108 matches found
Path traversal
ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Path Traversal vulnerability. Successful exploitation could lead to Access Control Bypass in the context of the current user...
Siemens TIA Portal - Remote Command Execution
Exploit Title: Siemens TIA Portal unauthenticated remote command execution Date: 06/11/2019 Exploit Author: Joseph Bingham CVE : CVE-2019-10915 Vendor Homepage: www.siemens.com Software Link: https://new.siemens.com/global/en/products/automation/industry-software/automation-software/tia-portal.ht...
Command injection
Data Leakage Attacks vulnerability in the web portal component when in an MDR pair in McAfee Network Security Management NSM 9.1 9.1.7.75 Update 4 and 9.2 9.2.7.31 Update2 allows administrators to view configuration information in plain text format via the GUI or GUI terminal commands...
Product update: Virtuozzo Infrastructure Platform 2.5 Update 4 (2.5.0-1614)
This update provides stability and usability fixes. Vulnerability id: VSTOR-14144, VSTOR-20526 Blink button in the admin panel was not working in some cases. Vulnerability id: VSTOR-20197 Unable to create network bonds. Vulnerability id: VSTOR-20232 Disk replacement occasionally does not allow to...
SureBackup performance impacted after installing Veeam Backup & Replication 9.5 Update 4
Challenge You may notice SureBackup job performance degaradation and higher space utilization after upgrading to Veeam Backup & Replication 9.5 U4 9.5.4.2615. Cause Upgrade to Veeam Backup & Replication 9.5 U4 has changed the default location for redo logs for verified VMs impacting original...
Hyper-V Backup jobs failing with an error "The system cannot find the file specified" after upgrade to Veeam B&R 9.5 Update 4
Challenge After installing Veeam Backup & Replication 9.5 Update 4, Hyper-V backup without application-aware processing may fail with the error "The system cannot find the file specified". Version Specific Article This article is relevant only to Veeam Backup & Replication 9.5.4.2615. Cause This...
Release Information for Veeam Backup & Replication 9.5 Update 4
More Recent Version Available Please find the latest version of Veeam Backup & Replication here: Veeam Downloads - Latest Version Challenge Release information for Veeam Backup & Replication 9.5 Update 4 Cause Please confirm that you are running version 9.0 Update 2 build 9.0.0.1715 or later prio...
Veeam Backup Enterprise Manager RESTful APIs Upgrade Instructions
Challenge Veeam Backup & Replication 9.5 Update 4 RTM is not compatible with the previous versions of API. Some integration may not work as expected. Cause Update 4 has introduced new Product functionality that requires extended API and incremented the required request version to v14. Solution Th...
Veeam Availability Console U1 Cumulative Patch 1913
Challenge Veeam Availability Console U1 Cumulative Patch 1913. This update supersedes Veeam Availability Console U1 Cumulative Patch 1850. Cause Please confirm you are running version 2.0.2.1750 or later prior to installing this cumulative patch 1913. You can check this under Windows Programs and...
IBM SVC or IBM Storwize storage LUN can be deleted under specific circumstances
Challenge | Newly created LUNs on IBM storages that utilize the Spectrum Virtualize Software with Veeam B&RIBM SVC or IBM FlashSystem, under very specific circumstances, can be deleted by Veeam B&R. --- Cause | Spectrum Virtualize software has the ability to reuse LUN IDs, which are not set to be...
Certificate expiration date
Challenge The following error message appears when starting Veeam Backup and Replication console: Cause Veeam Backup and Replication self-signed certificate expires 11 months after installation. The certificate is renewed, but Veeam Backup Service still has information about the old one in the...
CVE-2018-18657
An issue was discovered in Arcserve Unified Data Protection UDP through 6.5 Update 4. There is a DDI-VRT-2018-18 Unauthenticated Sensitive Information Disclosure via /gateway/services/EdgeServiceImpl issue...
CVE-2018-18659
An issue was discovered in Arcserve Unified Data Protection UDP through 6.5 Update 4. There is a DDI-VRT-2018-19 Unauthenticated XXE in /management/UdpHttpService issue...
CVE-2018-18658
An issue was discovered in Arcserve Unified Data Protection UDP through 6.5 Update 4. There is a DDI-VRT-2018-20 Unauthenticated Sensitive Information Disclosure via /UDPUpdates/Config/FullUpdateSettings.xml issue...
Code injection
An issue was discovered in Arcserve Unified Data Protection UDP through 6.5 Update 4. There is a DDI-VRT-2018-19 Unauthenticated XXE in /management/UdpHttpService issue...
CVE-2018-18658
An issue was discovered in Arcserve Unified Data Protection UDP through 6.5 Update 4. There is a DDI-VRT-2018-20 Unauthenticated Sensitive Information Disclosure via /UDPUpdates/Config/FullUpdateSettings.xml issue...
CVE-2018-18660
An issue was discovered in Arcserve Unified Data Protection UDP through 6.5 Update 4. There is a DDI-VRT-2018-21 Reflected Cross-site Scripting via /authenticationendpoint/domain.jsp issue...
CVE-2018-18657
Arcserve UDP up to 6.5 Update 4 is affected by an unauthenticated information disclosure via the EdgeServiceImpl endpoint (/gateway/services/EdgeServiceImpl). The issue, DDI-VRT-2018-18, allows disclosure of sensitive information without authentication. Affected product: Arcserve Unified Data Pro...
CVE-2018-18660
Arcserve UDP (Arcserve Unified Data Protection) up to 6.5 Update 4 is affected by a reflected Cross-Site Scripting (XSS) in /authenticationendpoint/domain.jsp (DDI-VRT-2018-21). Root cause is input handling leading to script injection; this is a client-side vulnerability that could affect users i...
CVE-2018-18659
Arcserve UDP (Arcserve Unified Data Protection) up to version 6.5 Update 4 contains an unauthenticated XML External Entity (XXE) issue in the /management/UdpHttpService endpoint (DDI-VRT-2018-19). This vulnerability is documented across multiple sources and affects UDP 6.5 Update 4 and earlier ve...