CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2014-0623
https://notcve.org/view.php?id=CVE-2014-0623
Cross-site scripting (XSS) vulnerability in the Self-Service Console in EMC RSA Authentication Manager 7.1 before SP4 P32 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "cross frame scripting" issue. Vulnerabilidad de XSS en la consola Self-Service en EMC RSA Authentication Manager 7.1 anterior a SP4 P32 permite a atacantes remotos inyectar script Web o HTML arbitrarios a través de vectores no especificados, relacionado con un problema de "cross frame scripting". • http://archives.neohapsis.com/archives/bugtraq/2014-03/0146.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 94%CPEs: 1EXPL: 0CVE-2014-2276 – EMC Connectrix Manager Converged Network Edition inmservlets.war FileUploadController Servlet Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2014-2276
The FileUploadController servlet in EMC Connectrix Manager Converged Network Edition (CMCNE) before 12.1.5 does not properly restrict additions to the Connectrix Manager repository, which allows remote attackers to obtain sensitive information by importing a crafted firmware file. El servlet FileUploadController en EMC Connectrix Manager Converged Network Edition (CMCNE) anterior a 12.1.5 no restringe debidamente adiciones al repositorio Connectrix Manager, lo que permite a atacantes remotos obtener información sensible mediante la importación de un archivo de firmware manipulado. This vulnerability allows remote attackers to read arbitrary files on vulnerable installations of EMC Connectrix Manager Converged Network Edition. Authentication is not required to exploit this vulnerability. The specific flaw exists within the FileUploadController servlet which is part of inmservlets. This vulnerability allows an unauthenticated user to read an arbitrary file on the system. • http://archives.neohapsis.com/archives/bugtraq/2014-03/0115.html http://secunia.com/advisories/57513 http://www.securityfocus.com/bid/66308 http://www.securitytracker.com/id/1029939 https://exchange.xforce.ibmcloud.com/vulnerabilities/91987 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0CVE-2014-0629
https://notcve.org/view.php?id=CVE-2014-0629
EMC Documentum TaskSpace (TSP) 6.7SP1 before P25 and 6.7SP2 before P11 does not properly handle the interaction between the dm_world group and the dm_superusers_dynamic group, which allows remote authenticated users to obtain sensitive information and gain privileges in opportunistic circumstances by leveraging an incorrect group-addition implementation. EMC Documentum TaskSpace (TSP) 6.7SP1 anterior a P25 y 6.7SP2 anterior a P11 no maneja debidamente la interacción entre el grupo dm_world y el grupo dm_superusers_dynamic, lo que permite a usuarios remotos autenticados obtener información sensible y ganar privilegios en circunstancias oportunistas mediante el aprovechamiento de una implementación group-addition incorrecta. • http://seclists.org/bugtraq/2014/Mar/33 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 0CVE-2014-0630
https://notcve.org/view.php?id=CVE-2014-0630
EMC Documentum TaskSpace (TSP) 6.7SP1 before P25 and 6.7SP2 before P11 allows remote authenticated users to read arbitrary files via a modified imaging-service URL. EMC Documentum TaskSpace (TSP) 6.7SP1 anterior a P25 y 6.7SP2 anterior a P11 permite a usuarios remotos autenticados leer archivos arbitrarios a través de una URL modificada de servicio de imágenes. • http://seclists.org/bugtraq/2014/Mar/33 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 2.7EPSS: 0%CPEs: 3EXPL: 0CVE-2014-0624
https://notcve.org/view.php?id=CVE-2014-0624
EMC RSA Data Loss Prevention (DLP) 9.x before 9.6-SP2 does not properly manage sessions, which allows remote authenticated users to gain privileges and bypass intended content-reading restrictions via unspecified vectors. EMC RSA Data Loss Prevention (DLP) 9.x anterior a 9.6-SP2 no maneja debidamente sesiones, lo que permite a usuarios remotos autenticados ganar privilegios y evadir restricciones de lectura de contenido a través de vectores no especificados. • http://seclists.org/bugtraq/2014/Mar/8 •