CVSS: 6.1EPSS: 0%CPEs: 10EXPL: 0CVE-2017-8024 – EMC Isilon OneFS Cross Site Scripting
https://notcve.org/view.php?id=CVE-2017-8024
16 Oct 2017 — EMC Isilon OneFS (versions prior to 8.1.0.1, versions prior to 8.0.1.2, versions prior to 8.0.0.6, version 7.2.1.x) is impacted by a reflected cross-site scripting vulnerability that may potentially be exploited by malicious users to compromise the affected system. EMC Isilon OneFS (versiones anteriores a la 8.1.0.1, 8.0.1.2 y 8.0.0.6 y en versiones 7.2.1.x) se ha visto afectado por una vulnerabilidad de Cross-Site Scripting reflejado que podría ser explotada por usuarios maliciosos para comprometer el sist... • http://seclists.org/fulldisclosure/2017/Oct/34 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2017-8016
https://notcve.org/view.php?id=CVE-2017-8016
11 Oct 2017 — RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-site scripting via the Questionnaire ID field. An authenticated attacker may potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application. La plataforma RSA Archer GRC en versiones anteriores a la 6.2.0.5 se ve afectada por Cross-Site Scripting (XSS) persistente mediante el campo Questionnaire ID. Un atacante autenticado podría explotarlo para ejecutar código HTML ar... • http://seclists.org/fulldisclosure/2017/Oct/12 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2017-8017 – EMC Network Configuration Manager 9.x Cross Site Scripting
https://notcve.org/view.php?id=CVE-2017-8017
06 Oct 2017 — EMC Network Configuration Manager (NCM) 9.3.x, 9.4.0.x, 9.4.1.x, and 9.4.2.x is affected by a reflected cross-site scripting Vulnerability that could potentially be exploited by malicious users to compromise the affected system. EMC Network Configuration Manager (NCM) 9.3.x, 9.4.0.x, 9.4.1.x y 9.4.2.x se ve afectado por una vulnerabilidad de Cross-Site Scripting (XSS) reflejado que podría ser explotada por usuarios maliciosos para comprometer el sistema afectado. EMC Network Configuration Manager (NCM) is a... • http://seclists.org/fulldisclosure/2017/Oct/11 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2017-8025 – RSA Archer GRC 6.2.0.5 XSS / File Upload / Privilege Escalation
https://notcve.org/view.php?id=CVE-2017-8025
06 Oct 2017 — RSA Archer GRC Platform prior to 6.2.0.5 is affected by an arbitrary file upload vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to upload malicious files via attachments to arbitrary paths on the web server. La plataforma RSA Archer GRC en versiones anteriores a la 6.2.0.5 se ve afectada por una vulnerabilidad de subida de archivos arbitrarios. Un atacante remoto no autenticado podría explotar esta vulnerabilidad para subir archivos maliciosos mediante archivos a... • http://seclists.org/fulldisclosure/2017/Oct/12 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2017-8018 – EMC AppSync Host Plug-In 3.5 Denial of Service
https://notcve.org/view.php?id=CVE-2017-8018
28 Sep 2017 — EMC AppSync host plug-in versions 3.5 and below (Windows platform only) includes a denial of service (DoS) vulnerability that could potentially be exploited by malicious users to compromise the affected system. El plugin host EMC AppSync en versiones 3.5 y anteriores (sólo en la plataforma Windows) incluye una vulnerabilidad de denegación de servicio (DoS) que podría se explotada por usuarios maliciosos para comprometer el sistema afectado. EMC AppSync host plug-in on Windows platform includes a denial of s... • http://seclists.org/fulldisclosure/2017/Sep/75 • CWE-20: Improper Input Validation •
CVSS: 9.0EPSS: 33%CPEs: 1EXPL: 0CVE-2017-10955 – EMC Data Protection Advisor ScheduledReportResource Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-10955
28 Sep 2017 — This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Data Protection Advisor 6.3.0. Authentication is required to exploit this vulnerability. The specific flaw exists within the EMC DPA Application service, which listens on TCP port 9002 by default. When parsing the preScript parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute arbitrary code... • http://www.securityfocus.com/bid/101008 • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 0CVE-2017-8013 – EMC Data Protection Advisor Application Service Static Credentials Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2017-8013
15 Sep 2017 — EMC Data Protection Advisor 6.3.x before patch 67 and 6.4.x before patch 130 contains undocumented accounts with hard-coded passwords and various privileges. Affected accounts are: "Apollo System Test", "emc.dpa.agent.logon" and "emc.dpa.metrics.logon". An attacker with knowledge of the password could potentially use these accounts via REST APIs to gain unauthorized access to EMC Data Protection Advisor (including potentially access with administrative privileges). Las versiones 6.3.x anteriores al patch 67... • http://seclists.org/fulldisclosure/2017/Sep/36 • CWE-798: Use of Hard-coded Credentials •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-8015 – EMC AppSync Apollo REST Services SQL Injection Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2017-8015
08 Sep 2017 — EMC AppSync (all versions prior to 3.5) contains a SQL injection vulnerability that could potentially be exploited by malicious users to compromise the affected system. EMC AppSync (en todas las versiones anteriores a la 3.5) contiene una vulnerabilidad de inyección SQL que podría ser explotada por usuarios maliciosos con el fin de comprometer el sistema afectado. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of EMC Appsync. Although authentication ... • http://seclists.org/fulldisclosure/2017/Sep/14 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-3757
https://notcve.org/view.php?id=CVE-2017-3757
28 Aug 2017 — An unquoted service path vulnerability was identified in the driver for the ElanTech Touchpad, various versions, used on some Lenovo brand notebooks (not ThinkPads). This could allow an attacker with local privileges to execute code with administrative privileges. Se ha identificado una vulnerabilidad de ruta de búsqueda sin entrecomillar en el controlador para ElanTech Touchpad en varias versiones que se emplea en varios notebooks de la marca Lenovo (excepto ThinkPads). Esto podría permitir que un atacante... • https://support.lenovo.com/us/en/product_security/LEN-14390 • CWE-428: Unquoted Search Path or Element •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-8000 – RSA Authentication Manager 8.2 SP1 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2017-8000
13 Jul 2017 — In EMC RSA Authentication Manager 8.2 SP1 and earlier, a malicious RSA Security Console Administrator could craft a token profile and store the profile name in the RSA Authentication Manager database. The profile name could include a crafted script (with an XSS payload) that could be executed when viewing or editing the assigned token profile in the token by another administrator's browser session. En RSA Authentication Manager versión 8.2 SP1 y anteriores de EMC, un Administrador de la Consola de Seguridad... • http://seclists.org/fulldisclosure/2017/Jul/25 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •