5 results (0.011 seconds)

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0

Unrestricted file upload vulnerability in EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 allows remote authenticated users to execute arbitrary code by uploading and then accessing an executable file. Vulnerabilidad en la restricción en la carga de archivos en EMC M&R (también conocido como Watch4Net) anterior a 6.5u1 y ViPR SRM anterior a 3.6.1 permite a usuarios remotos autenticados ejecutar código arbitrario mediante la carga y luego el acceso de un archivo ejecutable. • http://archives.neohapsis.com/archives/bugtraq/2015-01/0092.html http://www.securityfocus.com/bid/72256 http://www.securitytracker.com/id/1031567 •

CVSS: 5.0EPSS: 8%CPEs: 2EXPL: 3

EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 might allow remote attackers to obtain cleartext data-center discovery credentials by leveraging certain SRM access to conduct a decryption attack. EMC M&R (también conocido como Watch4Net) anterior a 6.5u1 y ViPR SRM anterior a 3.6.1 puede permitir a atacantes remotos obtener credenciales de centro de datos en texto claro aprovechándose de cierto acceso SRM que conlleva a un ataque de descifrado. It was discovered that EMC M&R (Watch4net) credentials of remote servers stored in Watch4net are encrypted using a fixed hard-coded password. If an attacker manages to obtain a copy of the encrypted credentials, it is trivial to decrypt them. • https://www.exploit-db.com/exploits/36436 http://archives.neohapsis.com/archives/bugtraq/2015-01/0092.html http://packetstormsecurity.com/files/130910/EMC-M-R-Watch4net-Insecure-Credential-Storage.html http://seclists.org/fulldisclosure/2015/Mar/112 http://www.securityfocus.com/archive/1/534923/100/0/threaded http://www.securityfocus.com/bid/72257 http://www.securitytracker.com/id/1031567 https://www.securify.nl/advisory/SFY20141101/emc_m_r__watch4net__data_storage_collector_credentials_ar • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.0EPSS: 2%CPEs: 2EXPL: 2

Directory traversal vulnerability in EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 allows remote authenticated users to read arbitrary files via a crafted URL. Vulnerabilidad de salto de directorio en EMC M&R (también conocido como Watch4Net) anterior a 6.5u1 y ViPR SRM anterior a 3.6.1 permite a usuarios remotos autenticados leer archivos arbitrarios a través de una URL modificada. A path traversal vulnerability was found in EMC M&R (Watch4net) Device Discovery. This vulnerability allows an attacker to access sensitive files containing configuration data, passwords, database records, log data, source code, and program scripts and binaries. • https://www.exploit-db.com/exploits/36440 http://archives.neohapsis.com/archives/bugtraq/2015-01/0092.html http://seclists.org/fulldisclosure/2015/Mar/116 http://www.securityfocus.com/archive/1/534929/100/0/threaded http://www.securityfocus.com/bid/72255 http://www.securitytracker.com/id/1031567 https://www.securify.nl/advisory/SFY20141105/path_traversal_vulnerability_in_emc_m_r__watch4net__mib_browser.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 3.5EPSS: 0%CPEs: 2EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in the administrative user interface in EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging privileged access to set crafted values of unspecified fields. Múltiples vulnerabilidades XSS en la interfaz de usuario de administración en EMC M&R (también conocido como Watch4Net) anterior a 6.5u1 y ViPR SRM anterior a 3.6.1 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios aprovechándose de privilegios de acceso para establecer valores modificados de campos sin especificar A cross site scripting vulnerability was found in EMC M&R (Watch4net) Web Portal. This issue allows attackers to replace the report that is shown at startup, the attackers payload will be stored in the user's profile and will be executed every time the victim logs in. • http://archives.neohapsis.com/archives/bugtraq/2015-01/0092.html http://www.securityfocus.com/bid/72259 http://www.securitytracker.com/id/1031567 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 2.1EPSS: 0%CPEs: 3EXPL: 0

EMC Watch4Net before 6.3 stores cleartext polled-device passwords in the installation repository, which allows local users to obtain sensitive information by leveraging repository privileges. EMC Watch4Net antes de 6.3 almacena en texto plano las contraseñas del dispositivo encuestados en el repositorio de la instalación, lo que permite a usuarios locales obtener información sensible mediante el aprovechamiento de los privilegios del repositorio. • http://archives.neohapsis.com/archives/bugtraq/2013-12/0140.html http://packetstormsecurity.com/files/124585/EMC-Watch4net-Information-Disclosure.html http://www.securityfocus.com/bid/64517 http://www.securitytracker.com/id/1029535 • CWE-310: Cryptographic Issues •