CVE-2013-6181
https://notcve.org/view.php?id=CVE-2013-6181
EMC Watch4Net before 6.3 stores cleartext polled-device passwords in the installation repository, which allows local users to obtain sensitive information by leveraging repository privileges. EMC Watch4Net antes de 6.3 almacena en texto plano las contraseñas del dispositivo encuestados en el repositorio de la instalación, lo que permite a usuarios locales obtener información sensible mediante el aprovechamiento de los privilegios del repositorio. • http://archives.neohapsis.com/archives/bugtraq/2013-12/0140.html http://packetstormsecurity.com/files/124585/EMC-Watch4net-Information-Disclosure.html http://www.securityfocus.com/bid/64517 http://www.securitytracker.com/id/1029535 • CWE-310: Cryptographic Issues •
CVE-2013-6178
https://notcve.org/view.php?id=CVE-2013-6178
Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer GRC 5.x before 5.4 SP1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades cross-site scripting (XSS) en EMC RSAArcher GRC 5.x anteriores a 5.4 SP1 permite a atacantes remotos inyectar script web o HTML de forma arbitraria a través de vectores no especificados. • http://archives.neohapsis.com/archives/bugtraq/2013-12/0120.html http://www.securitytracker.com/id/1029523 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2013-6810 – EMC Connectrix Manager Converged Network Edition inmservlets.war SoftwareFileUploadMoreInfoServlet Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-6810
The server in Brocade Network Advisor before 12.1.0, as used in EMC Connectrix Manager Converged Network Edition (CMCNE), HP B-series SAN Network Advisor, and possibly other products, allows remote attackers to execute arbitrary code by using a servlet to upload an executable file. El servidor en EMC Connectrix Manager Converged Network Edition (CMCNE) 11.2.1, 12.0.1, y 12.0.3 permite a atacantes remotos ejecutar código arbitrario mediante el uso de un servlet para subir un archivo ejecutable. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Connectrix Manager Converged Network Edition. Authentication is not required to exploit this vulnerability. The specific flaw exists within the 'SoftwareFileUploadMoreInfoServlet', which allows an unauthenticated user to copy any file to an arbitrary location on the server. When combined with information disclosure vulnerabilities, an attacker can leverage this directory traversal vulnerability into arbitrary code execution on the compromised server in the security context of the Administrator account. • https://www.exploit-db.com/exploits/42702 https://www.exploit-db.com/exploits/42701 http://archives.neohapsis.com/archives/bugtraq/2013-12/0053.html http://marc.info/?l=bugtraq&m=138723620521347&w=2 http://secunia.com/advisories/56143 http://www.attrition.org/pipermail/vim/2014-January/002755.html http://www.securitytracker.com/id/1029485 http://www.zerodayinitiative.com/advisories/ZDI-13-283 https://exchange.xforce.ibmcloud.com/vulnerabilities/90728 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2013-6180
https://notcve.org/view.php?id=CVE-2013-6180
EMC RSA Security Analytics (SA) 10.x before 10.3, and RSA NetWitness NextGen 9.8, does not ensure that SA Core requests originate from the SA REST UI, which allows remote attackers to bypass intended access restrictions by sending a Core request from a web browser or other unintended user agent. EMC RSA Security Analytics (SA) 10.x anterior a 10.3, y RSA NetWitness NextGen 9.8, no asegura que las peticiones al SA Core se originen en el SA REST UI, lo que permite a atacantes remotos evitar las restricciones de acceso al enviar una solicitud Core desde una web navegador u otro agente de usuario no deseado. • http://archives.neohapsis.com/archives/bugtraq/2013-12/0034.html http://www.securitytracker.com/id/1029446 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2013-3288
https://notcve.org/view.php?id=CVE-2013-3288
Cross-site scripting (XSS) vulnerability on the EMC RSA Data Protection Manager (DPM) appliance 3.2.x before 3.2.4.2 and 3.5.x before 3.5.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de cross-site scripting (XSS) en el software Data Protection Manager (DPM) de EMC RSA, versiones 3.2.x anteriores a 3.2.4.2 y 3.5.x anteriores a 3.5.1 permite a atacantes remotos inyectar scripts web o HTML arbitrarios a través de una URL manipulada. • http://archives.neohapsis.com/archives/bugtraq/2013-11/0120.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •