Symantec Backup Exec RALUS Code Execution (SYM13-009)

The version of Symantec Backup Exec RALUS installed on the remote host is 2010 earlier than 2010 R3 SP3, or 2012 earlier than 2012 SP2. Such versions are potentially affected by a heap overflow vulnerability. By exploiting this flaw, a remote, unauthenticated attacker could execute arbitrary code...

Symantec Backup Exec Server Multiple Vulnerabilities (SYM13-009)

According to its version number, the Symantec Backup Exec Server installed on the remote Windows host is affected by multiple vulnerabilities : - Multiple cross-site scripting vulnerabilities exist in the management console and the beutility console. CVE-2013-4676 - Backup and restore data files...

Symantec Backup Exec Remote Agent for Linux and UNIX Servers (RALUS) Installed

Symantec Backup Exec Remote Agent for Linux and UNIX Servers RALUS, a backup agent for Linux and UNIX servers, is installed on the remote host. TRUSTED...

CVE-2013-4575

Heap-based buffer overflow in the utility program in the Linux agent in Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 allows remote attackers to cause a denial of service agent crash or possibly execute arbitrary code via unspecified vectors...

CVE-2013-4677

Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 uses weak permissions Everyone: Read and Everyone: Change for backup data files, which allows local users to obtain sensitive information or modify the outcome of a restore via direct access to these files...

CVE-2013-4678

The NDMP protocol implementation in Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 allows remote authenticated users to obtain sensitive host-version information via unspecified vectors...

CVE-2013-4676

Multiple cross-site scripting XSS vulnerabilities in Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 allow remote attackers to inject arbitrary web script or HTML via vectors involving a 1 custom-reports generation page, 2 Storage Devices creation page, or 3 jobs creation page...

Design/Logic Flaw

Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 uses weak permissions Everyone: Read and Everyone: Change for backup data files, which allows local users to obtain sensitive information or modify the outcome of a restore via direct access to these files...

Information disclosure

The NDMP protocol implementation in Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 allows remote authenticated users to obtain sensitive host-version information via unspecified vectors...

Heap overflow

Heap-based buffer overflow in the utility program in the Linux agent in Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 allows remote attackers to cause a denial of service agent crash or possibly execute arbitrary code via unspecified vectors...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 allow remote attackers to inject arbitrary web script or HTML via vectors involving a 1 custom-reports generation page, 2 Storage Devices creation page, or 3 jobs creation page...

KLA10351 Multiple vulnerabilities in Symantec Backup Exec

Multiple serious vulnerabilities have been found in Symantec Backup Exec. Malicious users can exploit these vulnerabilities to cause denial of service, obtain sensitive information, read-write backup files, inject scripts and execute arbitrary code Below is a complete list of vulnerabilities 1...

CVE-2013-4575

The CVE-2013-4575 issue is a heap-based buffer overflow in the Linux agent utility of Symantec Backup Exec (affecting Backup Exec 2010 R3 before SP3 and 2012 before SP2; also reflected for RALUS installations per Nessus). This allows remote, unauthenticated attackers to cause a denial of service ...

CVE-2013-4678

CVE-2013-4678 concerns the NDMP protocol implementation in Symantec Backup Exec 2010 R3 (before SP3) and 2012 (before SP2). The issue allows remote authenticated users to obtain sensitive host-version information via unspecified vectors, indicating an information-disclosure risk tied to the NDMP ...

CVE-2013-4677

Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 uses weak permissions Everyone: Read and Everyone: Change for backup data files, which allows local users to obtain sensitive information or modify the outcome of a restore via direct access to these files...

CVE-2013-4677

CVE-2013-4677 concerns Symantec Backup Exec data files stored with weak ACLs, enabling local users to read or alter backup data by direct file access. The affected products, per sources, are: Symantec Backup Exec 2010 R3 (before SP3) and Symantec Backup Exec 2012 (before SP2). The underlying issu...

CVE-2013-4676

Symantec Backup Exec Server is affected by CVE-2013-4676: multiple cross-site scripting (XSS) vulnerabilities in the management console and the beutility console. The issues allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) the custom-reports generation page,...

CVE-2013-4676

Multiple cross-site scripting XSS vulnerabilities in Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 allow remote attackers to inject arbitrary web script or HTML via vectors involving a 1 custom-reports generation page, 2 Storage Devices creation page, or 3 jobs creation page...

CVE-2013-4678

The NDMP protocol implementation in Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 allows remote authenticated users to obtain sensitive host-version information via unspecified vectors...

CVE-2013-4575

Heap-based buffer overflow in the utility program in the Linux agent in Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 allows remote attackers to cause a denial of service agent crash or possibly execute arbitrary code via unspecified vectors...