CVSS: 5.0EPSS: 0%CPEs: 7EXPL: 0CVE-2012-4616
https://notcve.org/view.php?id=CVE-2012-4616
Directory traversal vulnerability in the Web UI in EMC Data Protection Advisor (DPA) 5.6 through SP1, 5.7 through SP1, and 5.8 through SP4 allows remote attackers to read arbitrary files via unspecified vectors. Una vulnerabilidad de salto de directorio en la interfaz de usuario web de EMC Data Protection Advisor (DPA) v5.6 hasta SP1, v5.7 SP1 hasta SP1, y v5.8 hasta SP4, que permite a atacantes remotos leer archivos de su elección a través de vectores no especificados. • http://archives.neohapsis.com/archives/bugtraq/2012-12/0125.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.0EPSS: 1%CPEs: 8EXPL: 2CVE-2012-0407 – EMC Data Protection Advisor 5.8.1 - Denial of Service
https://notcve.org/view.php?id=CVE-2012-0407
Integer overflow in the DPA_Utilities library in EMC Data Protection Advisor (DPA) 5.5 through 5.8 SP1 allows remote attackers to cause a denial of service (infinite loop) via a negative 64-bit value in a certain size field. Desbordamiento de entero en la biblioteca DPA_Utilities de EMC Data Protection Advisor (DPA) v5.5 a v5.8 SP1 permite a atacantes remotos causar una denegación de servicio (bucle infinito) a través de un valor de 64-bits negativo en un determinado campo 'tamaño'. • https://www.exploit-db.com/exploits/18688 http://aluigi.altervista.org/adv/dpa_1-adv.txt http://www.exploit-db.com/exploits/18688 http://www.securityfocus.com/archive/1/522408/30/0/threaded http://www.securitytracker.com/id?1026956 • CWE-189: Numeric Errors •
CVSS: 7.8EPSS: 1%CPEs: 8EXPL: 3CVE-2012-0406 – EMC Data Protection Advisor 5.8.1 - Denial of Service
https://notcve.org/view.php?id=CVE-2012-0406
The DPA_Utilities.cProcessAuthenticationData function in EMC Data Protection Advisor (DPA) 5.5 through 5.8 SP1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an AUTHENTICATECONNECTION command that (1) lacks a password field or (2) has an empty password. La función de DPA_Utilities.cProcessAuthenticationData de EMC Data Protection Advisor (DPA) v5.5 a v5.8 SP1 permite a atacantes remotos causar una denegación de servicio (desreferencia de puntero NULL y caída del demonio) a través de un comando AUTHENTICATECONNECTION que (1) carece de un campo de contraseña o (2) tiene una contraseña vacía. • https://www.exploit-db.com/exploits/18688 http://aluigi.altervista.org/adv/dpa_1-adv.txt http://www.exploit-db.com/exploits/18688 http://www.securityfocus.com/archive/1/522408/30/0/threaded http://www.securitytracker.com/id?1026956 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 2.1EPSS: 0%CPEs: 8EXPL: 0CVE-2011-1742
https://notcve.org/view.php?id=CVE-2011-1742
EMC Data Protection Advisor before 5.8.1 places cleartext account credentials in the DPA configuration file in unspecified circumstances, which might allow local users to obtain sensitive information by reading this file. EMC Data Protection Advisor anterior a v5.8.1 coloca credenciales de cuentas en texto claro en el fichero de configuración DPA en circunstancias no especificadas, lo que permite a usuarios locales obtener información sensible leyendo este fichero. • http://securityreason.com/securityalert/8318 http://www.securityfocus.com/archive/1/519012/100/0/threaded • CWE-255: Credentials Management Errors •