CVSS: 8.8EPSS: 3%CPEs: 1EXPL: 0CVE-2017-8002 – EMC Data Protection Advisor RequestHistoryResource orderby SQL Injection Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2017-8002
EMC Data Protection Advisor prior to 6.4 contains multiple blind SQL injection vulnerabilities. A remote authenticated attacker may potentially exploit these vulnerabilities to gain information about the application by causing execution of arbitrary SQL commands. Data Protection Advisor anterior a versión 6.4 de EMC, contiene múltiples vulnerabilidades de inyección SQL ciega. Un atacante autenticado remoto puede potencialmente explotar estas vulnerabilidades para conseguir información sobre la aplicación causando la ejecución de comandos SQL arbitrarios. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of EMC Data Protection Advisor. • http://seclists.org/fulldisclosure/2017/Jul/12 http://www.securityfocus.com/bid/99487 http://www.securitytracker.com/id/1038841 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-8003 – EMC Data Protection Advisor ScheduledReportResource Directory Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2017-8003
EMC Data Protection Advisor prior to 6.4 contains a path traversal vulnerability. A remote authenticated high privileged user may potentially exploit this vulnerability to access unauthorized information from the underlying OS server by supplying specially crafted strings in input parameters of the application. Data Protection Advisor de EMC anterior a versión 6.4, contiene una vulnerabilidad de salto de directorio. Un usuario autenticado remoto con privilegios elevados puede potencialmente explotar esta vulnerabilidad para acceder a información no autorizada desde el servidor del sistema operativo subyacente mediante la proporción de cadenas especialmente creadas en los parámetros de entrada de la aplicación. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of EMC Data Protection Advisor. • http://seclists.org/fulldisclosure/2017/Jul/12 http://www.securityfocus.com/bid/99487 http://www.securitytracker.com/id/1038841 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.0EPSS: 1%CPEs: 8EXPL: 2CVE-2012-0407 – EMC Data Protection Advisor 5.8.1 - Denial of Service
https://notcve.org/view.php?id=CVE-2012-0407
Integer overflow in the DPA_Utilities library in EMC Data Protection Advisor (DPA) 5.5 through 5.8 SP1 allows remote attackers to cause a denial of service (infinite loop) via a negative 64-bit value in a certain size field. Desbordamiento de entero en la biblioteca DPA_Utilities de EMC Data Protection Advisor (DPA) v5.5 a v5.8 SP1 permite a atacantes remotos causar una denegación de servicio (bucle infinito) a través de un valor de 64-bits negativo en un determinado campo 'tamaño'. • https://www.exploit-db.com/exploits/18688 http://aluigi.altervista.org/adv/dpa_1-adv.txt http://www.exploit-db.com/exploits/18688 http://www.securityfocus.com/archive/1/522408/30/0/threaded http://www.securitytracker.com/id?1026956 • CWE-189: Numeric Errors •
CVSS: 7.8EPSS: 1%CPEs: 8EXPL: 3CVE-2012-0406 – EMC Data Protection Advisor 5.8.1 - Denial of Service
https://notcve.org/view.php?id=CVE-2012-0406
The DPA_Utilities.cProcessAuthenticationData function in EMC Data Protection Advisor (DPA) 5.5 through 5.8 SP1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an AUTHENTICATECONNECTION command that (1) lacks a password field or (2) has an empty password. La función de DPA_Utilities.cProcessAuthenticationData de EMC Data Protection Advisor (DPA) v5.5 a v5.8 SP1 permite a atacantes remotos causar una denegación de servicio (desreferencia de puntero NULL y caída del demonio) a través de un comando AUTHENTICATECONNECTION que (1) carece de un campo de contraseña o (2) tiene una contraseña vacía. • https://www.exploit-db.com/exploits/18688 http://aluigi.altervista.org/adv/dpa_1-adv.txt http://www.exploit-db.com/exploits/18688 http://www.securityfocus.com/archive/1/522408/30/0/threaded http://www.securitytracker.com/id?1026956 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 2.1EPSS: 0%CPEs: 8EXPL: 0CVE-2011-1742
https://notcve.org/view.php?id=CVE-2011-1742
EMC Data Protection Advisor before 5.8.1 places cleartext account credentials in the DPA configuration file in unspecified circumstances, which might allow local users to obtain sensitive information by reading this file. EMC Data Protection Advisor anterior a v5.8.1 coloca credenciales de cuentas en texto claro en el fichero de configuración DPA en circunstancias no especificadas, lo que permite a usuarios locales obtener información sensible leyendo este fichero. • http://securityreason.com/securityalert/8318 http://www.securityfocus.com/archive/1/519012/100/0/threaded • CWE-255: Credentials Management Errors •