Lucene search
K

74 matches found

Nuclei
Nuclei
added 19 hours ago22 views

Arcserve UDP <= 9.0.6034 - Authentication Bypass

Arcserve UDP through 9.0.6034 allows authentication bypass. The method getVersionInfo at WebServiceImpl/services/FlashServiceImpl leaks the AuthUUID token. This token can be used at /WebServiceImpl/services/VirtualStandbyServiceImpl to obtain a valid session. This session can be used to execute a...

9.8CVSS7.2AI score0.37715EPSS
Exploits2References2
Nuclei
Nuclei
added 2 days ago12 views

Arcserve Unified Data Protection - Unauthenticated DoS in ASNative.dll

A denial of service vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in ASNative.dll. id: CVE-2024-0801 info: name: Arcserve Unified Data Protection - Unauthenticated DoS in ASNative.dll author: daffainfo severity: high description: | A denial of service vulnerability exists i...

7.5CVSS7.2AI score0.41843EPSS
Exploits1References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2026/04/16 8:29 a.m.7 views

Arcserve UDP Console vulnerable to redirect to a dummy URL

Overview UDP Console provided by Arcserve contains the following vulnerability. Incorrectly specified destination in a communication channel CWE-941 - CVE-2026-40118 Shingo Ando reported this vulnerability to IPA, IPA reported it to Arcserve, and JPCERT/CC coordinated with Arcserve to publish the...

6.3CVSS6.6AI score0.00178EPSS
Exploits0References4
NVD
NVD
added 2026/04/16 5:16 a.m.5 views

CVE-2026-40118

UDP Console provided by Arcserve contains an incorrectly specified destination in a communication channel vulnerability. When a user configures an activation server hostname of the affected product to a dummy URL, the product may unintentionally communicate with the dummy domain, causing...

6.3CVSS0.00178EPSS
Exploits0References2
CVE
CVE
added 2026/04/16 4:19 a.m.13 views

CVE-2026-40118

CVE-2026-40118 involves Arcserve’s UDP Console. The issue is an incorrectly specified destination in a communication channel: if a user configures the activation server hostname to a dummy URL, the product may contact that dummy domain, potentially causing information disclosure. The provided doc...

6.3CVSS6.6AI score0.00178EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/16 12:0 a.m.6 views

PT-2026-33258

UDP Console provided by Arcserve contains an incorrectly specified destination in a communication channel vulnerability. When a user configures an activation server hostname of the affected product to a dummy URL, the product may unintentionally communicate with the dummy domain, causing...

6.3CVSS5.8AI score0.00178EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/10/28 12:0 a.m.3 views

Arcserve UDP < 5.0 Update 4 Directory Traversal

The Arcserve Unified Data Protection UDP application running on the remote host is affected by a directory traversal vulnerability. An unauthenticated, remote attacker can exploit this, via a crafted file path to the 1 reportFileServlet or 2 exportServlet servlet, to obtain sensitive information ...

9.4CVSS5.6AI score0.63643EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2015-4095

Malware in sbrugna...

7.8CVSS6.3AI score0.04431EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-27846

Malicious code in bioql PyPI...

5.4CVSS6.6AI score0.00197EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-46459

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.01471EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-26077

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.00347EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-46458

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.01438EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/08/30 6:20 p.m.5 views

CVE-2025-34521

A reflected cross-site scripting XSS vulnerability exists in the web interface of the Arcserve Unified Data Protection UDP, where unsanitized user input is improperly reflected in HTTP responses. This flaw allows remote attackers with low privileges to craft malicious links that, when visited by...

5.4CVSS6AI score0.00197EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/08/30 6:18 p.m.5 views

CVE-2025-34520

An authentication bypass vulnerability in Arcserve Unified Data Protection UDP allows unauthenticated attackers to gain unauthorized access to protected functionality or user accounts. By manipulating specific request parameters or exploiting a logic flaw, an attacker can bypass login mechanisms...

9.8CVSS7.2AI score0.00347EPSS
Exploits0References1
OSV
OSV
added 2025/08/27 10:15 p.m.3 views

CVE-2025-34523

A heap-based buffer overflow vulnerability exists in the exists in the network-facing input handling routines of Arcserve Unified Data Protection UDP. This flaw is reachable without authentication and results from improper bounds checking when processing attacker-controlled input. By sending...

9.8CVSS6.5AI score0.00499EPSS
Exploits0References1
NVD
NVD
added 2025/08/27 10:15 p.m.5 views

CVE-2025-34522

A heap-based buffer overflow vulnerability exists in the input parsing logic of Arcserve Unified Data Protection UDP. This flaw can be triggered without authentication by sending specially crafted input to the target system. Improper bounds checking allows an attacker to overwrite heap memory,...

9.8CVSS0.00523EPSS
Exploits0References1
NVD
NVD
added 2025/08/27 10:15 p.m.5 views

CVE-2025-34520

An authentication bypass vulnerability in Arcserve Unified Data Protection UDP allows unauthenticated attackers to gain unauthorized access to protected functionality or user accounts. By manipulating specific request parameters or exploiting a logic flaw, an attacker can bypass login mechanisms...

9.8CVSS0.00347EPSS
Exploits0References1
OSV
OSV
added 2025/08/27 10:15 p.m.3 views

CVE-2025-34520

An authentication bypass vulnerability in Arcserve Unified Data Protection UDP allows unauthenticated attackers to gain unauthorized access to protected functionality or user accounts. By manipulating specific request parameters or exploiting a logic flaw, an attacker can bypass login mechanisms...

9.8CVSS5.8AI score0.00347EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/27 9:19 p.m.6 views

CVE-2025-34520 Arcserve UDP < 10.2 Authentication Bypass

An authentication bypass vulnerability in Arcserve Unified Data Protection UDP allows unauthenticated attackers to gain unauthorized access to protected functionality or user accounts. By manipulating specific request parameters or exploiting a logic flaw, an attacker can bypass login mechanisms...

7.7CVSS0.00347EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2025/08/27 9:19 p.m.6 views

CVE-2025-34520

An authentication bypass vulnerability in Arcserve Unified Data Protection UDP allows unauthenticated attackers to gain unauthorized access to protected functionality or user accounts. By manipulating specific request parameters or exploiting a logic flaw, an attacker can bypass login mechanisms...

9.8CVSS5.8AI score0.00347EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder