| CVE-2012-4611 |
medium |
— |
4.3 |
|
|
emc |
14y ago |
Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Adaptive Authentication On-Premise (AAOP) before 7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vecto… |
| CVE-2012-4612 |
medium |
— |
4.3 |
|
|
emc |
14y ago |
Cross-site scripting (XSS) vulnerability in EMC RSA Data Protection Manager Appliance and Software Server 2.7.x and 3.x before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via… |
| CVE-2012-4610 |
low |
— |
3.3 |
|
|
emc |
14y ago |
EMC Avamar Client for VMware 6.1 stores the cleartext server root password on the proxy client, which might allow remote attackers to obtain sensitive information by leveraging "network access" to th… |
| CVE-2012-2290 |
critical |
— |
9.3 |
|
|
emc |
14y ago |
The client in EMC NetWorker Module for Microsoft Applications (NMM) 2.2.1, 2.3 before build 122, and 2.4 before build 375 allows remote attackers to execute arbitrary code by sending a crafted messag… |
| CVE-2012-2284 |
low |
— |
2.1 |
|
|
emcmicrosoft |
14y ago |
The (1) install and (2) upgrade processes in EMC NetWorker Module for Microsoft Applications (NMM) 2.2.1, 2.3 before build 122, and 2.4 before build 375, when Exchange Server is used, allow local use… |
| CVE-2012-2286 |
low |
— |
2.9 |
|
|
emc |
14y ago |
Unspecified vulnerability in EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 before SP3 P3 allows remote attackers to obtain sensitive information via unknown vectors. |
| CVE-2012-2288 |
critical |
— |
10.0 |
EXP |
|
emc |
14y ago |
Format string vulnerability in the nsrd RPC service in EMC NetWorker 7.6.3 and 7.6.4 before 7.6.4.1, and 8.0 before 8.0.0.1, allows remote attackers to execute arbitrary code via format string specif… |
| CVE-2012-2285 |
medium |
— |
6.8 |
|
|
emc |
14y ago |
EMC Cloud Tiering Appliance (aka CTA, formerly FMA) 9.0 and earlier, and Cloud Tiering Appliance Virtual Edition (CTA/VE) 9.0 and earlier, allows remote attackers to obtain GUI administrative access … |
| CVE-2012-2282 |
medium |
— |
6.5 |
|
|
emc |
14y ago |
EMC Celerra Network Server 6.x before 6.0.61.0, VNX 7.x before 7.0.53.2, and VNXe 2.0 and 2.1 before 2.1.3.19077 (aka MR1 SP3.2) and 2.2 before 2.2.0.19078 (aka MR2 SP0.2) do not properly implement N… |
| CVE-2012-2280 |
medium |
— |
5.0 |
|
|
emcrsa |
14y ago |
EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14 do not properly use frames, which allows remote attackers to inject arbitrary web script or HTML via uns… |
| CVE-2012-2279 |
medium |
— |
6.4 |
|
|
emcrsa |
14y ago |
Open redirect vulnerability in the Security Console in EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14 allows remote attackers to redirect users to arbi… |
| CVE-2012-2278 |
medium |
— |
4.3 |
|
|
emcrsa |
14y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the (1) Self-Service Console and (2) Security Console in EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before … |
| CVE-2012-2515 |
critical |
— |
10.0 |
EXP |
|
emcge |
14y ago |
Multiple stack-based buffer overflows in the KeyHelp.KeyCtrl.1 ActiveX control in KeyHelp.ocx 1.2.312 in KeyWorks KeyHelp Module (aka the HTML Help component), as used in EMC Documentum ApplicationXt… |
| CVE-2012-0407 |
medium |
— |
6.0 |
EXP |
|
emc |
14y ago |
Integer overflow in the DPA_Utilities library in EMC Data Protection Advisor (DPA) 5.5 through 5.8 SP1 allows remote attackers to cause a denial of service (infinite loop) via a negative 64-bit value… |
| CVE-2012-0404 |
medium |
— |
4.3 |
|
|
emc |
14y ago |
Cross-site scripting (XSS) vulnerability in EMC Documentum eRoom before 7.4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2012-0396 |
medium |
— |
4.0 |
|
|
emc |
15y ago |
EMC Documentum xPlore 1.0, 1.1 before P07, and 1.2 does not properly enforce the requirement for BROWSE permission, which allows remote authenticated users to determine the existence of an object, or… |
| CVE-2011-4144 |
medium |
— |
6.8 |
|
|
emc |
15y ago |
Unspecified vulnerability in EMC Documentum Content Server 6.0, 6.5 before SP2 P02, 6.5 SP3 before SP3 P02, and 6.6 before P02 allows local users to obtain "highest super user privileges" by leveragi… |
| CVE-2012-0395 |
critical |
— |
9.3 |
|
|
emc |
15y ago |
Buffer overflow in the server in EMC NetWorker 7.5.x and 7.6.x before 7.6.3 SP1 Cumulative Release build 851 allows remote attackers to cause a denial of service (daemon crash) or possibly execute ar… |
| CVE-2011-4142 |
low |
— |
2.1 |
|
|
emc |
15y ago |
The Web Search feature in EMC SourceOne Email Management 6.5 before 6.5.2.4033, 6.6 before 6.6.1.2194, and 6.7 before 6.7.2.2033 places cleartext credentials in log files, which allows local users to… |
| CVE-2011-2742 |
medium |
— |
6.8 |
|
|
emc |
15y ago |
EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1 Patch 2, SP1 Patch 3, SP2, SP2 Patch 1, and SP3 does not properly perform forensic evaluation upon receipt of device tokens from mobile a… |
| CVE-2011-2741 |
medium |
— |
6.8 |
|
|
emc |
15y ago |
EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1 Patch 2, SP1 Patch 3, SP2, SP2 Patch 1, and SP3 does not properly implement Device Recovery and Device Identification, which might allow … |
| CVE-2011-2738 |
critical |
— |
10.0 |
|
|
ciscoemc |
15y ago |
Multiple unspecified vulnerabilities in Cisco Unified Service Monitor before 8.6, as used in Unified Operations Manager before 8.6 and CiscoWorks LAN Management Solution 3.x and 4.x before 4.1; and m… |
| CVE-2011-1744 |
medium |
— |
5.8 |
|
|
emc |
15y ago |
EMC Captiva eInput 2.1.1 before 2.1.1.37 does not restrict the origin of calls to ActiveX functions, which allows remote attackers to read arbitrary files or cause a denial of service via a crafted w… |
| CVE-2011-1743 |
medium |
— |
4.3 |
|
|
emc |
15y ago |
Cross-site scripting (XSS) vulnerability in EMC Captiva eInput 2.1.1 before 2.1.1.37 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2011-1742 |
low |
— |
2.1 |
|
|
emc |
15y ago |
EMC Data Protection Advisor before 5.8.1 places cleartext account credentials in the DPA configuration file in unspecified circumstances, which might allow local users to obtain sensitive information… |
| CVE-2011-1741 |
critical |
— |
10.0 |
|
|
emc |
15y ago |
Stack-based buffer overflow in ftserver.exe in the OpenText Hummingbird Client Connector, as used in the Indexing Server in EMC Documentum eRoom 7.x before 7.4.3.f and other products, allows remote a… |
| CVE-2011-1424 |
low |
— |
3.5 |
|
|
emcmicrosoftibm |
15y ago |
The default configuration of ExShortcut\Web.config in EMC SourceOne Email Management before 6.6 SP1, when the Mobile Services component is used, does not properly set the localOnly attribute of the t… |
| CVE-2011-1423 |
medium |
— |
4.3 |
|
|
emc |
15y ago |
Cross-site scripting (XSS) vulnerability in RSA Data Loss Prevention (DLP) Enterprise Manager 8.x before 8.5 SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2011-1422 |
medium |
— |
4.3 |
|
|
emc |
15y ago |
Cross-site scripting (XSS) vulnerability in an unspecified Shockwave Flash file in EMC RSA Adaptive Authentication On-Premise (AAOP) 2.x, 5.7.x, and 6.x allows remote attackers to inject arbitrary we… |
| CVE-2011-1421 |
medium |
— |
6.9 |
|
|
emc |
15y ago |
EMC NetWorker 7.5.x before 7.5.4.3 and 7.6.x before 7.6.1.5, when the client push feature is enabled, uses weak permissions for an unspecified file, which allows local users to gain privileges via un… |
| CVE-2011-0442 |
low |
— |
3.5 |
|
|
emc |
15y ago |
The service utility in EMC Avamar 5.x before 5.0.4 uses cleartext to transmit event details in (1) service requests and (2) e-mail messages, which might allow remote attackers to obtain sensitive inf… |
| CVE-2011-0647 |
critical |
— |
10.0 |
EXP |
|
emc |
16y ago |
The irccd.exe service in EMC Replication Manager Client before 5.3 and NetWorker Module for Microsoft Applications 2.1.x and 2.2.x allows remote attackers to execute arbitrary commands via the RunPro… |
| CVE-2011-0321 |
medium |
— |
6.4 |
|
|
emc |
16y ago |
librpc.dll in nsrexecd in EMC NetWorker before 7.5 SP4, 7.5.3.x before 7.5.3.5, and 7.6.x before 7.6.1.2 does not properly mitigate the possibility of a spoofed localhost source IP address, which all… |
| CVE-2010-1904 |
medium |
— |
6.8 |
|
|
emc |
16y ago |
SQL injection vulnerability in EMC RSA Key Manager (RKM) C Client 1.5.x allows user-assisted remote attackers to execute arbitrary SQL commands via the metadata section of encrypted key data. |
| CVE-2009-2754 |
critical |
— |
10.0 |
EXP |
|
ibmemc |
17y ago |
Integer signedness error in the authentication functionality in librpc.dll in the Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), as used in IBM Informix Dynamic Server (IDS) 10.… |
| CVE-2010-0620 |
critical |
— |
10.0 |
EXP |
|
emc |
17y ago |
Directory traversal vulnerability in the SSL Service in EMC HomeBase Server 6.2.x before 6.2.3 and 6.3.x before 6.3.2 allows remote attackers to overwrite arbitrary files with any content, and conseq… |
