2655 matches found
CVE-2013-4575
Heap-based buffer overflow in the utility program in the Linux agent in Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 allows remote attackers to cause a denial of service agent crash or possibly execute arbitrary code via unspecified vectors...
CVE-2013-4676
Multiple cross-site scripting XSS vulnerabilities in Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 allow remote attackers to inject arbitrary web script or HTML via vectors involving a 1 custom-reports generation page, 2 Storage Devices creation page, or 3 jobs creation page...
CVE-2013-4677
Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 uses weak permissions Everyone: Read and Everyone: Change for backup data files, which allows local users to obtain sensitive information or modify the outcome of a restore via direct access to these files...
CVE-2013-4678
The NDMP protocol implementation in Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 allows remote authenticated users to obtain sensitive host-version information via unspecified vectors...
Design/Logic Flaw
Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 uses weak permissions Everyone: Read and Everyone: Change for backup data files, which allows local users to obtain sensitive information or modify the outcome of a restore via direct access to these files...
Information disclosure
The NDMP protocol implementation in Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 allows remote authenticated users to obtain sensitive host-version information via unspecified vectors...
Heap overflow
Heap-based buffer overflow in the utility program in the Linux agent in Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 allows remote attackers to cause a denial of service agent crash or possibly execute arbitrary code via unspecified vectors...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 allow remote attackers to inject arbitrary web script or HTML via vectors involving a 1 custom-reports generation page, 2 Storage Devices creation page, or 3 jobs creation page...
KLA10351 Multiple vulnerabilities in Symantec Backup Exec
Multiple serious vulnerabilities have been found in Symantec Backup Exec. Malicious users can exploit these vulnerabilities to cause denial of service, obtain sensitive information, read-write backup files, inject scripts and execute arbitrary code Below is a complete list of vulnerabilities 1...
CVE-2013-4677
Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 uses weak permissions Everyone: Read and Everyone: Change for backup data files, which allows local users to obtain sensitive information or modify the outcome of a restore via direct access to these files...
CVE-2013-4575
The CVE-2013-4575 issue is a heap-based buffer overflow in the Linux agent utility of Symantec Backup Exec (affecting Backup Exec 2010 R3 before SP3 and 2012 before SP2; also reflected for RALUS installations per Nessus). This allows remote, unauthenticated attackers to cause a denial of service ...
CVE-2013-4678
CVE-2013-4678 concerns the NDMP protocol implementation in Symantec Backup Exec 2010 R3 (before SP3) and 2012 (before SP2). The issue allows remote authenticated users to obtain sensitive host-version information via unspecified vectors, indicating an information-disclosure risk tied to the NDMP ...
CVE-2013-4677
CVE-2013-4677 concerns Symantec Backup Exec data files stored with weak ACLs, enabling local users to read or alter backup data by direct file access. The affected products, per sources, are: Symantec Backup Exec 2010 R3 (before SP3) and Symantec Backup Exec 2012 (before SP2). The underlying issu...
CVE-2013-4676
Symantec Backup Exec Server is affected by CVE-2013-4676: multiple cross-site scripting (XSS) vulnerabilities in the management console and the beutility console. The issues allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) the custom-reports generation page,...
CVE-2013-4676
Multiple cross-site scripting XSS vulnerabilities in Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 allow remote attackers to inject arbitrary web script or HTML via vectors involving a 1 custom-reports generation page, 2 Storage Devices creation page, or 3 jobs creation page...
CVE-2013-4575
Heap-based buffer overflow in the utility program in the Linux agent in Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 allows remote attackers to cause a denial of service agent crash or possibly execute arbitrary code via unspecified vectors...
CVE-2013-4678
The NDMP protocol implementation in Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 allows remote authenticated users to obtain sensitive host-version information via unspecified vectors...
HP System Management Homepage ginkgosnmp.inc Command Injection
Added: 07/26/2013 CVE: CVE-2013-3576 BID: 60471 OSVDB: 94191 Background HP System Management Homepage SMH is a web-based interface that consolidates the management of ProLiant and Integrity servers. Problem A vulnerability in HP SMH ginkgosnmp.inc script allows command execution by a remote...
Kernel: sa_restorer information leak
The flushsignalhandlers function in kernel/signal.c in the Linux kernel before 3.8.4 preserves the value of the sarestorer field across an exec operation, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application containing a sigaction system call...
Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2013-2503)
The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2013-2503 advisory. - kmod: make requestmodule killable Oleg Nesterov Orabug: 16286305 CVE-2012-4398 - kmod: introduce callmodprobe helper Oleg Nesterov Orabug: 162863...