Page 27 of 419 results (0.005 seconds)

CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0

CVE-2016-0895

https://notcve.org/view.php?id=CVE-2016-0895

EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote attackers to conduct clickjacking attacks via web-site elements with crafted transparency or opacity. EMC RSA Data Loss Prevention 9.6 en versiones anteriores a SP2 P5 permite a atacantes remotos llevar a cabo ataques de secuestro de clic a través de elementos del sitio web con transparencia u opacidad manipuladas. • http://packetstormsecurity.com/files/136888/RSA-Data-Loss-Prevention-XSS-Information-Disclosure.html http://seclists.org/bugtraq/2016/May/9 http://www.securitytracker.com/id/1035714 • CWE-20: Improper Input Validation •

CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0

CVE-2016-0894

https://notcve.org/view.php?id=CVE-2016-0894

EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote authenticated users to bypass intended object access restrictions via a modified parameter. EMC RSA Data Loss Prevention 9.6 en versiones anteriores a SP2 P5 permite a usuarios autenticados remotos eludir restricciones destinadas al acceso de objetos a través de un parámetro modificado. • http://packetstormsecurity.com/files/136888/RSA-Data-Loss-Prevention-XSS-Information-Disclosure.html http://seclists.org/bugtraq/2016/May/9 http://www.securitytracker.com/id/1035714 • CWE-254: 7PK - Security Features •

CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0

CVE-2016-0893

https://notcve.org/view.php?id=CVE-2016-0893

EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote authenticated users to obtain sensitive information by reading error messages. EMC RSA Data Loss Prevention 9.6 en versiones anteriores a SP2 P5 permite a usuarios autenticados remotos obtener información sensible leyendo mensajes de error. • http://packetstormsecurity.com/files/136888/RSA-Data-Loss-Prevention-XSS-Information-Disclosure.html http://seclists.org/bugtraq/2016/May/9 http://www.securitytracker.com/id/1035714 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0

CVE-2016-0892

https://notcve.org/view.php?id=CVE-2016-0892

Cross-site scripting (XSS) vulnerability in EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en EMC RSA Data Loss Prevention 9.6 en versiones anteriores a SP2 P5 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://packetstormsecurity.com/files/136888/RSA-Data-Loss-Prevention-XSS-Information-Disclosure.html http://seclists.org/bugtraq/2016/May/9 http://www.securitytracker.com/id/1035714 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 3

CVE-2016-0891 – EMC ViPR SRM - Cross-Site Request Forgery

https://notcve.org/view.php?id=CVE-2016-0891

Multiple cross-site request forgery (CSRF) vulnerabilities in administrative pages in EMC ViPR SRM before 3.7 allow remote attackers to hijack the authentication of administrators. Múltiples vulnerabilidades de CSRF en páginas administrativas en EMC ViPR SRM en versiones anteriores a 3.7 permiten a atacantes remotos secuestrar la autenticación de administradores. EMC ViPR SRM versions prior to 3.7 suffer from a cross site request forgery vulnerability. • https://www.exploit-db.com/exploits/39738 http://packetstormsecurity.com/files/136837/EMC-ViPR-SRM-Cross-Site-Request-Forgery.html http://seclists.org/bugtraq/2016/Apr/106 http://seclists.org/fulldisclosure/2016/Apr/89 http://www.securityfocus.com/archive/1/538207/100/0/threaded https://www.securify.nl/advisory/SFY20141109/emc_m_r__watch4net__lacks_c%20ross_site_request_forgery_protection.html • CWE-352: Cross-Site Request Forgery (CSRF) •