CVSS: 3.5EPSS: 0%CPEs: 9EXPL: 0CVE-2013-0944
https://notcve.org/view.php?id=CVE-2013-0944
The web-based file-restore interface in EMC Avamar Server before 6.1.0 allows remote authenticated users to read arbitrary files via a crafted URL. El interfaz basada en web file-restore en EMC Avamar Server anterior a v6.1.0 permite a usuarios remotos autenticados leer archivos arbitrarios a través de una URL especialmente diseñada. • http://archives.neohapsis.com/archives/bugtraq/2013-05/0012.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0CVE-2013-2717
https://notcve.org/view.php?id=CVE-2013-2717
Multiple unspecified vulnerabilities in the System Management (aka SysAdmin) Console in EMC Smarts Network Configuration Manager (NCM) through 9.2 have unknown impact and attack vectors, a different issue than CVE-2013-0935. NOTE: this might overlap CVEs for open-source server components or other third-party components. Múltiples vulnerabilidades sin especificar en el System Management (también conocido como SysAdmin) Console en EMC Smarts Network Configuration Manager (NCM) hasta v9.2 tienen un impacto desconocido y vectores de ataque, una cuestión diferente a CVE-2013-0935. NOTA: esto puede superponerse CVEs para los componentes del servidor de código abierto o de otros componentes de terceros. • http://archives.neohapsis.com/archives/bugtraq/2013-03/0135.html •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2013-0936
https://notcve.org/view.php?id=CVE-2013-0936
Cross-site scripting (XSS) vulnerability in EMC Smarts IP Manager, Smarts Service Assurance Manager, Smarts Server Manager, Smarts VoIP Availability Manager, Smarts Network Protocol Manager, and Smarts MPLS Manager before 9.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en EMC Smarts IP Manager, Smarts Service Assurance Manager, Smarts Server Manager ,Smarts VoIP Availability Manager, Smarts Network Protocol Manager, y Smarts MPLS Manager antes de v9.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través una URL diseñada • http://archives.neohapsis.com/archives/bugtraq/2013-03/0152.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2013-0935
https://notcve.org/view.php?id=CVE-2013-0935
EMC Smarts Network Configuration Manager (NCM) before 9.2 does not require authentication for all Java RMI method calls, which allows remote attackers to execute arbitrary code via unspecified vectors. EMC Smarts Network Configuration Manager (NCM) anterior v9.2 no requiere autenticación para todo los métodos de llamada Java RMI, que permite ataques remotos ejecutando código arbitrario a través de vectores sin especificar. • http://archives.neohapsis.com/archives/bugtraq/2013-03/0135.html • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2012-2292
https://notcve.org/view.php?id=CVE-2012-2292
The Silverlight cross-domain policy in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 does not restrict access to the Archer application, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors. La política Silverlight cross-domain en EMC RSA Archer SmartSuite Framework v4.x y vRSA Archer GRC v5.x anterior a v5.2SP1 no restringe el acceso a la aplicación Archer, lo que permite a atacantes remotos eludir el Same Origin Policy mediante vectores desconocidos. • http://archives.neohapsis.com/archives/bugtraq/2013-02/0001.html • CWE-264: Permissions, Privileges, and Access Controls •