CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2008-2512
https://notcve.org/view.php?id=CVE-2008-2512
02 Jun 2008 — Directory traversal vulnerability in Symantec Backup Exec System Recovery Manager 7.x before 7.0.4 and 8.x before 8.0.2 allows remote attackers to read arbitrary files via unspecified vectors. Una vulnerabilidad de salto de directorio en Symantec Backup Exec System Recovery Manager versiones 7.x anteriores a 7.0.4 y versiones 8.x anteriores a 8.0.2, permite a los atacantes remotos leer archivos arbitrarios por medio de vectores no especificados. • http://secunia.com/advisories/30432 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 29%CPEs: 2EXPL: 3CVE-2008-0457 – Symantec Backup Exec Remote File Upload Vulnerability
https://notcve.org/view.php?id=CVE-2008-0457
06 Feb 2008 — Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors. Una vulnerabilidad de carga de archivos sin restricciones en la clase FileUpload que se ejecuta en el servidor Symantec LiveState Apache Tomcat, tal y como es usado por Symantec Backup Exec System Recovery Manager versiones 7.0 y 7.0.1... • https://www.exploit-db.com/exploits/5078 • CWE-20: Improper Input Validation •