CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 1CVE-2015-0524 – EMC Secure Remote Services Virtual Edition SQL Injection
https://notcve.org/view.php?id=CVE-2015-0524
SQL injection vulnerability in the Gateway Provisioning service in EMC Secure Remote Services Virtual Edition (ESRS VE) 3.02 and 3.03 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en el servicio Gateway Provisioning en EMC Secure Remote Services Virtual Edition (ESRS VE) 3.02 y 3.03 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de vectores no especificados. An SQL injection vulnerability was found in EMC Secure Remote Services Virtual Edition (ESRS VE) that allows an attacker to retrieve arbitrary data from the application, interfere with its logic, or execute commands on the database server itself. • http://packetstormsecurity.com/files/130768/EMC-Secure-Remote-Services-GHOST-SQL-Injection-Command-Injection.html http://seclists.org/bugtraq/2015/Mar/40 http://seclists.org/fulldisclosure/2015/Mar/119 http://www.securityfocus.com/archive/1/534930/100/0/threaded https://www.securify.nl/advisory/SFY20141113/emc_secure_remote_services_virtual_edition_provisioning_component_is_affected_by_sql_injection.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2015-0525 – EMC Secure Remote Services Virtual Edition Command Injection
https://notcve.org/view.php?id=CVE-2015-0525
The Gateway Provisioning service in EMC Secure Remote Services Virtual Edition (ESRS VE) 3.02 and 3.03 allows remote attackers to execute arbitrary OS commands via unspecified vectors. El servicio Gateway Provisioning en EMC Secure Remote Services Virtual Edition (ESRS VE) 3.02 y 3.03 permite a atacantes remotos ejecutar comandos del sistema operativo arbitrarios a través de vectores no especificados. A command injection vulnerability was found in EMC Secure Remote Services Virtual Edition (ESRS VE) that allows an attacker to execute arbitrary system commands and take full control over ESRS VE. • http://packetstormsecurity.com/files/130768/EMC-Secure-Remote-Services-GHOST-SQL-Injection-Command-Injection.html http://seclists.org/bugtraq/2015/Mar/40 http://seclists.org/fulldisclosure/2015/Mar/118 http://www.securityfocus.com/archive/1/534928/100/0/threaded https://www.securify.nl/advisory/SFY20141112/command_injection_vulnerability_in_emc_secure_remote_services_virtual_edition.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •