Page 2 of 10 results (0.005 seconds)

CVSS: 5.0EPSS: 0%CPEs: 7EXPL: 0

Directory traversal vulnerability in the Web UI in EMC Data Protection Advisor (DPA) 5.6 through SP1, 5.7 through SP1, and 5.8 through SP4 allows remote attackers to read arbitrary files via unspecified vectors. Una vulnerabilidad de salto de directorio en la interfaz de usuario web de EMC Data Protection Advisor (DPA) v5.6 hasta SP1, v5.7 SP1 hasta SP1, y v5.8 hasta SP4, que permite a atacantes remotos leer archivos de su elección a través de vectores no especificados. • http://archives.neohapsis.com/archives/bugtraq/2012-12/0125.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 5.0EPSS: 1%CPEs: 8EXPL: 2

Integer overflow in the DPA_Utilities library in EMC Data Protection Advisor (DPA) 5.5 through 5.8 SP1 allows remote attackers to cause a denial of service (infinite loop) via a negative 64-bit value in a certain size field. Desbordamiento de entero en la biblioteca DPA_Utilities de EMC Data Protection Advisor (DPA) v5.5 a v5.8 SP1 permite a atacantes remotos causar una denegación de servicio (bucle infinito) a través de un valor de 64-bits negativo en un determinado campo 'tamaño'. • https://www.exploit-db.com/exploits/18688 http://aluigi.altervista.org/adv/dpa_1-adv.txt http://www.exploit-db.com/exploits/18688 http://www.securityfocus.com/archive/1/522408/30/0/threaded http://www.securitytracker.com/id?1026956 • CWE-189: Numeric Errors •

CVSS: 7.8EPSS: 1%CPEs: 8EXPL: 3

The DPA_Utilities.cProcessAuthenticationData function in EMC Data Protection Advisor (DPA) 5.5 through 5.8 SP1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an AUTHENTICATECONNECTION command that (1) lacks a password field or (2) has an empty password. La función de DPA_Utilities.cProcessAuthenticationData de EMC Data Protection Advisor (DPA) v5.5 a v5.8 SP1 permite a atacantes remotos causar una denegación de servicio (desreferencia de puntero NULL y caída del demonio) a través de un comando AUTHENTICATECONNECTION que (1) carece de un campo de contraseña o (2) tiene una contraseña vacía. • https://www.exploit-db.com/exploits/18688 http://aluigi.altervista.org/adv/dpa_1-adv.txt http://www.exploit-db.com/exploits/18688 http://www.securityfocus.com/archive/1/522408/30/0/threaded http://www.securitytracker.com/id?1026956 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 2.1EPSS: 0%CPEs: 8EXPL: 0

EMC Data Protection Advisor before 5.8.1 places cleartext account credentials in the DPA configuration file in unspecified circumstances, which might allow local users to obtain sensitive information by reading this file. EMC Data Protection Advisor anterior a v5.8.1 coloca credenciales de cuentas en texto claro en el fichero de configuración DPA en circunstancias no especificadas, lo que permite a usuarios locales obtener información sensible leyendo este fichero. • http://securityreason.com/securityalert/8318 http://www.securityfocus.com/archive/1/519012/100/0/threaded • CWE-255: Credentials Management Errors •

CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0

EMC Data Protection Advisor Collector 5.7 and 5.7.1 on Solaris SPARC platforms uses weak permissions for unspecified files, which allows local users to gain privileges via unknown vectors. EMC Data Protection Advisor Collector v5.7 y v5.7.1 en plataformas Solaris SPARC utiliza permisos débiles para archivos no específicos,lo que permite a usuarios locales conseguir privilegios a través de vectores desconocidos. • http://secunia.com/advisories/43893 http://securityreason.com/securityalert/8169 http://securitytracker.com/id?1025253 http://www.securityfocus.com/archive/1/517179/100/0/threaded http://www.securityfocus.com/bid/47036 http://www.vupen.com/english/advisories/2011/0783 https://exchange.xforce.ibmcloud.com/vulnerabilities/66323 • CWE-264: Permissions, Privileges, and Access Controls •