CVE-2021-27876

An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires successful authentication, which is typically completed over a secure TLS communication. However, due to a vulnerability in the SHA Authentication scheme, an attacker is able to ga...

CVE-2021-27876

CVE-2021-27876 affects Veritas Backup Exec (BE) Remote Agent/BE Agent prior to 21.2. The SHA-authentication vulnerability allows an attacker to bypass authentication, issue data-management commands on an authenticated channel, and access arbitrary files on the BE Agent system with SYSTEM/root pri...

PT-2021-7748

Name of the Vulnerable Software and Affected Versions Veritas Backup Exec versions prior to 21.2 Description An issue exists in Veritas Backup Exec related to flaws in the SHA authentication scheme. This can allow an attacker to gain unauthorized access and complete the authentication process...

CVE-2021-27876

An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires successful authentication, which is typically completed over a secure TLS communication. However, due to a vulnerability in the SHA Authentication scheme, an attacker is able to ga...

PT-2021-7747

Name of the Vulnerable Software and Affected Versions Veritas Backup Exec versions prior to 21.2 Description The software exhibits an improper authentication issue related to the SHA cryptographic algorithm. The authentication scheme is no longer used in current versions of the product but had no...

Veritas Backup Exec 安全漏洞

Veritas Technologies Veritas Backup Exec is a powerful suite of data backup and recovery tools from Veritas Technologies. With a web-based management console and an intuitive graphical user interface with easy-to-use wizards, the software simplifies installation and improves manageability...

CVE-2021-27877

An issue was discovered in Veritas Backup Exec before 21.2. It supports multiple authentication schemes: SHA authentication is one of these. This authentication scheme is no longer used in current versions of the product, but hadn’t yet been disabled. An attacker could remotely exploit this schem...

Veritas Backup Exec 安全漏洞

Veritas Technologies Veritas Backup Exec is a powerful suite of data backup and recovery tools from Veritas Technologies. With a web-based management console and an intuitive graphical user interface with easy-to-use wizards, the software simplifies installation and improves manageability...

Veritas Backup Exec 安全漏洞

Veritas Technologies Veritas Backup Exec is a powerful suite of data backup and recovery tools from Veritas Technologies. With a web-based management console and an intuitive graphical user interface with easy-to-use wizards, the software simplifies installation and improves manageability...

CVE-2021-27878

An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires successful authentication, which is typically completed over a secure TLS communication. However, due to a vulnerability in the SHA Authentication scheme, an attacker is able to ga...

PT-2021-7746

Name of the Vulnerable Software and Affected Versions Veritas Backup Exec versions prior to 21.2 Description A flaw exists in Veritas Backup Exec related to weaknesses in the authentication process when using the SHA cryptographic algorithm. This allows a remote attacker to gain unauthorized acce...

CVE-2019-25022

An issue was discovered in Scytl sVote 2.1. An attacker can inject code that gets executed by creating an election-event and injecting a payload over an event alias, because the application calls Runtime.getRuntime.exec without validation...

Command Injection

theme-core is vulnerable to command injection. An attacker may inject malicious command via the lib/utils.js. The vulnerability exists due to the insecure usage of the exec function with unsanitized values...

Arbitrary Command Injection

Overview onion-oled-js is a JS library that exposes a collection of functions that wrap the oled-exp executable that controls the onion omega OLED display. Affected versions of this package are vulnerable to Arbitrary Command Injection. If attacker-controlled user input is given to the scroll...

Arbitrary Command Injection

Overview portkiller is a port killer. Affected versions of this package are vulnerable to Arbitrary Command Injection. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input...

Arbitrary Command Injection

Overview killport is an a nodejs module to kill any processes base on its port Affected versions of this package are vulnerable to Arbitrary Command Injection. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the...

Arbitrary Command Injection

Overview kill-process-by-name is a Kills all processes by a certain program Affected versions of this package are vulnerable to Arbitrary Command Injection. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the...

Arbitrary Command Injection

Overview killing is a Kill Process Affected versions of this package are vulnerable to Arbitrary Command Injection. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input...

Arbitrary Command Injection

Overview kill-by-port is a kills process by port Affected versions of this package are vulnerable to Arbitrary Command Injection. If attacker-controlled user input is given to the killByPort function, it is possible for an attacker to execute arbitrary commands. This is due to use of the...

Arbitrary Command Injection

Overview ps-kill is a Kill processes with ease Affected versions of this package are vulnerable to Arbitrary Command Injection. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exe...