needed to attack a client machine that loads this control. El Control ActiveX de PVATLCalendar.PVCalendar.1 en el archivo pvcalendar.ocx en el componente scheduler en el servidor multimedia de Symantec Backup Exec para Windows Server (BEWS) 11d versiones 11.0.6235 y 11.0.7170 y 12.0 12.0.1364, expone el método Save no seguro, que permite a atacantes remotos causar una denegación de servicio (bloqueo del navegador), o crear o sobrescribir archivos arbitrarios, por medio de valores de cadena de las propiedades (1) _DOWText0, (2) _DOWText1, (3) _DOWText2, (4) _DOWText3, (5) _DOWText4, (6) _DOWText5, (7) _DOWText6, (8) _MonthText0, (9) _MonthText1, (10) _MonthText2, (11) _MonthText3, (12) _MonthText4, (13) _MonthText5, (14) _MonthText6, (15) _MonthText7, (16) _MonthText8, (17) _MonthText9, (18) _MonthText10, y (19) _MonthText11. NOTA: el proveedor indica "Authenticated user involvement required", pero no es necesaria la autenticación para atacar un equipo cliente que carga este control. • http://secunia.com/advisories/27885 http://secunia.com/secunia_research/2007-101 http://securitytracker.com/id?1019525 http://seer.entsupport.symantec.com/docs/300471.htm http://seer.support.veritas.com/docs/308669.htm http://support.veritas.com/docs/300471 http://www.securityfocus.com/bid/28008 http://www.symantec.com/avcenter/security/Content/2008.02.28.html http://www.symantec.com/avcenter/security/Content/2008.02.29.html http://www.vupen.com/english/advisories/2008/0718& • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 96%CPEs: 3EXPL: 2CVE-2007-6016 – Symantec BackupExec Calendar Control - 'PVCalendar.ocx' Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2007-6016
Multiple stack-based buffer overflows in the PVATLCalendar.PVCalendar.1 ActiveX control in pvcalendar.ocx in the scheduler component in the Media Server in Symantec Backup Exec for Windows Server (BEWS) 11d 11.0.6235 and 11.0.7170, and 12.0 12.0.1364, allow remote attackers to execute arbitrary code via a long (1) _DOWText0, (2) _DOWText1, (3) _DOWText2, (4) _DOWText3, (5) _DOWText4, (6) _DOWText5, (7) _DOWText6, (8) _MonthText0, (9) _MonthText1, (10) _MonthText2, (11) _MonthText3, (12) _MonthText4, (13) _MonthText5, (14) _MonthText6, (15) _MonthText7, (16) _MonthText8, (17) _MonthText9, (18) _MonthText10, or (19) _MonthText11 property value when executing the Save method. NOTE: the vendor states "Authenticated user involvement required," but authentication is not needed to attack a client machine that loads this control. Múltiples desbordamientos de búfer en el control ActiveX PVATLCalendar.PVCalendar.1 en el archivo pvcalendar.ocx en el componente scheduler en el Servidor Multimedia en Symantec Backup Exec for Windows Server (BEWS) versiones 11d 11.0.6235 y 11.0.7170, y versiones 12.0 12.0.1364, permite a atacantes remotos ejecutar código arbitrario por medio de un valor de propiedad largo (1) _DOWText0, (2) _DOWText1, (3) _DOWText2, (4) _DOWText3, (5) _DOWText4, (6) _DOWText5, (7) _DOWText6, (8) _MonthText0, (9) _MonthText1, (10) _MonthText2, (11) _TextoMes3, (12) _TextoMes4, (13) _TextoMes5, (14) _TextoMes6, (15) _TextoMes7, (16) _TextoMes8, (17) _TextoMes9, (18) _TextoMes10, o (19) _TextoMes11, cuando se ejecuta el método Save. NOTA: el proveedor declara "Authenticated user involvement required," pero la autenticación no es necesaria para atacar una máquina cliente que carga este control. • https://www.exploit-db.com/exploits/5205 https://www.exploit-db.com/exploits/16582 http://secunia.com/advisories/27885 http://secunia.com/secunia_research/2007-101/advisory http://securitytracker.com/id?1019524 http://seer.support.veritas.com/docs/308669.htm http://www.securityfocus.com/bid/26904 http://www.symantec.com/avcenter/security/Content/2008.02.28.html http://www.symantec.com/avcenter/security/Content/2008.02.29.html http://www.vupen.com/english/advisories/2008/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •