Page 78 of 598 results (0.010 seconds)

CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0

CVE-2008-0640

https://notcve.org/view.php?id=CVE-2008-0640

Symantec Ghost Solution Suite 1.1 before 1.1 patch 2, 2.0.0, and 2.0.1 does not authenticate connections between the console and the Ghost Management Agent, which allows remote attackers to execute arbitrary commands via unspecified RPC requests in conjunction with ARP spoofing. Symantec Ghost Solution Suite versión 1.1 anterior a 1.1 parche 2, versiones 2.0.0 y 2.0.1 no autentica las conexiones entre la consola y Ghost Management Agent, lo que permite a los atacantes remotos ejecutar comandos arbitrarios por medio de peticiones RPC no especificadas en conjunto con suplantación de ARP. • http://secunia.com/advisories/28853 http://www.securityfocus.com/bid/27644 http://www.securitytracker.com/id?1019356 http://www.symantec.com/avcenter/security/Content/2008.02.07.html http://www.vupen.com/english/advisories/2008/0474 • CWE-287: Improper Authentication •

CVSS: 10.0EPSS: 11%CPEs: 2EXPL: 3

CVE-2008-0457 – Symantec Backup Exec Remote File Upload Vulnerability

https://notcve.org/view.php?id=CVE-2008-0457

Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors. Una vulnerabilidad de carga de archivos sin restricciones en la clase FileUpload que se ejecuta en el servidor Symantec LiveState Apache Tomcat, tal y como es usado por Symantec Backup Exec System Recovery Manager versiones 7.0 y 7.0.1, permite a los atacantes remotos cargar y ejecutar archivos JSP arbitrarios por medio de vectores de ataque desconocidos. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Backup Exec System Recovery Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists in the FileUpload class running on the Symantec LiveState Apache Tomcat server. The server is found on TCP ports 8080 and 8443. • https://www.exploit-db.com/exploits/5078 https://www.exploit-db.com/exploits/31072 http://secunia.com/advisories/28787 http://seer.entsupport.symantec.com/docs/297171.htm http://www.securityfocus.com/archive/1/487688/100/0/threaded http://www.securityfocus.com/bid/27487 http://www.securitytracker.com/id?1019303 http://www.symantec.com/avcenter/security/Content/2008.02.04.html http://www.vupen.com/english/advisories/2008/0413 http://www.zerodayinitiative.com/advisories/ZDI- • CWE-20: Improper Input Validation •

CVSS: 5.0EPSS: 1%CPEs: 2EXPL: 0

CVE-2007-4346

https://notcve.org/view.php?id=CVE-2007-4346

The Job Engine (bengine.exe) service in Symantec Backup Exec for Windows Servers (BEWS) 11d build 11.0.7170 and 11.0.6.6235 allows remote attackers to cause a denial of service (NULL dereference and service crash) via a crafted packet to port 5633/tcp. El servicio Job Engine (bengine.exe) de Symantec Backup Exec for Windows Servers (BEWS) 11d buils 11.0.7170 y 11.0.6.6235 permite a atacantes remotos provocar una denegación de servicio (referencia a NULL y caída del servicio) mediante un paquete manipulado al puerto 5633/tcp. • http://secunia.com/advisories/26975 http://secunia.com/secunia_research/2007-74/advisory http://securityresponse.symantec.com/avcenter/security/Content/2007.11.27.html http://securitytracker.com/id?1019001 http://www.securityfocus.com/archive/1/484318/100/0/threaded http://www.securityfocus.com/archive/1/484333/100/0/threaded http://www.securityfocus.com/bid/26028 http://www.vupen.com/english/advisories/2007/4019 https://exchange.xforce.ibmcloud.com/vulnerabilities/38676 • CWE-399: Resource Management Errors •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2007-4347

https://notcve.org/view.php?id=CVE-2007-4347

Multiple integer overflows in the Job Engine (bengine.exe) service in Symantec Backup Exec for Windows Servers (BEWS) 11d build 11.0.7170 and 11.0.6.6235 allow remote attackers to cause a denial of service (CPU and memory consumption) via a crafted packet to port 5633/tcp, which triggers an infinite loop. Múltiples desbordamientos de entero en el servicio Job Engine (bengine.exe) de Symantec Backup Exec para Windows Servers (BEWS) 11d build 11.0.7170 y 11.0.6.6235 permite a atacantes remotos provocar una denegación de servicio (consumo de CPU y memoria) mediante un paquete artesanal al puerto 5633/tcp, lo cual provoca un bucle infinito. • http://secunia.com/advisories/26975 http://secunia.com/secunia_research/2007-74/advisory http://securityresponse.symantec.com/avcenter/security/Content/2007.11.27.html http://www.securityfocus.com/archive/1/484318/100/0/threaded http://www.securityfocus.com/archive/1/484333/100/0/threaded http://www.securityfocus.com/bid/26029 http://www.securitytracker.com/id?1019001 http://www.vupen.com/english/advisories/2007/4019 https://exchange.xforce.ibmcloud.com/vulnerabilities/38677 • CWE-189: Numeric Errors •

CVSS: 9.3EPSS: 4%CPEs: 11EXPL: 0

CVE-2007-5910

https://notcve.org/view.php?id=CVE-2007-5910

Stack-based buffer overflow in Autonomy (formerly Verity) KeyView Viewer, Filter, and Export SDK before 9.2.0.12, as used by ActivePDF DocConverter, wp6sr.dll in IBM Lotus Notes 8.0 and before 7.0.3, Symantec Mail Security, and other products, allows remote attackers to execute arbitrary code via a crafted WordPerfect (WPD) file. Desbordamiento de búfer basado en pila en el Autonomy (antiguamente Verity) KeyView Viewer, en el Filter y en el Export SDK anterior al 9.2.0.12, como el utilizado en el ActivePDF DocConverter, en el wp6sr.dll del IBM Lotus Notes 8.0 y anteriores al 7.0.3, en el Symantec Mail Security y en otros productos, permite a atacantes remotos ejecutar código de su elección a través de un fichero modificado de WordPerfect (WPD). • http://secunia.com/advisories/27304 http://securityreason.com/securityalert/3357 http://securityresponse.symantec.com/avcenter/security/Content/2007.11.01c.html http://securitytracker.com/id?1018853 http://securitytracker.com/id?1018886 http://vuln.sg/lotusnotes702-en.html http://vuln.sg/lotusnotes702wpd-en.html http://www-1.ibm.com/support/docview.wss?rs=899&uid=swg21271111 http://www.securityfocus.com/archive/1/482664 http://www.securityfocus.com/bid/26175 http://www.vupen.com • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •