CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2013-0942
https://notcve.org/view.php?id=CVE-2013-0942
Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad XSS en EMC RSA Authentication Agent 7.1 anterior a 7.1.1 en IIS, y 7.1 anterior a 7.1.1 para Apache, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://archives.neohapsis.com/archives/bugtraq/2013-05/0043.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 94%CPEs: 1EXPL: 1CVE-2013-0946 – EMC AlphaStor Library Manager 0x4f Command Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-0946
Buffer overflow in the Library Control Program (LCP) in EMC AlphaStor 4.0 before build 910 allows remote attackers to execute arbitrary code via crafted commands. Desbordamiento de búfer en el Library Control Program (LCP) en EMC AlphaStor v4.0 anterior al build 910 permite a atacantes remotos ejecutar código arbitrario mediante comandos especialmente diseñados. This vulnerability potentially allows remote attackers to execute arbitrary code on vulnerable installations of EMC AlphaStor for EMC Networker. Authentication is not required to exploit this vulnerability. The specific flaw exists within Library Manager (robotd.exe) which listens by default on port 3500. When parsing the 0x4f command, the process copies an arbitrary user supplied string into fixed sized buffers. • https://www.exploit-db.com/exploits/42719 http://archives.neohapsis.com/archives/bugtraq/2013-05/0035.html http://www.securityfocus.com/bid/59794 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.8EPSS: 0%CPEs: 8EXPL: 0CVE-2013-0939
https://notcve.org/view.php?id=CVE-2013-0939
EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 allow remote attackers to obtain sensitive information via vectors involving cross-origin frame navigation, related to a "Cross Frame Scripting" issue. EMC Documentum Webtop anterior a v6.7 SP2, Documentum WDK anterior a v6.7 SP2, Documentum Taskspace anterior a v6.7 SP2, y Documentum Records Manager anterior a v6.7 SP2 permite a atacantes remotos obtener información sensible a traves de vectores que comprenden frames "cross-origin", relacionado con un problema "Cross Frame Scripting". • http://archives.neohapsis.com/archives/bugtraq/2013-05/0037.html • CWE-20: Improper Input Validation •
CVSS: 5.8EPSS: 0%CPEs: 8EXPL: 0CVE-2013-0937
https://notcve.org/view.php?id=CVE-2013-0937
Session fixation vulnerability in EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 allows remote attackers to hijack web sessions via unspecified vectors. Vulnerabilidad de fijación de sesión en EMC Documentum Webtop anterior a v6.7 SP2, Documentum WDK anterior a v6.7 SP2, Documentum Taskspace anterior a v6.7 SP2, y Documentum Records Manager anterior a v6.7 SP2 permite a atacantes remotos secuestrar sesiones web a través de vectores no especificados. • http://archives.neohapsis.com/archives/bugtraq/2013-05/0037.html • CWE-287: Improper Authentication •
CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0CVE-2013-0938
https://notcve.org/view.php?id=CVE-2013-0938
Cross-site scripting (XSS) vulnerability in EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en EMC Documentum Webtop anterior a v6.7 SP2, Documentum WDK anterior a v6.7 SP2, Documentum Taskspace anterior a v6.7 SP2, y Documentum Records Manager anterior a v6.7 SP2, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores desconocidos. • http://archives.neohapsis.com/archives/bugtraq/2013-05/0037.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •