2 results (0.007 seconds)

CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 0

Directory traversal vulnerability in Symantec Backup Exec System Recovery Manager 7.x before 7.0.4 and 8.x before 8.0.2 allows remote attackers to read arbitrary files via unspecified vectors. Una vulnerabilidad de salto de directorio en Symantec Backup Exec System Recovery Manager versiones 7.x anteriores a 7.0.4 y versiones 8.x anteriores a 8.0.2, permite a los atacantes remotos leer archivos arbitrarios por medio de vectores no especificados. • http://secunia.com/advisories/30432 http://securityresponse.symantec.com/avcenter/security/Content/2008.05.28c.html http://www.securityfocus.com/bid/29350 http://www.securitytracker.com/id?1020128 http://www.vupen.com/english/advisories/2008/1686/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42714 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 10.0EPSS: 11%CPEs: 2EXPL: 3

Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors. Una vulnerabilidad de carga de archivos sin restricciones en la clase FileUpload que se ejecuta en el servidor Symantec LiveState Apache Tomcat, tal y como es usado por Symantec Backup Exec System Recovery Manager versiones 7.0 y 7.0.1, permite a los atacantes remotos cargar y ejecutar archivos JSP arbitrarios por medio de vectores de ataque desconocidos. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Backup Exec System Recovery Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists in the FileUpload class running on the Symantec LiveState Apache Tomcat server. The server is found on TCP ports 8080 and 8443. • https://www.exploit-db.com/exploits/5078 https://www.exploit-db.com/exploits/31072 http://secunia.com/advisories/28787 http://seer.entsupport.symantec.com/docs/297171.htm http://www.securityfocus.com/archive/1/487688/100/0/threaded http://www.securityfocus.com/bid/27487 http://www.securitytracker.com/id?1019303 http://www.symantec.com/avcenter/security/Content/2008.02.04.html http://www.vupen.com/english/advisories/2008/0413 http://www.zerodayinitiative.com/advisories/ZDI- • CWE-20: Improper Input Validation •