CVE-2021-27878

An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires successful authentication, which is typically completed over a secure TLS communication. However, due to a vulnerability in the SHA Authentication scheme, an attacker is able to ga...

CVE-2024-27878

creationtimestamp| type| source ---|---|--- 2024-08-05 05:02:14+00:00| published-proof-of-concept| https://t.me/HackerArsenal/116 2024-08-05 05:02:29+00:00| published-proof-of-concept| https://t.me/Kelvinseccommunity/700 2024-08-05 11:03:34+00:00| published-proof-of-concept|...

Apple MacOSX Security Update (HT214119, regreSSHion)

Apple Mac OS X is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

macOS 14.x < 14.6 Multiple Vulnerabilities (HT214119)

The remote host is running a version of macOS / Mac OS X that is 14.x prior to 14.6. It is, therefore, affected by multiple vulnerabilities: - A race condition was addressed with improved locking. This issue is fixed in macOS Ventura 13.3. An app may bypass Gatekeeper checks. CVE-2023-27952 -...

K92807525: TMUI XSS vulnerability CVE-2022-27878

Security Advisory Description A stored cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. CVE-2022-27878 Impact An authenticated attacker may exploit...

Metasploit Weekly Wrap-Up

Veritas Backup Exec Agent RCE This module kindly provided by c0rs targets the Veritas Backup Exec Agent in order to gain RCE as the system/root user. The exploit itself is actually a chain of 3 separate CVEs CVE-2021-27876, CVE-2021-27877 and CVE-2021-27878 which only makes it more impressive...

Veritas Backup Exec Agent Remote Code Execution

frozenstringliteral: true This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Veritas Backup Exec Agent Remote Code Execution', 'Description' = %q Veritas Backup Exec Agent supports multiple...

CVE-2021-27878

creationtimestamp| type| source ---|---|--- 2022-09-23 16:55:16+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/veritas/beagentshaauthrce.rb 2023-04-11 08:50:00+00:00| exploited| https://t.me/KomunitiSiber/83 2023-06-14 21:10:04+00:00| seen|...

CVE-2022-27878

CVE-2022-27878 is a stored cross-site scripting (XSS) vulnerability in F5 BIG-IP TMUI/Guided Configuration. The issue affects BIG-IP TMUI and GC across multiple major versions (16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, 11.6.x) and, for Guided Configuration, all versions before 9.0. The root cause i...

CVE-2022-27878

On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP, and F5 BIG-IP Guided Configuration GC all versions prior to 9.0, a stored cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute...

CVE-2021-27878

An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires successful authentication, which is typically completed over a secure TLS communication. However, due to a vulnerability in the SHA Authentication scheme, an attacker is able to ga...

CVE-2021-27878

An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires successful authentication, which is typically completed over a secure TLS communication. However, due to a vulnerability in the SHA Authentication scheme, an attacker is able to ga...

CVE-2021-27878

CVE-2021-27878 affects Veritas Backup Exec Remote Agent before 21.2. A flaw in the SHA authentication scheme lets an attacker bypass auth to issue data-management commands and execute arbitrary OS/system commands with high impact on the affected host. The issue is documented across multiple sourc...