CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-0526
https://notcve.org/view.php?id=CVE-2015-0526
Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Validation Manager (RVM) 3.2 before build 201 allow remote attackers to inject arbitrary web script or HTML via the (1) displayMode or (2) wrapPreDisplayMode parameter. Múltiples vulnerabilidades de XSS en EMC RSA Validation Manager (RVM) 3.2 anterior a build 201 permiten a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través del parámetro (1) displayMode o (2) wrapPreDisplayMode. • http://seclists.org/bugtraq/2015/Jun/88 http://www.securitytracker.com/id/1032590 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-0546
https://notcve.org/view.php?id=CVE-2015-0546
EMC Unified Infrastructure Manager/Provisioning (UIM/P) 4.1 allows remote attackers to bypass LDAP authentication by providing a valid account name. EMC Unified Infrastructure Manager/Provisioning (UIM/P) 4.1 permite a atacantes remotos evadir la autenticación LDAP mediante la provisión de un nombre de cuenta válido. • http://seclists.org/bugtraq/2015/Jun/87 http://www.securitytracker.com/id/1032589 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2015-0540
https://notcve.org/view.php?id=CVE-2015-0540
SQL injection vulnerability in the xAdmin interface in EMC Document Sciences xPression 4.2 before P44 and 4.5 SP1 before P03 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en la interfaz xAdmin en EMC Document Sciences xPression 4.2 anterior a P44 y 4.5 SP1 anterior a P03 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través de vectores no especificados. • http://seclists.org/bugtraq/2015/May/98 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 93%CPEs: 1EXPL: 0CVE-2015-0538 – EMC AutoStart ftAgent Multiple Opcode SQL Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-0538
ftagent.exe in EMC AutoStart 5.4.x and 5.5.x before 5.5.0.508 HF4 allows remote attackers to execute arbitrary commands via crafted packets. ftagent.exe en EMC AutoStart 5.4.x y 5.5.x anterior a 5.5.0.508 HF4 permite a atacantes remotos ejecutar comandos arbitrarios a través de paquetes manipulados. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC AutoStart. Authentication is required to exploit this vulnerability, but can be easily bypassed. The specific flaw exists within ftAgent.exe which listens on TCP port 8045, when handling numerous opcodes. The vulnerability is caused by lack of input validation before using a remotely supplied string to construct SQL queries. By sending a crafted request to a vulnerable system, a remote attacker can exploit this vulnerability to execute arbitrary code in the context of SYSTEM. • http://packetstormsecurity.com/files/131749/EMC-AutoStart-5.4.3-5.5.0-Packet-Injection.html http://seclists.org/bugtraq/2015/May/25 http://www.kb.cert.org/vuls/id/581276 http://www.securitytracker.com/id/1032237 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-0531
https://notcve.org/view.php?id=CVE-2015-0531
EMC SourceOne Email Management before 7.2 does not have a lockout mechanism for invalid login attempts, which makes it easier for remote attackers to obtain access via a brute-force attack. EMC SourceOne Email Management anterior a 7.2 no tiene un mecanismo de bloqueo para los intentos inválidos de iniciar sesión, lo que facilita a atacantes remotos obtener el acceso a través de un ataque de fuerza bruta. • http://packetstormsecurity.com/files/131748/EMC-SourceOne-Email-Management-Account-Lockout-Policy.html http://seclists.org/bugtraq/2015/May/22 http://www.securitytracker.com/id/1032238 • CWE-284: Improper Access Control •