CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2012-2293
https://notcve.org/view.php?id=CVE-2012-2293
Directory traversal vulnerability in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allows remote authenticated users to upload files, and consequently execute arbitrary code, via a relative path. Vulnerabilidad de salto de directorio en EMC RSA Archer SmartSuite Framework v4.x y RSA Archer GRC v5.x antes de v5.2SP1 permite a usuarios remotos autenticados subir archivos, y por lo tanto ejecutar código arbitrario a través de una ruta relativa. • http://archives.neohapsis.com/archives/bugtraq/2013-02/0001.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2012-1064
https://notcve.org/view.php?id=CVE-2012-1064
Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiple vulnerabilidad de ejecución de secuencias de comandos en el sitio remoto (XSS) en EMC RSA Archer SmartSuite Framework v4.x y RSA Archer GRC v5.x antes de 5.2SP1 permitir a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://archives.neohapsis.com/archives/bugtraq/2013-02/0001.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0CVE-2012-2294
https://notcve.org/view.php?id=CVE-2012-2294
EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allow remote attackers to conduct clickjacking attacks via a crafted web page. EMC RSA Archer SmartSuite Framework 4.x y RSA Archer GRC v5.x anterior a v5.2SP1 permite a atacantes remotos llevar a cabo ataques de clickjacking mediante una página web maliciosa. • http://archives.neohapsis.com/archives/bugtraq/2013-02/0001.html • CWE-20: Improper Input Validation •
CVSS: 7.6EPSS: 92%CPEs: 1EXPL: 0CVE-2013-0930 – EMC AlphaStor Device Manager 0x41 Command Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-0930
Buffer overflow in Drive Control Program (DCP) in EMC AlphaStor 4.0 before build 814 allows remote attackers to execute arbitrary code via vectors involving a new device name. Desbodamiento de búfer del Drive Control Program (DCP) en EMC AlphaStor v4.0 antes de v814 que permite a atacantes remotos ejecutar código arbitrario a través de vectores relacionados con un nuevo nombre de dispositivo. This vulnerability potentially allows remote attackers to execute arbitrary code on vulnerable installations of EMC AlphaStor for EMC Networker. Authentication is not required to exploit this vulnerability. The specific flaw exists within Device Manager (rrobotd.exe) which listens by default on port 3000. When parsing the 0x41 command, the process creates a file path using user-supplied data which can exceed the size of the stack buffer used, allowing an attacker partial control over memory. • http://archives.neohapsis.com/archives/bugtraq/2013-01/0115.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.2EPSS: 0%CPEs: 14EXPL: 0CVE-2012-2291
https://notcve.org/view.php?id=CVE-2012-2291
EMC Avamar Client 4.x, 5.x, and 6.x on HP-UX and Mac OS X, and the EMC Avamar plugin 4.x, 5.x, and 6.x for Oracle, uses world-writable permissions for cache directories, which allows local users to gain privileges via an unspecified symlink attack. EMC Avamar Client v4.x, v5.x y 6.x en HP-UX y Mac OS X, y el complemento EMC Avamar v4.x, v5.x, y x6.x para Oracle, usa permisos de escritura globales para directorios cache, lo que permite a usuarios locales ibtener privilegios a través de ataque simbólico sin especificar • http://archives.neohapsis.com/archives/bugtraq/2013-01/0086.html • CWE-264: Permissions, Privileges, and Access Controls •