197 matches found
Veritas Enterprise Vault 安全漏洞
Veritas Enterprise Vault is a Veritas platform for capturing, archiving, and discovering information across all communication platforms. A security vulnerability exists in Veritas Enterprise Vault versions prior to 15.2 that originates from untrusted data received on the .NET Remoting TCP port th...
Veritas Enterprise Vault 安全漏洞
Veritas Enterprise Vault is a Veritas platform for capturing, archiving, and discovering information across all communication platforms. A security vulnerability exists in Veritas Enterprise Vault versions prior to 15.2 that originates from untrusted data received on the .NET Remoting TCP port th...
CVE-2024-53915
An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24405. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized...
CVE-2024-53914
An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24344. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized...
CVE-2024-53913
An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24343. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized...
CVE-2024-53912
Veritas Enterprise Vault prior to 15.2 is affected by CVE-2024-53912 through deserialization of untrusted data received on a .NET Remoting TCP port in the EVMonitoring service, enabling remote code execution. Multiple sources (ZDI-24-1664, NVD/NVDCVE-style entries, Red Hat, NCSC) describe network...
CVE-2024-53912
An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24341. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized...
Veritas Enterprise Vault 安全漏洞
Veritas Enterprise Vault is a Veritas platform for capturing, archiving, and discovering information across all communication platforms. A security vulnerability exists in Veritas Enterprise Vault versions prior to 15.2 that originates from untrusted data received on the .NET Remoting TCP port th...
CVE-2024-53911
CVE-2024-53911 affects Veritas Enterprise Vault prior to 15.2. The issue stems from deserializing untrusted data received on a .NET Remoting TCP port in the EVStgOfflineOpns service, enabling remote code execution. ZDI-24-1667 confirms network-adjacent access is possible and notes authentication ...
CVE-2024-53914
CVE-2024-53914 affects Veritas Enterprise Vault (pre-15.2). The root cause is deserialization of untrusted data received on a .NET Remoting TCP port, exploitable via the EVTaskGuardian service. The ZDI advisory notes that exploitation requires authentication and can lead to remote code execution ...
CVE-2024-53913
CVE-2024-53913 affects Veritas Enterprise Vault before 15.2. The underlying issue is deserialization of untrusted data received on a .NET Remoting TCP port in EVStgOfflineOpns, allowing remote code execution. Exploitation requires network access and, per ZDI, authentication is needed to exploit. ...
CVE-2024-53914
An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24344. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized...
CVE-2024-53909
CVE-2024-53909 affects Veritas Enterprise Vault (pre-15.2). The root cause is deserialization of untrusted data in the MonitoringMiddleTier service exposed on the .NET Remoting TCP port, enabling remote code execution by network-adjacent attackers. Public advisories indicate versions prior to 15....
CVE-2024-53911
An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24339. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized...
BMC / Numara Track-It! Domain Administrator and SQL Server User Password Disclosure
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'openssl' class MetasploitModule 'BMC / Numara Track-It! Domain Administrator and SQL Server User Password Disclosure', 'Description' = %q This module exploits a...
PT-2024-10286 · Veritas · Veritas Enterprise Vault
Name of the Vulnerable Software and Affected Versions: Veritas Enterprise Vault versions prior to 15.2 Description: The issue allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized. This is due to insufficient deserializatio...
Aladdin - Payload Generation Technique That Allows The Deseriallization Of A .NET Payload And Execution In Memory
Aladdin is a payload generation technique based on the work of James Forshaw @tiraniddo that allows the deseriallization of a .NET payload and execution in memory. The original vector was documented on https://www.tiraniddo.dev/2017/07/dg-on-windows-10-s-executing-arbitrary.html. By spawning the...
CVE-2023-28072
Dell Alienware Command Center, versions prior to 5.5.51.0, contain a deserialization of untrusted data vulnerability. A local malicious user could potentially send specially crafted requests to the .NET Remoting server to run arbitrary code on the system...
Deserialization of untrusted data
Dell Alienware Command Center, versions prior to 5.5.51.0, contain a deserialization of untrusted data vulnerability. A local malicious user could potentially send specially crafted requests to the .NET Remoting server to run arbitrary code on the system...
CVE-2023-28072
Dell Alienware Command Center, versions prior to 5.5.51.0, contain a deserialization of untrusted data vulnerability. A local malicious user could potentially send specially crafted requests to the .NET Remoting server to run arbitrary code on the system...