CVE-2012-2292
https://notcve.org/view.php?id=CVE-2012-2292
The Silverlight cross-domain policy in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 does not restrict access to the Archer application, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors. La política Silverlight cross-domain en EMC RSA Archer SmartSuite Framework v4.x y vRSA Archer GRC v5.x anterior a v5.2SP1 no restringe el acceso a la aplicación Archer, lo que permite a atacantes remotos eludir el Same Origin Policy mediante vectores desconocidos. • http://archives.neohapsis.com/archives/bugtraq/2013-02/0001.html • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2012-2293
https://notcve.org/view.php?id=CVE-2012-2293
Directory traversal vulnerability in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allows remote authenticated users to upload files, and consequently execute arbitrary code, via a relative path. Vulnerabilidad de salto de directorio en EMC RSA Archer SmartSuite Framework v4.x y RSA Archer GRC v5.x antes de v5.2SP1 permite a usuarios remotos autenticados subir archivos, y por lo tanto ejecutar código arbitrario a través de una ruta relativa. • http://archives.neohapsis.com/archives/bugtraq/2013-02/0001.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2012-1064
https://notcve.org/view.php?id=CVE-2012-1064
Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiple vulnerabilidad de ejecución de secuencias de comandos en el sitio remoto (XSS) en EMC RSA Archer SmartSuite Framework v4.x y RSA Archer GRC v5.x antes de 5.2SP1 permitir a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://archives.neohapsis.com/archives/bugtraq/2013-02/0001.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2012-2294
https://notcve.org/view.php?id=CVE-2012-2294
EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allow remote attackers to conduct clickjacking attacks via a crafted web page. EMC RSA Archer SmartSuite Framework 4.x y RSA Archer GRC v5.x anterior a v5.2SP1 permite a atacantes remotos llevar a cabo ataques de clickjacking mediante una página web maliciosa. • http://archives.neohapsis.com/archives/bugtraq/2013-02/0001.html • CWE-20: Improper Input Validation •