CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0CVE-2011-1744
https://notcve.org/view.php?id=CVE-2011-1744
EMC Captiva eInput 2.1.1 before 2.1.1.37 does not restrict the origin of calls to ActiveX functions, which allows remote attackers to read arbitrary files or cause a denial of service via a crafted web site. EMC Captiva eInput v2.1.1 anterior a v2.1.1.37 no restringe las llamadas de origen en funciones ActiveX, lo que permite a atacantes remotos leer ficheros de su elección o provocar una denegación de servicio a través de un sitio web manipulado. • http://securityreason.com/securityalert/8319 http://www.securityfocus.com/archive/1/519010/100/0/threaded • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2011-1743
https://notcve.org/view.php?id=CVE-2011-1743
Cross-site scripting (XSS) vulnerability in EMC Captiva eInput 2.1.1 before 2.1.1.37 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en EMC Captiva eInput v2.1.1 anterior a v2.1.1.37 permite a atacantes remotos inyectar script web de su elección o HTML a través de vectores desconocidos. • http://securityreason.com/securityalert/8319 http://www.securityfocus.com/archive/1/519010/100/0/threaded • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 27%CPEs: 3EXPL: 0CVE-2011-1741 – EMC Documentum eRoom Indexing Server OpenText HummingBird Connector Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-1741
Stack-based buffer overflow in ftserver.exe in the OpenText Hummingbird Client Connector, as used in the Indexing Server in EMC Documentum eRoom 7.x before 7.4.3.f and other products, allows remote attackers to execute arbitrary code by sending a crafted message over TCP. Desbordamiento de búfer basado en pila en ftserver.exe en OpenText Hummingbird Client Connector, como el usado en Indexing Server en EMC Documentum eRoom v7.x before v7.4.3.f y otros productos, permite a atacantes remotos ejecutar código de su elección mandando un mensaje manipulado sobre TCP. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Documentum eRoom Indexing Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the bundled implementation of OpenText's HummingBird Connector. When parsing a particular packet received from a TCP connection, the application will attempt to copy part of the packet's contents into a buffer located on the stack. • http://securityreason.com/securityalert/8311 http://securitytracker.com/id?1025790 http://www.securityfocus.com/archive/1/518897/100/0/threaded http://www.securityfocus.com/archive/1/518913/100/0/threaded http://www.securityfocus.com/bid/48712 http://www.zerodayinitiative.com/advisories/ZDI-11-236 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 3.5EPSS: 0%CPEs: 7EXPL: 0CVE-2011-1424
https://notcve.org/view.php?id=CVE-2011-1424
The default configuration of ExShortcut\Web.config in EMC SourceOne Email Management before 6.6 SP1, when the Mobile Services component is used, does not properly set the localOnly attribute of the trace element, which allows remote authenticated users to obtain sensitive information via ASP.NET Application Tracing. La configuración por defecto de ExShortcut\Web.config en EMC SourceOne Email Management anteriores a v6.6 Service Pack 1, cuando se utiliza el componente Mobile Services, no fija de forma adecuada el atributo localOnly de la traza del elemento, lo que permite a usuarios remotos autenticados a obtener información sensible a través de la aplicación ASP.NET Application Tracing. • http://securityreason.com/securityalert/8258 http://www.securityfocus.com/archive/1/518003/100/0/threaded • CWE-16: Configuration •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2011-1423
https://notcve.org/view.php?id=CVE-2011-1423
Cross-site scripting (XSS) vulnerability in RSA Data Loss Prevention (DLP) Enterprise Manager 8.x before 8.5 SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en RSA Data Loss Prevention (DLP) Enterprise Manager 8.x anteriores a 8.5 SP1. Permite a usuarios remotos inyectar codigo de script web o código HTML de su elección a través de vectores sin especificar. • http://securityreason.com/securityalert/8242 http://www.securityfocus.com/archive/1/517763/100/0/threaded http://www.securityfocus.com/bid/47642 https://exchange.xforce.ibmcloud.com/vulnerabilities/67210 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •