CVE-2019-11552

Code42 Enterprise and CrashPlan for Small Business Client versions 6.7 before 6.7.5, 6.8 before 6.8.8, and 6.9 before 6.9.4 are affected by an eval injection vulnerability. A proxy auto-configuration (PAC) file, crafted by a user with lower privileges, may be used to execute arbitrary code with t...

CVE-2019-11552

Code42 Enterprise and Crashplan for Small Business Client version 6.7 before 6.7.5, 6.8 before 6.8.8, and 6.9 before 6.9.4 allows eval injection. A proxy auto-configuration file, crafted by a lesser privileged user, may be used to execute arbitrary code at a higher privilege as the service user...

Code42 for Enterprise for Linux Insecure Privilege Unauthorized Access Vulnerability

Code42 for Enterprise for Linux is an enterprise-class data protection system based on the Linux platform from Code42 Software. The system is capable of detecting insider threats and preventing data leakage and loss. A security vulnerability exists in versions of Code42 for Enterprise prior to...

CVE-2018-20131

The Code42 app before 6.8.4, as used in Code42 for Enterprise, on Linux installs with overly permissive permissions on the /usr/local/crashplan/log directory. This allows a user to manipulate symbolic links to escalate privileges, or show the contents of sensitive files that a regular user would...

CVE-2018-20131

The Code42 app before 6.8.4, as used in Code42 for Enterprise, on Linux installs with overly permissive permissions on the /usr/local/crashplan/log directory. This allows a user to manipulate symbolic links to escalate privileges, or show the contents of sensitive files that a regular user would...

Design/Logic Flaw

The Code42 app before 6.8.4, as used in Code42 for Enterprise, on Linux installs with overly permissive permissions on the /usr/local/crashplan/log directory. This allows a user to manipulate symbolic links to escalate privileges, or show the contents of sensitive files that a regular user would...

CVE-2018-20131

The Code42 app before 6.8.4, as used in Code42 for Enterprise, on Linux installs with overly permissive permissions on the /usr/local/crashplan/log directory. This allows a user to manipulate symbolic links to escalate privileges, or show the contents of sensitive files that a regular user would...

CVE-2018-20131

CVE-2018-20131 affects the Code42 app for Enterprise on Linux prior to version 6.8.4. The issue is caused by overly permissive permissions on the /usr/local/crashplan/log directory, allowing an unprivileged user to manipulate symbolic links to escalate privileges or read sensitive files. The vuln...

Webinar with Rick Orloff, ex CISO of eBay

Join us at 11 am PDT on Wednesday, September 27 for a live frank conversation with Rick Orloff, CSO of Code42 and former CISO of eBay. UPDATE: The recorded webinar is available as a podcast: Rick shared his insights about the changing role of security with new realities of DevOps world, new...

Code42 CrashPlan Remote Code Execution Vulnerability

Code42 CrashPlan is an online data backup solution from Code42 Software, USA. A remote code execution vulnerability exists in Code42 CrashPlan version 5.4.x. A remote attacker can exploit the vulnerability by using org.apache.commons.ssl.rssl. A remote attacker can exploit this vulnerability to...

Remote code execution

Remote Code Execution is possible in Code42 CrashPlan 5.4.x via the org.apache.commons.ssl.rmi.DateRMI Java class, because upon instantiation it creates an RMI server that listens on a TCP port and deserializes objects sent by TCP clients...

CVE-2017-9830

Remote Code Execution is possible in Code42 CrashPlan 5.4.x via the org.apache.commons.ssl.rmi.DateRMI Java class, because upon instantiation it creates an RMI server that listens on a TCP port and deserializes objects sent by TCP clients...

CVE-2017-9830

Remote Code Execution is possible in Code42 CrashPlan 5.4.x via the org.apache.commons.ssl.rmi.DateRMI Java class, because upon instantiation it creates an RMI server that listens on a TCP port and deserializes objects sent by TCP clients...

CVE-2017-9830

CVE-2017-9830 affects Code42 CrashPlan 5.4.x, where the org.apache.commons.ssl.rmi.DateRMI class creates an RMI server on instantiation and deserializes objects received over TCP, enabling remote code execution. Public references in CVE filings describe the impact as remote code execution with ar...

CVE-2017-9830

Remote Code Execution is possible in Code42 CrashPlan 5.4.x via the org.apache.commons.ssl.rmi.DateRMI Java class, because upon instantiation it creates an RMI server that listens on a TCP port and deserializes objects sent by TCP clients...

See How do I find the Uber partner website XXE 0day vulnerabilities and get a 9000 $ Bounty-vulnerability warning-the black bar safety net

! Recently, the Russian penetration testers Vladimir Ivanov discovered the anti-extortion data backup service provider Code42 a XXE 0day vulnerabilities, using the vulnerability from the use of Code42 service company steal related to data backup, these companies, including Uber, Adobe, Lockheed...

Uber.com Backup Bug Nets Researcher $9K

A researcher netted a $9,000 payday last summer after digging up a XML external entity XXE vulnerability in a third-party backup software system used by Uber. The vulnerability, which could have given an attacker access to the user backup data of any company using the software, including Uber, wa...

Uber: CrashPlan Backup is Vulnerable Allowing to a DoS Attack Against Uber's Backups to ```backup.uber.com```

backup.uber.com hosts a CrashPlan backup server on port 443. CrashPlan allows users to backup to a friends computer by entering a 6 digit alphanumeric code. This means there are 2,176,782,336 total CrashPlan friend codes. While this is a high number, it is completely possible to brute force this ...