CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2017-8016
https://notcve.org/view.php?id=CVE-2017-8016
RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-site scripting via the Questionnaire ID field. An authenticated attacker may potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application. La plataforma RSA Archer GRC en versiones anteriores a la 6.2.0.5 se ve afectada por Cross-Site Scripting (XSS) persistente mediante el campo Questionnaire ID. Un atacante autenticado podría explotarlo para ejecutar código HTML arbitrario en la sesión del navegador del usuario en el contexto de la aplicación RSA Archer afectada. • http://seclists.org/fulldisclosure/2017/Oct/12 http://www.securitytracker.com/id/1039518 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2017-8025
https://notcve.org/view.php?id=CVE-2017-8025
RSA Archer GRC Platform prior to 6.2.0.5 is affected by an arbitrary file upload vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to upload malicious files via attachments to arbitrary paths on the web server. La plataforma RSA Archer GRC en versiones anteriores a la 6.2.0.5 se ve afectada por una vulnerabilidad de subida de archivos arbitrarios. Un atacante remoto no autenticado podría explotar esta vulnerabilidad para subir archivos maliciosos mediante archivos adjuntos a rutas arbitrarias en el servidor web. • http://seclists.org/fulldisclosure/2017/Oct/12 http://www.securityfocus.com/bid/101195 http://www.securitytracker.com/id/1039518 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2017-8017
https://notcve.org/view.php?id=CVE-2017-8017
EMC Network Configuration Manager (NCM) 9.3.x, 9.4.0.x, 9.4.1.x, and 9.4.2.x is affected by a reflected cross-site scripting Vulnerability that could potentially be exploited by malicious users to compromise the affected system. EMC Network Configuration Manager (NCM) 9.3.x, 9.4.0.x, 9.4.1.x y 9.4.2.x se ve afectado por una vulnerabilidad de Cross-Site Scripting (XSS) reflejado que podría ser explotada por usuarios maliciosos para comprometer el sistema afectado. • http://seclists.org/fulldisclosure/2017/Oct/11 http://www.securityfocus.com/bid/101194 http://www.securitytracker.com/id/1039517 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2017-8018
https://notcve.org/view.php?id=CVE-2017-8018
EMC AppSync host plug-in versions 3.5 and below (Windows platform only) includes a denial of service (DoS) vulnerability that could potentially be exploited by malicious users to compromise the affected system. El plugin host EMC AppSync en versiones 3.5 y anteriores (sólo en la plataforma Windows) incluye una vulnerabilidad de denegación de servicio (DoS) que podría se explotada por usuarios maliciosos para comprometer el sistema afectado. • http://seclists.org/fulldisclosure/2017/Sep/75 http://www.securityfocus.com/bid/101016 • CWE-20: Improper Input Validation •
CVSS: 9.0EPSS: 1%CPEs: 1EXPL: 0CVE-2017-10955 – EMC Data Protection Advisor ScheduledReportResource Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-10955
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Data Protection Advisor 6.3.0. Authentication is required to exploit this vulnerability. The specific flaw exists within the EMC DPA Application service, which listens on TCP port 9002 by default. When parsing the preScript parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute arbitrary code under the context of SYSTEM. • http://www.securityfocus.com/bid/101008 https://zerodayinitiative.com/advisories/ZDI-17-812 • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •