CVSS: 10.0EPSS: 91%CPEs: 7EXPL: 0CVE-2012-0409 – EMC AutoStart ftAgent Opcode 0x2d Subcode 0x1194 Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-0409
Multiple buffer overflows in EMC AutoStart 5.3.x and 5.4.x before 5.4.3 allow remote attackers to cause a denial of service (agent crash) or possibly execute arbitrary code via crafted packets. Múltiples desbordamientos de búfer en EMC AutoStart v5.3.x y v5.4.x antes de v5.4.3, permite a atacantes remotos causar una denegación de servicio (caída del agente) o posiblemente ejecutar código arbitrario a través de paquetes manipulados. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the EMC Autostart ftAgent, which is deployed on machines managed by EMC Autostart by default. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing routines for op-codes used by EMC Autostart ftAgent's proprietary network protocol. This ftAgent.exe service listens on TCP port 8045, and performs arithmetic for memory size calculation using values read from the network without validation. • http://www.securityfocus.com/archive/1/522835 http://www.securityfocus.com/bid/53682 http://www.securitytracker.com/id?1027100 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 6%CPEs: 2EXPL: 2CVE-2012-2276 – EMC IRM License Server 4.6.1.1995 - Denial of Service
https://notcve.org/view.php?id=CVE-2012-2276
The IRM Server in EMC Documentum Information Rights Management 4.x before 4.7.0100 and 5.x before 5.0.1030 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via input data that (1) lacks FIPS fields or (2) has an invalid version number. El servidor de IRM en EMC EMC Documentum Information Rights Management v4.x anterior a v4.7.0100 y v5.x anterior a v5.0.1030, permite a atacantes remotos provocar una denegación de servicio (eliminar la referencia del puntero NULL y caída demonio) a través de los datos de entrada (1) que carece de FIPS campos o (2) tiene un número de versión no válido. • https://www.exploit-db.com/exploits/18734 http://aluigi.org/adv/irm_1-adv.txt http://secunia.com/advisories/48690 http://www.exploit-db.com/exploits/18734 http://www.securityfocus.com/archive/1/522682 http://www.securityfocus.com/bid/53475 http://www.securitytracker.com/id?1027058 https://exchange.xforce.ibmcloud.com/vulnerabilities/75553 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 3%CPEs: 2EXPL: 2CVE-2012-2277 – EMC IRM License Server 4.6.1.1995 - Denial of Service
https://notcve.org/view.php?id=CVE-2012-2277
The IRM Server in EMC Documentum Information Rights Management 4.x before 4.7.0100 and 5.x before 5.0.1030 allows remote attackers to cause a denial of service (pvcontrol.exe process hang) via \n (line feed) characters in the Id fields of many "batch begin untethered" commands. El Server IRM en EMC Documentum Information Rights Management v4.x anterior a v4.7.0100 y v5.x anterior a v5.0.1030, permite a atacantes remotos provocar una denegación de servicio (cuelgue del proceso pvcontrol.exe ) a través de un salto de línea (\n) en los campos ID de muchos comandos "batch begin untethered" • https://www.exploit-db.com/exploits/18734 http://aluigi.org/adv/irm_1-adv.txt http://secunia.com/advisories/48690 http://www.exploit-db.com/exploits/18734 http://www.securityfocus.com/archive/1/522682 http://www.securityfocus.com/bid/53475 http://www.securitytracker.com/id?1027058 https://exchange.xforce.ibmcloud.com/vulnerabilities/75554 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 1%CPEs: 8EXPL: 2CVE-2012-0407 – EMC Data Protection Advisor 5.8.1 - Denial of Service
https://notcve.org/view.php?id=CVE-2012-0407
Integer overflow in the DPA_Utilities library in EMC Data Protection Advisor (DPA) 5.5 through 5.8 SP1 allows remote attackers to cause a denial of service (infinite loop) via a negative 64-bit value in a certain size field. Desbordamiento de entero en la biblioteca DPA_Utilities de EMC Data Protection Advisor (DPA) v5.5 a v5.8 SP1 permite a atacantes remotos causar una denegación de servicio (bucle infinito) a través de un valor de 64-bits negativo en un determinado campo 'tamaño'. • https://www.exploit-db.com/exploits/18688 http://aluigi.altervista.org/adv/dpa_1-adv.txt http://www.exploit-db.com/exploits/18688 http://www.securityfocus.com/archive/1/522408/30/0/threaded http://www.securitytracker.com/id?1026956 • CWE-189: Numeric Errors •
CVSS: 7.8EPSS: 1%CPEs: 8EXPL: 3CVE-2012-0406 – EMC Data Protection Advisor 5.8.1 - Denial of Service
https://notcve.org/view.php?id=CVE-2012-0406
The DPA_Utilities.cProcessAuthenticationData function in EMC Data Protection Advisor (DPA) 5.5 through 5.8 SP1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an AUTHENTICATECONNECTION command that (1) lacks a password field or (2) has an empty password. La función de DPA_Utilities.cProcessAuthenticationData de EMC Data Protection Advisor (DPA) v5.5 a v5.8 SP1 permite a atacantes remotos causar una denegación de servicio (desreferencia de puntero NULL y caída del demonio) a través de un comando AUTHENTICATECONNECTION que (1) carece de un campo de contraseña o (2) tiene una contraseña vacía. • https://www.exploit-db.com/exploits/18688 http://aluigi.altervista.org/adv/dpa_1-adv.txt http://www.exploit-db.com/exploits/18688 http://www.securityfocus.com/archive/1/522408/30/0/threaded http://www.securitytracker.com/id?1026956 • CWE-264: Permissions, Privileges, and Access Controls •