CVSS: 8.5EPSS: 0%CPEs: 4EXPL: 0CVE-2012-2287
https://notcve.org/view.php?id=CVE-2012-2287
The authentication functionality in EMC RSA Authentication Agent 7.1 and RSA Authentication Client 3.5 on Windows XP and Windows Server 2003, when an unspecified configuration exists, allows remote authenticated users to bypass an intended token-authentication step, and establish a login session to a remote host, by leveraging Windows credentials for that host. La funcionalidad de autenticación en EMC RSA Authentication Client v7.1 y RSA Authentication v3.5 en Windows XP y Windows Server 2003, con una configuración no especificada, permite a usuarios remotos autenticados eludir el token de autenticación, y establecer una sesión de conexión a un host remoto, aprovechándose de las credenciales de Windows para ese host. • http://archives.neohapsis.com/archives/bugtraq/2012-09/0102.html http://www.securityfocus.com/bid/55662 https://exchange.xforce.ibmcloud.com/vulnerabilities/78802 • CWE-287: Improper Authentication •
CVSS: 9.3EPSS: 93%CPEs: 3EXPL: 1CVE-2012-2288 – EMC NetWorker - Format String
https://notcve.org/view.php?id=CVE-2012-2288
Format string vulnerability in the nsrd RPC service in EMC NetWorker 7.6.3 and 7.6.4 before 7.6.4.1, and 8.0 before 8.0.0.1, allows remote attackers to execute arbitrary code via format string specifiers in a message. Vulnerabilidad de formato de cadena en el servicio nsrd RPC en EMC NetWorker v7.6.3 y v7.6.4 anterior a v7.6.4.1, y v8.0 anterior a v8.0.0.1, permite a atacantes remotos ejecutar código arbitrario a través de especificadores de formato de cadena en un mensaje. • https://www.exploit-db.com/exploits/22525 http://archives.neohapsis.com/archives/bugtraq/2012-08/0219.html http://www.securityfocus.com/bid/55330 http://www.securitytracker.com/id?1027459 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 6.8EPSS: 1%CPEs: 2EXPL: 0CVE-2012-2285
https://notcve.org/view.php?id=CVE-2012-2285
EMC Cloud Tiering Appliance (aka CTA, formerly FMA) 9.0 and earlier, and Cloud Tiering Appliance Virtual Edition (CTA/VE) 9.0 and earlier, allows remote attackers to obtain GUI administrative access by sending a crafted file during the authentication phase. EMC Cloud Tiering Appliance (también conocido como CTA, formerly FMA) v9.0 y anteriores, y Cloud Tiering Appliance Virtual Edition (CTA/VE) v9.0 y anteriores, permite a atacantes remotos obtener acceso de administrador GUI enviando un fichero manipulado durante la fase de autenticación. • http://archives.neohapsis.com/archives/bugtraq/2012-08/0184.html http://osvdb.org/85050 http://secunia.com/advisories/50393 http://www.securitytracker.com/id?1027448 https://exchange.xforce.ibmcloud.com/vulnerabilities/78110 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 5%CPEs: 2EXPL: 0CVE-2012-2289 – EMC AppXtender WxSuperCtrl650.ocx ActiveX Control Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-2289
EMC ApplicationXtender Desktop before 6.5 SP2 and ApplicationXtender Web Access .NET before 6.5 SP2 allow remote attackers to upload files to any location, and possibly execute arbitrary code, via unspecified vectors. EMC ApplicationXtender Desktop anterior a v6.5 SP2 y ApplicationXtender Web Access .NET anterior a v6.5 SP2 permite a atacantes remotos subir ficheros a cualquier localización, y posiblemente ejecutar código arbitrario, a través de vectores no especificados. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC ApplicationXtender. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the WxSuperCtrl650.ocx ActiveX control. By manipulating a combination of the DisplayImageFile, AnnoLoad and AnnoSave methods, the vulnerable AnnoSave() method can enable an attacker to save arbitrary files inside arbitrary locations. • http://archives.neohapsis.com/archives/bugtraq/2012-08/0168.html http://www.securitytracker.com/id?1027442 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 0CVE-2012-2283
https://notcve.org/view.php?id=CVE-2012-2283
The Iomega Home Media Network Hard Drive with EMC Lifeline firmware before 2.104, Home Media Network Hard Drive Cloud Edition with EMC Lifeline firmware before 3.2.3.15290, iConnect with EMC Lifeline firmware before 2.5.26.18966, and StorCenter with EMC Lifeline firmware before 2.0.18.23122, 2.1.x before 2.1.42.18967, and 3.x before 3.2.3.15290 allow remote authenticated users to read or modify data on arbitrary remote shares via unspecified vectors. Iomega Home Media Network Hard Drive con (firmware)EMC Lifeline anterior a v2.104, Home Media Network Hard Drive Cloud Edition con el (firmware) EMC Lifeline anterior a v3.2.3.15290, iConnect con (firmware) EMC Lifeline anterior a v2.5.26.18966, y StorCenter con (firmware) EMC Lifeline anterior a v2.0.18.23122, v2.1.x anterior a v2.1.42.18967, y v3.x anterior a v3.2.3.15290 permite a usuarios remotos autenticados leer o modificar datos en un recurso remoto compartido a través de vectores no especificados. • http://archives.neohapsis.com/archives/bugtraq/2012-08/0056.html •