Legato Networker before 6.1 allows remote attackers to bypass access restrictions and gain privileges on the Networker interface by spoofing the admin server name and IP address and connecting to Networker from an IP address whose hostname can not be determined by a DNS reverse lookup.
Max CVSS
7.5
EPSS Score
0.80%
Published
2001-11-21
Updated
2017-12-19
EMC NetWorker (formerly Legato NetWorker) before 7.0 stores log files in the /nsr/logs/ directory with world-readable permissions, which allows local users to read sensitive information and possibly gain privileges. NOTE: this was originally reported for Legato NetWorker 6.1 on the Solaris 7 platform.
Max CVSS
4.6
EPSS Score
0.04%
Published
2002-03-25
Updated
2012-03-30
EMC NetWorker (formerly Legato NetWorker) before 7.0 stores passwords in plaintext in the daemon.log file, which allows local users to gain privileges by reading the password from the file. NOTE: this was originally reported for Legato NetWorker 6.1 on the Solaris 7 platform.
Max CVSS
4.6
EPSS Score
0.04%
Published
2002-03-25
Updated
2012-03-30
EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 7.0 through 7.2 rely on AUTH_UNIX authentication, which relies on user ID for authentication and allows remote attackers to bypass authentication and gain privileges by spoofing a username or UID.
Max CVSS
7.5
EPSS Score
0.40%
Published
2005-08-23
Updated
2017-07-11
EMC Legato NetWorker, Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 6.0 through 7.2 do not properly verify authentication tokens, which allows remote attackers to gain privileges by modifying an authentication token.
Max CVSS
7.5
EPSS Score
3.26%
Published
2005-08-23
Updated
2017-07-11
The Legato PortMapper in EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 7.0 through 7.2 does not restrict access to the pmap_set and pmap_unset commands, which allows remote attackers to (1) cause a denial of service by using pmap_unset to un-register a NetWorker service, or (2) obtain sensitive information from NetWorker services by using pmap_set to register a new service.
Max CVSS
6.4
EPSS Score
2.22%
Published
2005-08-23
Updated
2017-07-11
eRoom 6.x does not properly restrict files that can be attached, which allows remote attackers to execute arbitrary commands via a .lnk file.
Max CVSS
7.5
EPSS Score
0.39%
Published
2005-07-11
Updated
2016-10-18
eRoom does not set an expiration for Cookies, which allows remote attackers to capture cookies and conduct replay attacks.
Max CVSS
7.5
EPSS Score
0.66%
Published
2005-07-11
Updated
2016-10-18
Directory traversal vulnerability in EMC Navisphere Manager 6.4.1.0.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.
Max CVSS
5.0
EPSS Score
1.20%
Published
2005-08-16
Updated
2017-07-11
EMC Navisphere Manager 6.4.1.0.0 allows remote attackers to list arbitrary directories via an HTTP request for a directory that ends in a "." (trailing dot).
Max CVSS
5.0
EPSS Score
0.48%
Published
2005-08-16
Updated
2008-09-05
Multiple heap-based buffer overflows in EMC Legato NetWorker 7.1.x before 7.1.4 and 7.2.x before 7.2.1.Build.314, and other products such as Sun Solstice Backup (SBU) 6.0 and 6.1 and StorEdge Enterprise Backup Software (EBS) 7.1 through 7.2L, allow remote attackers to execute arbitrary code or cause a denial of service (unresponsive application) via malformed RPC packets to (1) RPC program number 390109 (nsrd.exe) and (2) RPC program number 390113 (nsrexecd.exe).
Max CVSS
7.5
EPSS Score
13.01%
Published
2005-12-31
Updated
2017-07-11
nsrd.exe in EMC Legato NetWorker 7.1.x before 7.1.4 and 7.2.x before 7.2.1.Build.314, and other products such as Sun Solstice Backup (SBU) 6.0 and 6.1 and StorEdge Enterprise Backup Software (EBS) 7.1 through 7.2L, allows remote attackers to cause a denial of service (nsrd service crash) via a malformed RPC request to RPC program number 390109, which triggers a null dereference.
Max CVSS
5.0
EPSS Score
14.80%
Published
2005-12-31
Updated
2017-07-11
EMC Retrospect for Windows 6.5 before 6.5.382, 7.0 before 7.0.344, and 7.5 before 7.5.1.105 does not drop privileges before opening files, which allows local users to execute arbitrary code via the File>Open dialog.
Max CVSS
7.2
EPSS Score
0.04%
Published
2006-05-03
Updated
2017-07-20
EMC Retrospect for Windows 6.5 before 6.5.382, 7.0 before 7.0.344, and 7.5 before 7.5.1.105 allows local users to execute arbitrary code by replacing the Retrospect.exe file, possibly due to improper file permissions.
Max CVSS
4.6
EPSS Score
0.04%
Published
2006-05-03
Updated
2017-07-20
Buffer overflow in EMC Retrospect Client 5.1 through 7.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet to port 497.
Max CVSS
7.5
EPSS Score
86.87%
Published
2006-05-16
Updated
2018-10-18
The Management Console server in EMC NetWorker (formerly Legato NetWorker) 7.3.2 before Jumbo Update 1 uses weak authentication, which allows remote attackers to execute arbitrary commands.
Max CVSS
10.0
EPSS Score
6.64%
Published
2007-03-02
Updated
2011-03-08
EMC RSA Security SiteKey allows remote attackers to display the correct image via a man-in-the-middle (MITM) attack in which an attacker-controlled server proxies authentication data to and from a legitimate SiteKey server. NOTE: the vendor disputes the severity of the issue, stating that it is easier to monitor this attack than "attacks against static web pages."
Max CVSS
8.5
EPSS Score
0.31%
Published
2007-04-30
Updated
2008-09-05
EMC RSA Security SiteKey issues challenge-bypass tokens that persist forever without a cancellation interface for end users, which makes it easier for attackers to bypass one stage of authentication by stealing and replaying a token.
Max CVSS
9.0
EPSS Score
0.09%
Published
2007-04-30
Updated
2008-09-05
EMC RSA Security SiteKey does not set the secure qualifier on the SiteKey Flash token (aka the PassMark Flash shared object), which might allow remote attackers to obtain the token via HTTP.
Max CVSS
9.3
EPSS Score
0.29%
Published
2007-04-30
Updated
2008-09-05
Stack-based buffer overflow in the NetWorker Remote Exec Service (nsrexecd.exe) in EMC Software NetWorker 7.x.x allows remote attackers to execute arbitrary code via a (1) poll or (2) kill request with a "long invalid subcmd."
Max CVSS
9.3
EPSS Score
86.29%
Published
2007-08-21
Updated
2018-10-15
Absolute path traversal vulnerability in a certain ActiveX control in vielib.dll 2.2.5.42958 in EMC VMware 6.0.0 allows remote attackers to execute arbitrary local programs via a full pathname in the first argument to the StartProcess method.
Max CVSS
4.3
EPSS Score
90.46%
Published
2007-07-30
Updated
2017-09-29
Absolute path traversal vulnerability in a certain ActiveX control in vielib.dll in EMC VMware 6.0.0 allows remote attackers to execute arbitrary local programs via a full pathname in the first two arguments to the (1) CreateProcess or (2) CreateProcessEx method.
Max CVSS
9.3
EPSS Score
28.09%
Published
2007-08-03
Updated
2017-09-29
EMC VMware Server before 1.0.4 Build 56528 writes passwords in cleartext to unspecified log files, which allows local users to obtain sensitive information by reading these files, a different vulnerability than CVE-2005-3620.
Max CVSS
2.1
EPSS Score
0.04%
Published
2007-09-21
Updated
2008-09-05
The RepliStor Server Service in EMC Replistor 6.1.3 allows remote attackers to execute arbitrary code via a size value that causes RepliStor to create a smaller buffer than expected, which triggers a buffer overflow when that buffer is used in a recv function call.
Max CVSS
10.0
EPSS Score
10.72%
Published
2007-10-11
Updated
2017-07-29
Multiple heap-based buffer overflows in EMC RepliStor 6.2 SP2, and possibly earlier versions, allow remote attackers to execute arbitrary code via crafted compressed data.
Max CVSS
7.8
EPSS Score
3.24%
Published
2008-02-21
Updated
2018-10-15
416 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!