CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-0542
https://notcve.org/view.php?id=CVE-2015-0542
Multiple cross-site request forgery (CSRF) vulnerabilities in EMC RSA Archer GRC 5.5 SP1 before P3 allow remote attackers to hijack the authentication of arbitrary users. Vulnerabilidades de CSRF múltiples en EMC RSA Archer GRC 5.5 SP1 en versiones anteriores a P3, permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios. • http://seclists.org/bugtraq/2015/Aug/85 http://www.securityfocus.com/bid/76404 http://www.securitytracker.com/id/1033300 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2015-4527
https://notcve.org/view.php?id=CVE-2015-4527
Directory traversal vulnerability in EMC Avamar Server 7.x before 7.1.2 and Avamar Virtual Addition (AVE) 7.x before 7.1.2 allows remote attackers to read arbitrary files by using the Avamar Desktop/Laptop client interface to send crafted parameters. Vulnerabilidad de salto de directorio en EMC Avamar Server 7.x anterior a 7.1.2 y Avamar Virtual Addition (AVE) 7.x anterior a 7.1.2, permite a atacantes remotos leer archivos arbitrarios por medio de la interfaz de cliente Avamar Desktop/Laptop para enviar parámetros manipulados. • http://seclists.org/bugtraq/2015/Jul/110 http://www.securitytracker.com/id/1033026 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 3.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-4528
https://notcve.org/view.php?id=CVE-2015-4528
Cross-site scripting (XSS) vulnerability in EMC Documentum CenterStage 1.2SP1 and 1.2SP2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad XSS en EMC Documentum CenterStage 1.2SP1 y 1.2SP2 permite a usuarios remotos autenticados inyectar comandos web arbitrarios o HTML a través de vectores no especificados. • http://seclists.org/bugtraq/2015/Jul/80 http://www.securityfocus.com/bid/75929 http://www.securitytracker.com/id/1032966 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.8EPSS: 0%CPEs: 5EXPL: 0CVE-2015-4529
https://notcve.org/view.php?id=CVE-2015-4529
Open redirect vulnerability in EMC Documentum WebTop before 6.8P02, Documentum Administrator before 7.2P01, Documentum Digital Assets Manager through 6.5SP6, Documentum Web Publishers through 6.5SP7, and Documentum Task Space through 6.7SP2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL. Vulnerabilidad de redirección abierta en EMC Documentum WebTop anterior a 6.8P02, Documentum Administrator anterior a 7.2P01, Documentum Digital Assets Manager hasta 6.5SP6, Documentum Web Publishers hasta 6.5SP7 y Documentum Task Space hasta 6.7SP2, permite a atacantes remotos redirigir a usuarios hacia páginas web arbitrarias y llevar a cabo ataques de phishing por medio de una URL manipulada. • http://seclists.org/bugtraq/2015/Jul/81 http://www.securityfocus.com/bid/75930 http://www.securitytracker.com/id/1032965 •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4526
https://notcve.org/view.php?id=CVE-2015-4526
EMC RecoverPoint for Virtual Machines (VMs) 4.2 allows local users to obtain root-shell access by bypassing the Installation Manager Boxmgmt CLI interface. La versión 4.2 de EMC RecoverPoint for Virtual Machines (VMs) permite a usuarios locales obtener acceso Root en la consola sin pasar por la interfaz CLI Boxmgmt Installation Manager. • http://seclists.org/bugtraq/2015/Jul/59 http://www.securitytracker.com/id/1032853 • CWE-284: Improper Access Control •