HP Data Protector missing authentication

Added: 05/31/2016 CVE: CVE-2016-2004 Background HP OpenView Storage Data Protector is a backup solution for enterprise and distributed environments. Problem Data Protector does not authenticate users, even with Encrypted Control Communications enabled. This could allow an unauthenticated remote...

Computer Associates BrightStor ARCserve Backup MediaSVR.EXE 191缓冲区溢出漏洞

Computer Associates BrightStor ARCserve Backup是一款企业级的备份解决方案。 Computer Associates BrightStor ARCserve Backup处理XDR过程的RPC数据存在设计错误，远程攻击者可以利用漏洞以应用程序进程权限执行任意指令。 Mediasvr.exe导入的多个DLL在处理使用XDR过程的RPC数据时存在设计错误。4个来自RPC报文的字节作为特殊地址处理（xdrhandlet data会经过多次位移动和字节反转），最后装载到ECX中，在NULL字节后至少8字节NULL的191 0xbf过程成为可利用条件：...