CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2013-3286
https://notcve.org/view.php?id=CVE-2013-3286
Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum eRoom before 7.4.4 P11 allow remote attackers to inject arbitrary web script or HTML via a crafted URL. Múltiples vulnerabilidades de cross-site scripting (XSS) en EMC Documentum eRoom anterior a 7.4.4 P11 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de una URL manipulada. • http://archives.neohapsis.com/archives/bugtraq/2013-11/0019.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 26EXPL: 0CVE-2013-3281
https://notcve.org/view.php?id=CVE-2013-3281
Cross-site scripting (XSS) vulnerability in EMC Documentum Webtop before 6.7 SP2 P07, Documentum WDK before 6.7 SP2 P07, Documentum Taskspace before 6.7 SP2 P07, Documentum Records Manager before 6.7 SP2 P07, Documentum Web Publisher before 6.5 SP7, Documentum Digital Asset Manager before 6.5 SP6, Documentum Administrator before 6.7 SP2 P07, and Documentum Capital Projects before 1.8 P01 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter in a URL. Vulnerabilidad Cross-site scripting (XSS) en EMC Documentum Webtop 6.7 SP2 anterior a P07, Documentum WDK 6.7 SP2 anterior a P07, Documentum TaskSpace anterior a 6.7 SP2 P07, Documentum Records Manager 6.7 SP2 anterior a P07, Documentum Web Publisher anterior a 6.5 SP7, Documentum Digital Asset Manager anterior a 6.5 SP6, Documentum Administrador anterior a 6.7 SP2 P07 y Documentum Capitales Proyects anterior a 1.8 P01 que permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un parámetro diseñado en una URL. • http://archives.neohapsis.com/archives/bugtraq/2013-11/0018.html http://www.kb.cert.org/vuls/id/466876 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.5EPSS: 0%CPEs: 14EXPL: 0CVE-2013-3285
https://notcve.org/view.php?id=CVE-2013-3285
The NetWorker Management Console (NMC) in EMC NetWorker 8.0.x before 8.0.2.3, when using Active Directory/LDAP for authentication, allows remote authenticated users to discover cleartext administrator passwords via (1) unspecified NMC audit reports or (2) requests to RAP resources. La NetWorker Management Console (NMC) de EMC NetWorker 8.0.x anterior a 8.0.2.3, cuando se utiliza Active Directory/LDAP para la autenticación, permite a los usuarios remotos autenticados descubrir las contraseñas de administrador en texto plano a través de (1) los informes de auditoría NMC sin especificar o (2) las solicitudes de recursos RAP. • http://archives.neohapsis.com/archives/bugtraq/2013-10/0150.html http://osvdb.org/99067 http://www.securityfocus.com/bid/63402 http://www.securitytracker.com/id/1029265 • CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2013-3280
https://notcve.org/view.php?id=CVE-2013-3280
EMC RSA Authentication Agent 7.1.x before 7.1.2 for Web for Internet Information Services has a fail-open design, which allows remote attackers to bypass intended access restrictions via vectors that trigger an agent crash. EMC RSA Authentication Agent 7.1.x anteriores a 7.1.2 para Web para Internet Information Services tienes un diseño abierto a fallos, lo que permite a atacantes remotos sortear las restricciones de acceso a traves de vectores que producen un crash del agente. • http://archives.neohapsis.com/archives/bugtraq/2013-10/0115.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2013-3279
https://notcve.org/view.php?id=CVE-2013-3279
EMC Atmos before 2.1.4 has a blank password for the PostgreSQL account, which allows remote attackers to obtain sensitive administrative information via a database-server connection. EMC Atmos anterior a 2.1.4 tiene una contraseña en blanco para la cuenta de PostgreSQL, lo que permite a atacantes remotos obtener información administrativa sensible a través de una conexión al servidor de base de datos. • http://archives.neohapsis.com/archives/bugtraq/2013-10/0019.html • CWE-255: Credentials Management Errors •