337 matches found
CVE-2011-3477
GEAR Software CD DVD Filter driver aka GEARAspiWDM.sys, as used in Symantec Backup Exec System Recovery 8.5 and BESR 2010, Symantec System Recovery 2011, Norton 360, and Norton Ghost, allows local users to cause a denial of service system crash via unspecified vectors...
CVE-2011-3477
CVE-2011-3477 concerns the GEAR Software CD/DVD Filter driver (GEARAspiWDM.sys) as used in several Symantec products (Backup Exec System Recovery 8.5 and BESR 2010, System Recovery 2011, Norton 360, Norton Ghost). According to the linked records, the vulnerability enables a local attacker to caus...
CVE-2011-3477
GEAR Software CD DVD Filter driver aka GEARAspiWDM.sys, as used in Symantec Backup Exec System Recovery 8.5 and BESR 2010, Symantec System Recovery 2011, Norton 360, and Norton Ghost, allows local users to cause a denial of service system crash via unspecified vectors...
The vulnerability of the SSL software used in Backup Exec’s backup and recovery services allows attackers to execute arbitrary code or trigger a service failure.
The vulnerability of Backup Exec’s SSL software for backup and restoration services relates to the use of memory after it is freed i.e., after the agent completes its tasks. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code or cause service failures using...
Veritas Backup Exec Remote Agent Installed
Binary data veritasbackupexecremoteagentinstalled.nbin...
Veritas Backup Exec Remote Agent 14.1.x < 14.1.1786.1126 / 14.2.x < 14.2.1180.3160 / 16.0.x < 16.0.1142.1327 Use-after-free RCE (VTS17-006)
The version of Vertias Backup Exec Remote Agent installed on the remote Windows host is 14.1.x prior to 14.1.1786.1126, 14.2.x prior to 14.2.1180.3160, or 16.0.x prior to 16.0.1142.1327. It is, therefore, affected by a remote code execution vulnerability due to a use-after-free error that is...
Veritas / Symantec Backup Exec - SSL NDMP Connection Use-After-Free Exploit
Exploit for windows platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/exploit/ndmpsocket' require 'openssl' require 'xdr' class MetasploitModule 'Veritas/Symantec...
Veritas/Symantec Backup Exec SSL NDMP Connection Use-After-Free
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/exploit/ndmpsocket' require 'openssl' require 'xdr' class MetasploitModule 'Veritas/Symantec Backup Exec SSL NDMP Connection Use-After-Free',...
Veritas/Symantec Backup Exec - SSL NDMP Connection Use-After-Free (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/exploit/ndmpsocket' require 'openssl' require 'xdr' class MetasploitModule 'Veritas/Symantec Backup Exec SSL NDMP Connection Use-After-Free',...
Veritas/Symantec Backup Exec SSL NDMP Connection Use-After-Free
This module exploits a use-after-free vulnerability in the handling of SSL NDMP connections in Veritas/Symantec Backup Exec's Remote Agent for Windows. When SSL is re-established on a NDMP connection that previously has had SSL established, the BIO struct for the connection's previous SSL session...
Veritas Backup Exec Agent for Windows/Linux and Mac Memory Corruption Vulnerability
Veritas Backup Exec Agent is a suite of backup and recovery solutions from Veritas Technologies, USA. A memory corruption vulnerability exists in Veritas Backup Exec Agent for Windows, Linux, and Mac-based platforms. A remote attacker could exploit the vulnerability to cause the agent to crash or...
Double free
In Veritas Backup Exec 2014 before build 14.1.1187.1126, 15 before build 14.2.1180.3160, and 16 before FP1, there is a use-after-free vulnerability in multiple agents that can lead to a denial of service or remote code execution. An unauthenticated attacker can use this vulnerability to crash the...
CVE-2017-8895
In Veritas Backup Exec 2014 before build 14.1.1187.1126, 15 before build 14.2.1180.3160, and 16 before FP1, there is a use-after-free vulnerability in multiple agents that can lead to a denial of service or remote code execution. An unauthenticated attacker can use this vulnerability to crash the...
CVE-2017-8895
In Veritas Backup Exec 2014 before build 14.1.1187.1126, 15 before build 14.2.1180.3160, and 16 before FP1, there is a use-after-free vulnerability in multiple agents that can lead to a denial of service or remote code execution. An unauthenticated attacker can use this vulnerability to crash the...
CVE-2017-8895
Summary (CVE-2017-8895) : The vulnerability affects Veritas/Symantec Backup Exec Remote Agent for Windows (NDMP SSL) where a use-after-free during SSL NDMP session handling can lead to remote code execution or denial of service. Affected versions identified in connected docs: 14.1.x before 14.1.1...
CVE-2017-8895
In Veritas Backup Exec 2014 before build 14.1.1187.1126, 15 before build 14.2.1180.3160, and 16 before FP1, there is a use-after-free vulnerability in multiple agents that can lead to a denial of service or remote code execution. An unauthenticated attacker can use this vulnerability to crash the...
Backup Exec System Recovery Manager <= 7.0.1 File Upload Exploit
No description provided by source. ?xml version=1.0? html xmlns=http://www.w3.org/1999/xhtml headtitleFile Upload POC/title/head body h2 Backup Exec System Recovery Manager 7.0brFile Upload POC/h2 form action=https://TARGET:8443/axis/FileUpload method=post enctype=multipart/form-data Remote Path:...
Symantec Backup Exec System Recovery Manager 7.0 FileUpload Class Unauthorized File Upload Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/27487/info Symantec Backup Exec System Recovery Manager is prone to a vulnerability that allows arbitrary unauthorized files to be uploaded to any location on the affected server. This issue resides in the Symantec...
Veritas Backup Exec Name Service Overflow
No description provided by source. $Id: nameservice.rb 9583 2010-06-22 19:11:05Z todb $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
Veritas Backup Exec Server Remote Registry Access Code Execution - Ver2 (CVE-2005-0771)
A code execution vulnerability has been reported in Veritas Backup Exec Server. Successful exploitation of this vulnerability could allow a remote attacker to modify the registry and execute arbitrary methods via RPC on the affected system...