27 matches found
EUVD-2019-3223
Malware in sbrugna...
EUVD-2017-18744
Malicious code in bioql PyPI...
CVE-2021-43269
In Code42 app before 8.8.0, eval injection allows an attacker to change a device’s proxy configuration to use a malicious proxy auto-config PAC file, leading to arbitrary code execution. This affects Incydr Basic, Advanced, and Gov F1; CrashPlan Cloud; and CrashPlan for Small Business. Incydr...
CVE-2021-43269
In Code42 app before 8.8.0, eval injection allows an attacker to change a device’s proxy configuration to use a malicious proxy auto-config PAC file, leading to arbitrary code execution. This affects Incydr Basic, Advanced, and Gov F1; CrashPlan Cloud; and CrashPlan for Small Business. Incydr...
Code injection
In Code42 app before 8.8.0, eval injection allows an attacker to change a device’s proxy configuration to use a malicious proxy auto-config PAC file, leading to arbitrary code execution. This affects Incydr Basic, Advanced, and Gov F1; CrashPlan Cloud; and CrashPlan for Small Business. Incydr...
CVE-2021-43269
CVE-2021-43269 affects Code42 app prior to 8.8.0. An eval injection could allow an attacker to modify a device’s proxy configuration to point at a malicious PAC file, enabling arbitrary code execution. Affected: Incydr Basic, Advanced, Gov F1; CrashPlan Cloud; CrashPlan for Small Business (Incydr...
CVE-2021-43269
In Code42 app before 8.8.0, eval injection allows an attacker to change a device’s proxy configuration to use a malicious proxy auto-config PAC file, leading to arbitrary code execution. This affects Incydr Basic, Advanced, and Gov F1; CrashPlan Cloud; and CrashPlan for Small Business. Incydr...
Code42 Software CrashPlan for Small Business 代码注入漏洞
Code42 Software CrashPlan for Small Business is an automated data loss protection solution from US-based Code42 Software. Code42 Software CrashPlan for Small Business suffers from a code injection vulnerability that originates in Code42 applications prior to version 8.8.0. eval injection allows a...
CVE-2019-11551
In Code42 Enterprise and Crashplan for Small Business through Client version 6.9.1, an attacker can craft a restore request to restore a file through the Code42 app to a location they do not have privileges to write...
CVE-2019-11551
In Code42 Enterprise and Crashplan for Small Business through Client version 6.9.1, an attacker can craft a restore request to restore a file through the Code42 app to a location they do not have privileges to write...
Cross site request forgery (csrf)
In Code42 Enterprise and Crashplan for Small Business through Client version 6.9.1, an attacker can craft a restore request to restore a file through the Code42 app to a location they do not have privileges to write...
CVE-2019-11551
CVE-2019-11551 — Code42 Enterprise / CrashPlan for Small Business (Client ≤ 6.9.1) : An attacker with local access can craft a restore request via the Code42 app to write a file to a location they should not be able to write. Root cause: insufficient validation of the restore target path in the c...
CVE-2019-11551
In Code42 Enterprise and Crashplan for Small Business through Client version 6.9.1, an attacker can craft a restore request to restore a file through the Code42 app to a location they do not have privileges to write...
CVE-2019-11552
Code42 Enterprise and Crashplan for Small Business Client version 6.7 before 6.7.5, 6.8 before 6.8.8, and 6.9 before 6.9.4 allows eval injection. A proxy auto-configuration file, crafted by a lesser privileged user, may be used to execute arbitrary code at a higher privilege as the service user...
CVE-2019-11552
Code42 Enterprise and Crashplan for Small Business Client version 6.7 before 6.7.5, 6.8 before 6.8.8, and 6.9 before 6.9.4 allows eval injection. A proxy auto-configuration file, crafted by a lesser privileged user, may be used to execute arbitrary code at a higher privilege as the service user...
Code injection
Code42 Enterprise and Crashplan for Small Business Client version 6.7 before 6.7.5, 6.8 before 6.8.8, and 6.9 before 6.9.4 allows eval injection. A proxy auto-configuration file, crafted by a lesser privileged user, may be used to execute arbitrary code at a higher privilege as the service user...
CVE-2019-11552
Code42 Enterprise and CrashPlan for Small Business Client versions 6.7 before 6.7.5, 6.8 before 6.8.8, and 6.9 before 6.9.4 are affected by an eval injection vulnerability. A proxy auto-configuration (PAC) file, crafted by a user with lower privileges, may be used to execute arbitrary code with t...
CVE-2019-11552
Code42 Enterprise and Crashplan for Small Business Client version 6.7 before 6.7.5, 6.8 before 6.8.8, and 6.9 before 6.9.4 allows eval injection. A proxy auto-configuration file, crafted by a lesser privileged user, may be used to execute arbitrary code at a higher privilege as the service user...
CVE-2018-20131
The Code42 app before 6.8.4, as used in Code42 for Enterprise, on Linux installs with overly permissive permissions on the /usr/local/crashplan/log directory. This allows a user to manipulate symbolic links to escalate privileges, or show the contents of sensitive files that a regular user would...
Code42 CrashPlan Remote Code Execution Vulnerability
Code42 CrashPlan is an online data backup solution from Code42 Software, USA. A remote code execution vulnerability exists in Code42 CrashPlan version 5.4.x. A remote attacker can exploit the vulnerability by using org.apache.commons.ssl.rssl. A remote attacker can exploit this vulnerability to...