CVSS: 4.9EPSS: 1%CPEs: 1EXPL: 1CVE-2016-4004 – Dell OpenManage Server Administrator 8.2 - (Authenticated) Directory Traversal
https://notcve.org/view.php?id=CVE-2016-4004
Directory traversal vulnerability in Dell OpenManage Server Administrator (OMSA) 8.2 allows remote authenticated administrators to read arbitrary files via a ..\ (dot dot backslash) in the file parameter to ViewFile. Vulnerabilidad de salto de directorio en Dell OpenManage Server Administrator (OMSA) 8.2 permite a administradores remotos autenticados leer archivos arbitrarios a través de un ..\ (punto punto barra invertida) en el parámetro file en ViewFile. OpenManage Server Administrator version 8.4 suffers from a directory traversal vulnerability. • https://www.exploit-db.com/exploits/39486 http://www.securitytracker.com/id/1035564 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.8EPSS: 0%CPEs: 5EXPL: 0CVE-2013-0740
https://notcve.org/view.php?id=CVE-2013-0740
Open redirect vulnerability in Dell OpenManage Server Administrator (OMSA) before 7.3.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the file parameter to HelpViewer. Vulnerabilidad de redirección abierta en Dell OpenManage Server Administrator (OMSA) anterior a 7.3.0 permite a atacantes remotos redirigir usuarios hacia sitios web arbitrarios y realizar ataques de phishing a través de una URL en el parámetro file hacia HelpViewer. • http://osvdb.org/95545 http://secunia.com/advisories/52742 http://www.securityfocus.com/bid/61383 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 1CVE-2012-6272 – Dell OpenManage Server Administrator - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-6272
Multiple cross-site scripting (XSS) vulnerabilities in Dell OpenManage Server Administrator 6.5.0.1, 7.0.0.1, and 7.1.0.1 allow remote attackers to inject arbitrary web script or HTML via the topic parameter to html/index_main.htm in (1) help/sm/en/Output/wwhelp/wwhimpl/js/, (2) help/sm/es/Output/wwhelp/wwhimpl/js/, (3) help/sm/ja/Output/wwhelp/wwhimpl/js/, (4) help/sm/de/Output/wwhelp/wwhimpl/js/, (5) help/sm/fr/Output/wwhelp/wwhimpl/js/, (6) help/sm/zh/Output/wwhelp/wwhimpl/js/, (7) help/hip/en/msgguide/wwhelp/wwhimpl/js/, or (8) help/hip/en/msgguide/wwhelp/wwhimpl/common/. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Dell OpenManage Server Administrator v6.5.0.1, v7.0.0.1, y v7.1.0.1, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro topic en html/index_main.htm in (1) help/sm/en/Output/wwhelp/wwhimpl/js/, (2) help/sm/es/Output/wwhelp/wwhimpl/js/, (3) help/sm/ja/Output/wwhelp/wwhimpl/js/, (4) help/sm/de/Output/wwhelp/wwhimpl/js/, (5) help/sm/fr/Output/wwhelp/wwhimpl/js/, (6) help/sm/zh/Output/wwhelp/wwhimpl/js/, (7) help/hip/en/msgguide/wwhelp/wwhimpl/js/, o (8)help/hip/en/msgguide/wwhelp/wwhimpl/common/. • https://www.exploit-db.com/exploits/38179 http://www.kb.cert.org/vuls/id/950172 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 18EXPL: 0CVE-2012-4955
https://notcve.org/view.php?id=CVE-2012-4955
Cross-site scripting (XSS) vulnerability in Dell OpenManage Server Administrator (OMSA) before 6.5.0.1, 7.0 before 7.0.0.1, and 7.1 before 7.1.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en Dell OpenManage Server Administrator (OMSA) antes de v6.5.0.1, v7.0 antes de v7.0.0.1 y v7.1 antes de v7.1.0.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://osvdb.org/87405 http://secunia.com/advisories/51297 http://www.dell.com/support/drivers/us/en/19/DriverDetails/Product/poweredge-r710?driverId=5JDN0&osCode=WNET&fileId=3082293694 http://www.dell.com/support/drivers/us/en/19/DriverDetails/Product/poweredge-r710?driverId=JJMWP&osCode=WNET&fileId=3082295338 http://www.dell.com/support/drivers/us/en/19/DriverDetails/Product/poweredge-r710?driverId=PCXMR&osCode=WNET&fileId=3082295344 http://www.kb.cert.org/vuls/id/558132 http://www.securit • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •