8 matches found
CVE-2007-4346
CVE-2007-4346 affects Symantec Backup Exec for Windows Servers BEWS (Job Engine, bengine.exe) on 11d builds 11.0.7170 and 11.0.6.6235. A NULL pointer dereference (and related DoS via integer overflows) can be triggered by specially crafted packets sent to port 5633/TCP, causing the listening serv...
CVE-2007-2360
CVE-2007-2360 affects Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and BackupExec System Recovery prior to 20070426. When remote backups of restore point images are configured, network share credentials are encrypted with a key formed by a hash of the username, allowing loca...
CVE-2007-4347
Symantec Backup Exec for Windows Servers BEWS 11d (11.0.7170 and 11.0.6.6235) is affected by two integer overflow DoS issues and a NULL pointer dereference in the Job Engine (bengine.exe). A crafted 5633/tcp packet can trigger an infinite loop, causing high CPU/memory usage or service crash. Patc...
CVE-2007-2359
CVE-2007-2359 concerns a buffer overflow in Ghost Service Manager used by Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery and BackupExec System Recovery prior to 20070426. The vulnerability arises from handling of a long string, enabling local users to gain privileges (local pri...
CVE-2007-2361
CVE-2007-2361 affects Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery and BackupExec System Recovery prior to 20070426. When remote backups of restore points are configured, a configuration file containing network share credentials is world-readable, allowing local users to read...
CVE-2008-0457
The CVE-2008-0457 issue affects Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, where the FileUpload class on the Symantec LiveState Apache Tomcat server (Tomcat running on TCP ports 8080 and 8443 per ZDI) fails to validate input, allowing remote attackers to upload and execute arbitr...
CVE-2008-2512
CVE-2008-2512 is a directory-traversal vulnerability in Symantec Backup Exec System Recovery Manager (BESR) (7.x before 7.0.4 and 8.x before 8.0.2). A remote, unauthenticated attacker can exploit an inadequate sanitization in the Tomcat-based servlet (reportsfile) to read arbitrary files on the a...
CVE-2012-0305
The CVE-2012-0305 entry describes an untrusted search path (DLL load) vulnerability in Symantec System Recovery 2011 prior to SP2 and Backup Exec System Recovery 2010 prior to SP5 that allows local privilege escalation via a Trojan horse DLL located in the current working directory. Related Nessu...