Filtered by vendor Emc Subscriptions
Total 414 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2001-0910 1 Emc 1 Networker 2024-08-08 N/A
Legato Networker before 6.1 allows remote attackers to bypass access restrictions and gain privileges on the Networker interface by spoofing the admin server name and IP address and connecting to Networker from an IP address whose hostname can not be determined by a DNS reverse lookup.
CVE-2002-0114 1 Emc 1 Networker 2024-08-08 N/A
EMC NetWorker (formerly Legato NetWorker) before 7.0 stores passwords in plaintext in the daemon.log file, which allows local users to gain privileges by reading the password from the file. NOTE: this was originally reported for Legato NetWorker 6.1 on the Solaris 7 platform.
CVE-2002-0113 1 Emc 1 Networker 2024-08-08 N/A
EMC NetWorker (formerly Legato NetWorker) before 7.0 stores log files in the /nsr/logs/ directory with world-readable permissions, which allows local users to read sensitive information and possibly gain privileges. NOTE: this was originally reported for Legato NetWorker 6.1 on the Solaris 7 platform.
CVE-2005-3659 1 Emc 1 Legato Networker 2024-08-07 N/A
nsrd.exe in EMC Legato NetWorker 7.1.x before 7.1.4 and 7.2.x before 7.2.1.Build.314, and other products such as Sun Solstice Backup (SBU) 6.0 and 6.1 and StorEdge Enterprise Backup Software (EBS) 7.1 through 7.2L, allows remote attackers to cause a denial of service (nsrd service crash) via a malformed RPC request to RPC program number 390109, which triggers a null dereference.
CVE-2005-3658 1 Emc 1 Legato Networker 2024-08-07 N/A
Multiple heap-based buffer overflows in EMC Legato NetWorker 7.1.x before 7.1.4 and 7.2.x before 7.2.1.Build.314, and other products such as Sun Solstice Backup (SBU) 6.0 and 6.1 and StorEdge Enterprise Backup Software (EBS) 7.1 through 7.2L, allow remote attackers to execute arbitrary code or cause a denial of service (unresponsive application) via malformed RPC packets to (1) RPC program number 390109 (nsrd.exe) and (2) RPC program number 390113 (nsrexecd.exe).
CVE-2005-2358 1 Emc 1 Navisphere Manager 2024-08-07 N/A
EMC Navisphere Manager 6.4.1.0.0 allows remote attackers to list arbitrary directories via an HTTP request for a directory that ends in a "." (trailing dot).
CVE-2005-2357 1 Emc 1 Navisphere Manager 2024-08-07 N/A
Directory traversal vulnerability in EMC Navisphere Manager 6.4.1.0.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.
CVE-2005-2185 1 Emc 1 Eroom 2024-08-07 N/A
eRoom does not set an expiration for Cookies, which allows remote attackers to capture cookies and conduct replay attacks.
CVE-2005-2184 1 Emc 1 Eroom 2024-08-07 N/A
eRoom 6.x does not properly restrict files that can be attached, which allows remote attackers to execute arbitrary commands via a .lnk file.
CVE-2005-0357 2 Emc, Sun 3 Legato Networker, Solstice Backup, Storedge Enterprise Backup Software 2024-08-07 N/A
EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 7.0 through 7.2 rely on AUTH_UNIX authentication, which relies on user ID for authentication and allows remote attackers to bypass authentication and gain privileges by spoofing a username or UID.
CVE-2005-0359 2 Emc, Sun 3 Legato Networker, Solstice Backup, Storedge Enterprise Backup Software 2024-08-07 N/A
The Legato PortMapper in EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 7.0 through 7.2 does not restrict access to the pmap_set and pmap_unset commands, which allows remote attackers to (1) cause a denial of service by using pmap_unset to un-register a NetWorker service, or (2) obtain sensitive information from NetWorker services by using pmap_set to register a new service.
CVE-2005-0358 2 Emc, Sun 3 Legato Networker, Solstice Backup, Storedge Enterprise Backup Software 2024-08-07 N/A
EMC Legato NetWorker, Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 6.0 through 7.2 do not properly verify authentication tokens, which allows remote attackers to gain privileges by modifying an authentication token.
CVE-2006-7199 1 Emc 1 Rsa Security Sitekey 2024-08-07 N/A
EMC RSA Security SiteKey allows remote attackers to display the correct image via a man-in-the-middle (MITM) attack in which an attacker-controlled server proxies authentication data to and from a legitimate SiteKey server. NOTE: the vendor disputes the severity of the issue, stating that it is easier to monitor this attack than "attacks against static web pages."
CVE-2006-7201 1 Emc 1 Rsa Security Sitekey 2024-08-07 N/A
EMC RSA Security SiteKey does not set the secure qualifier on the SiteKey Flash token (aka the PassMark Flash shared object), which might allow remote attackers to obtain the token via HTTP.
CVE-2006-7200 1 Emc 1 Rsa Security Sitekey 2024-08-07 N/A
EMC RSA Security SiteKey issues challenge-bypass tokens that persist forever without a cancellation interface for end users, which makes it easier for attackers to bypass one stage of authentication by stealing and replaying a token.
CVE-2006-3892 1 Emc 1 Networker 2024-08-07 N/A
The Management Console server in EMC NetWorker (formerly Legato NetWorker) 7.3.2 before Jumbo Update 1 uses weak authentication, which allows remote attackers to execute arbitrary commands.
CVE-2006-2391 1 Emc 1 Retrospect Client 2024-08-07 N/A
Buffer overflow in EMC Retrospect Client 5.1 through 7.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet to port 497.
CVE-2006-2154 1 Emc 1 Retrospect 2024-08-07 N/A
EMC Retrospect for Windows 6.5 before 6.5.382, 7.0 before 7.0.344, and 7.5 before 7.5.1.105 does not drop privileges before opening files, which allows local users to execute arbitrary code via the File>Open dialog.
CVE-2006-2155 1 Emc 1 Retrospect 2024-08-07 N/A
EMC Retrospect for Windows 6.5 before 6.5.382, 7.0 before 7.0.344, and 7.5 before 7.5.1.105 allows local users to execute arbitrary code by replacing the Retrospect.exe file, possibly due to improper file permissions.
CVE-2007-6426 1 Emc 1 Replistor 2024-08-07 N/A
Multiple heap-based buffer overflows in EMC RepliStor 6.2 SP2, and possibly earlier versions, allow remote attackers to execute arbitrary code via crafted compressed data.