CVSS: 4.3EPSS: 0%CPEs: 12EXPL: 0CVE-2012-2278
https://notcve.org/view.php?id=CVE-2012-2278
Multiple cross-site scripting (XSS) vulnerabilities in the (1) Self-Service Console and (2) Security Console in EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en (1) Self-Service Console y (2) Security Console en EMC RSA Authentication Manager v7.1 anterior a SP4 P14 y RSA SecurID Appliance v3.0 anterior a SP4 P14, permite a atacantes remotos inyectar código arbitrario o HTML mediante vectores deconocidos. • http://archives.neohapsis.com/archives/bugtraq/2012-07/0064.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 12EXPL: 0CVE-2012-2280
https://notcve.org/view.php?id=CVE-2012-2280
EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14 do not properly use frames, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "Cross frame scripting vulnerability." EMC RSA Authentication Manager v7.1 anterior a SP4 y RSA SecurID Appliance v3.0 anterior a SP4 P14 no utiliza correctamente los marco (frames), permitiendo a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados, relacionados con "vulnerabilidad de secuencias de "frames" cruzados" • http://archives.neohapsis.com/archives/bugtraq/2012-07/0064.html •
CVSS: 6.4EPSS: 0%CPEs: 12EXPL: 0CVE-2012-2279
https://notcve.org/view.php?id=CVE-2012-2279
Open redirect vulnerability in the Security Console in EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Vulnerabilidad de redirección abierta ("open redirect") en el Security Console en EMC RSA Authentication Manager v7.1 anterior a SP4 P14 y RSA SecurID Appliance v3.0 anterior a SP4 P14 permite a atacantes remotos redirigir a los usuarios a sitios web arbitrarios y llevar a cabo ataques de phishing a través de vectores no especificados. • http://archives.neohapsis.com/archives/bugtraq/2012-07/0064.html • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 13EXPL: 0CVE-2012-2282
https://notcve.org/view.php?id=CVE-2012-2282
EMC Celerra Network Server 6.x before 6.0.61.0, VNX 7.x before 7.0.53.2, and VNXe 2.0 and 2.1 before 2.1.3.19077 (aka MR1 SP3.2) and 2.2 before 2.2.0.19078 (aka MR2 SP0.2) do not properly implement NFS access control, which allows remote authenticated users to read or modify files via a (1) NFSv2, (2) NFSv3, or (3) NFSv4 request. EMC Celerra Network Server v6.x anterior a v6.0.61.0, VNX 7.x anterior a v7.0.53.2, y VNXe v2.0 y v2.1 anterior a v2.1.3.19077 (también conocido como MR1 SP3.2) y v2.2 anterior a v2.2.0.19078 (también conocido como MR2 SP0.2) no aplica correctamente el control de acceso NFS, lo que permite a usuarios remotos autenticados leer o modificar archivos a través de un NFSv2 (1), (2) NFSv3, o (3) solicitud de NFSv4. • http://archives.neohapsis.com/archives/bugtraq/2012-07/0063.html http://www.securitytracker.com/id?1027242 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 95%CPEs: 12EXPL: 2CVE-2012-2515
https://notcve.org/view.php?id=CVE-2012-2515
Multiple stack-based buffer overflows in the KeyHelp.KeyCtrl.1 ActiveX control in KeyHelp.ocx 1.2.312 in KeyWorks KeyHelp Module (aka the HTML Help component), as used in EMC Documentum ApplicationXtender Desktop 5.4; EMC Captiva Quickscan Pro 4.6 SP1; GE Intelligent Platforms Proficy Historian 3.1, 3.5, 4.0, and 4.5; GE Intelligent Platforms Proficy HMI/SCADA iFIX 5.0 and 5.1; GE Intelligent Platforms Proficy Pulse 1.0; GE Intelligent Platforms Proficy Batch Execution 5.6; GE Intelligent Platforms SI7 I/O Driver 7.20 through 7.42; and other products, allow remote attackers to execute arbitrary code via a long string in the second argument to the (1) JumpMappedID or (2) JumpURL method. Múltiples desbordamientos de búfer en el control ActiveX KeyHelp.KeyCtrl.1 en KeyHelp.ocx v1.2.312 en KeyWorks KeyHelp Module (también conocido como el componente HTML Help), tal como se utiliza en EMC Documentum ApplicationXtender Desktop v5.4; EMC Captiva Quickscan Pro v4.6 SP1; GE Intelligent Platforms Proficy Historian v3.1, v3.5, v4.0 y v4.5; GE Intelligent Platforms Proficy HMI/SCADA iFIX v5.0 y v5.1; Proficy Pulse v1,0; Proficy Batch Execution v5,6, SI7 ??E/S Driverv 7.20 hasta 7.42, y otros productos, permite a atacantes remotos ejecutar código de su elección a través de una larga cadena en el segundo argumento del método (1) JumpMappedID o (2) JumpURL. • http://retrogod.altervista.org/9sg_emc_keyhelp.html http://secunia.com/advisories/36905 http://secunia.com/advisories/36914 http://support.ge-ip.com/support/resources/sites/GE_FANUC_SUPPORT/content/live/KB/14000/KB14863/en_US/GEIP12-04%20Security%20Advisory%20-%20Proficy%20HTML%20Help.pdf http://www.securityfocus.com/bid/36546 http://www.us-cert.gov/control_systems/pdf/ICSA-12-131-02.pdf http://www.vupen.com/english/advisories/2009/2793 http://www.vupen.com/english/advisories& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •