CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2014-2503
https://notcve.org/view.php?id=CVE-2014-2503
The thumbnail proxy server in EMC Documentum Digital Asset Manager (DAM) 6.5 SP3, 6.5 SP4, 6.5 SP5, and 6.5 SP6 before P13 allows remote attackers to conduct Documentum Query Language (DQL) injection attacks and bypass intended restrictions on querying objects via a crafted parameter in a query string. El servidor proxy en miniatura en EMC Documentum Digital Asset Manager (DAM) 6.5 SP3, 6.5 SP4, 6.5 SP5 y 6.5 SP6 anterior a P13 permite a atacantes remotos realizar ataques de inyección Documentum Query Language (DQL) y evadir restricciones en objetos de consulta a través de un parámetro manipulado en una cadena de consulta. • http://archives.neohapsis.com/archives/bugtraq/2014-06/0037.html http://packetstormsecurity.com/files/126947/EMC-Documentum-Digital-Asset-Manager-Blind-DQL-Injection.html http://www.securityfocus.com/bid/67868 http://www.securitytracker.com/id/1030348 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2014-2502
https://notcve.org/view.php?id=CVE-2014-2502
Cross-site scripting (XSS) vulnerability in rsa_fso.swf in EMC RSA Adaptive Authentication (Hosted) 11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en rsa_fso.swf en EMC RSA Adaptive Authentication (Hosted) 11.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://archives.neohapsis.com/archives/bugtraq/2014-06/0012.html http://packetstormsecurity.com/files/126897/RSA-Adaptive-Authentication-Cross-Site-Scripting.html http://www.securityfocus.com/bid/67792 http://www.securitytracker.com/id/1030323 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2014-0639
https://notcve.org/view.php?id=CVE-2014-0639
Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer 5.x before GRC 5.4 SP1 P3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de XSS en EMC RSA Archer 5.x anterior a GRC 5.4 SP1 P3 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://archives.neohapsis.com/archives/bugtraq/2014-05/0134.html http://packetstormsecurity.com/files/126788/RSA-Archer-GRC-Cross-Site-Scripting.html http://www.securityfocus.com/bid/67602 http://www.securitytracker.com/id/1030281 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 5EXPL: 0CVE-2014-2504
https://notcve.org/view.php?id=CVE-2014-2504
EMC Documentum D2 3.1 before P20, 3.1 SP1 before P02, 4.0 before P10, 4.1 before P13, and 4.2 before P01 allows remote authenticated users to bypass intended access restrictions and execute arbitrary Documentum Query Language (DQL) queries by calling (1) a core method or (2) a D2FS web-service method. EMC Documentum D2 3.1 anterior a P20, 3.1 SP1 anterior a P02, 4.0 anterior a P10, 4.1 anterior a P13 y 4.2 anterior a P01 permite a usuarios remotos autenticados evadir restricciones de acceso y ejecutar consultas de Documentum Query Language (DQL) arbitrarias mediante la llamada de (1) un método de núcleo o (2) un método de servicio web D2FS. • http://archives.neohapsis.com/archives/bugtraq/current/0130.html http://secunia.com/advisories/58938 http://www.securitytracker.com/id/1030282 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.6EPSS: 0%CPEs: 3EXPL: 0CVE-2014-0643
https://notcve.org/view.php?id=CVE-2014-0643
EMC RSA NetWitness before 9.8.5.19 and RSA Security Analytics before 10.2.4 and 10.3.x before 10.3.2, when Kerberos PAM is enabled, do not require a password, which allows remote attackers to bypass authentication by leveraging knowledge of a valid account name. EMC RSA NetWitness anterior a 9.8.5.19 y RSA Security Analytics anterior a 10.2.4 y 10.3.x anterior a 10.3.2, cuando Kerberos PAM está habilitado, no requieren una contraseña, lo que permiten a atacantes remotos evadir autenticación mediante el aprovechamiento de conocimiento de un nombre de cuenta válido. • http://archives.neohapsis.com/archives/bugtraq/2014-05/0052.html • CWE-287: Improper Authentication •