20 matches found
CVE-2012-2288
EMC NetWorker nsrd RPC service is affected by a remote format-string vulnerability (CVE-2012-2288) in NetWorker 7.6.3â8.0, allowing arbitrary code execution via crafted messages. Public sources indicate the issue stems from the nsrd format string handling (format string vulnerability in the lg_sp...
CVE-2012-0395
EMC NetWorker Server 7.5.x and 7.6.x (up to 7.6.3 SP1 Cumulative Release 851) contains a buffer overflow in the RPC handling path (indexd.exe) that can allow remote, unauthenticated code execution or denial of service. Exploitation details point to RPC processing with opcode 0x01, where user-supp...
CVE-2012-4607
CVE-2012-4607 Summary (Mode C) A buffer overflow in EMC NetWorkerâs nsrindexd RPC service allows remote attackers to execute arbitrary code by sending crafted SunRPC data. Affected products include EMC NetWorker 7.5.x and earlier, 7.6.x prior to 7.6.5, and 8.x prior to 8.0.0.6. The root cause is ...
CVE-2017-8022
Summary: CVE-2017-8022 affects EMC NetWorker Server (nsrd). A buffer overflow in nsrd exists on affected versions: prior to 8.2.4.9, all 9.0.x, prior to 9.1.1.3, and prior to 9.2.0.4. Exploitation could be remote and unauthenticated, potentially allowing arbitrary code execution or a denial of se...
CVE-2017-15549
CVE-2017-15549 describes an arbitrary file upload vulnerability. A remote authenticated malicious user with low privileges could upload arbitrary files to any location on the server filesystem in affected VMware vSphere Data Protection (VDP) deployments, including VDP 5.x, 6.0.x, and 6.1.x. Affec...
CVE-2017-15550
CVE-2017-15550 is a path-traversal vulnerability in VMware vSphere Data Protection (VDP). A remote authenticated malicious user with low privileges could access arbitrary files on the server filesystem within the vulnerable VDP application. Affected product versions include VDP 5.x, 6.0.x, and 6....
CVE-2017-15548
CVE-2017-15548 affects EMC/VDP solutions: vSphere Data Protection (VDP) on VMware appliances 5.x, 6.0.x, 6.1.x with an authentication bypass vulnerability that could allow a remote unauthenticated attacker to gain unauthorized root access. Related issues CVE-2017-15549 (arbitrary file upload) and...
CVE-2011-0321
EMC NetWorkerâs librpc.dll (nsrexecd) is vulnerable to a UDP-based spoofing flaw that permits remote attackers to register or unregister RPC services. The affected versions include EMC NetWorker before 7.5 SP4, 7.5.3.x before 7.5.3.5, and 7.6.x before 7.6.1.2. The root cause is inadequate mitigat...
CVE-2013-3285
The CVE-2013-3285 issue affects EMC NetWorker 8.0.x prior to 8.0.2.3, where the NetWorker Management Console (NMC) using Active Directory/LDAP can allow a remote authenticated user to discover cleartext administrator passwords via NMC audit reports or RAP resource requests. The advisory details t...
CVE-2016-0916
EMC NetWorker is affected by CVE-2016-0916. Affected versions are 8.2.1.x and 8.2.2.x before 8.2.2.6, and 9.x before 9.0.0.6. The vulnerability arises from mishandling of authentication, enabling a remote attacker to execute arbitrary commands by leveraging access to a different NetWorker instanc...
CVE-2002-0114
CVE-2002-0114 affects EMC NetWorker (Legato NetWorker) prior to version 7.0, where passwords are stored in plaintext in the daemon.log. This enables local users to gain privileges by reading the password from that file. The description notes the issue was originally reported for Legato NetWorker ...
CVE-2013-0940
Summary: CVE-2013-0940 affects the EMC NetWorker clientâs nsrpush process. Affected versions: before 7.6.5.3 and 8.x before 8.0.1.4. Root cause: the nsrpush process sets weak permissions on unspecified files, enabling local privilege escalation (via unspecified/unknown vectors). Impact (as stated...
CVE-2013-0943
CVE-2013-0943 affects EMC NetWorker 7.6.x and 8.x prior to 8.1. A privileged local user can leverage the nsradmin utility under OS privileges to decrypt data and obtain sensitive configuration information, yielding a confidential data disclosure vulnerability. The root cause centers on how nsradm...
CVE-2015-6849
CVE-2015-6849 affects EMC NetWorker prior to 8.0.4.5, 8.1.x prior to 8.1.3.6, 8.2.x prior to 8.2.2.2, and 9.0 before build 407. The vulnerability is a denial of service caused by improper handling of malformed RPC authentication messages, allowing an unauthenticated, remote attacker to crash the ...
CVE-2001-0910
CVE-2001-0910 affects Legato NetWorker prior to 6.1, where remote attackers could bypass access restrictions and gain privileges on the Networker interface by spoofing the admin server name and IP, then connecting from an IP address whose hostname cannot be determined via reverse DNS. The provide...
CVE-2002-0113
CVE-2002-0113 concerns EMC NetWorker (formerly Legato NetWorker) before version 7.0. The affected component is the log storage path, where logs are written to â/nsr/logs/â with world-readable permissions, allowing local users to read potentially sensitive information and possibly gain privileges....
CVE-2015-0530
EMC NetWorker is affected by a buffer overflow in the nsr_render_log utility that allows local privilege escalation. Affected releases include 8.0.4.3 and earlier, 8.1.x prior to 8.1.2.6, and 8.2.x prior to 8.2.1.2. The root cause is an unsafe function usage in nsr_render_log, enabling local user...
CVE-2011-1421
EMC NetWorker 7.5.x (before 7.5.4.3) and 7.6.x (before 7.6.1.5) are affected when the client push feature is enabled. The issue is weak permissions set on an unspecified file, enabling local users to gain elevated privileges. Exploitation details are not provided in the sources. Remediation is to...
CVE-2006-3892
The CVE concerns EMC NetWorker Management Console (Legato NetWorker) running version 7.3.2 before Jumbo Update 1, where weak authentication permits remote attackers to execute arbitrary commands. Affected component is the Management Console server; root-equivalent commands could be run on connect...
CVE-2014-4620
CVE-2014-4620 affects EMC NetWorker Module for MEDITECH (NMMEDI) 3.0 builds 87â90. When used with EMC RecoverPoint and Plink, Plink commands print RecoverPoint credentials in clear text to nsrmedisv.raw log files, yielding local information disclosure. Impact is sensitive data exposure in logs. R...