CVE-2016-3063
https://notcve.org/view.php?id=CVE-2016-3063
Multiple functions in NetApp OnCommand System Manager before 8.3.2 do not properly escape special characters, which allows remote authenticated users to execute arbitrary API calls via unspecified vectors. Funciones múltiples en NetApp OnCommand System Manager en versiones anteriores a 8.3.2 no escapan adecuadamente de caracteres especiales, lo que permite a usuarios remotos autenticados ejecutar llamadas API arbitrarias a través de vectores no especificados. • https://kb.netapp.com/support/s/article/cve-2016-3063-zapi-injection-vulnerability-in-oncommand-system-manager https://security.netapp.com/advisory/ntap-20160310-0004 • CWE-116: Improper Encoding or Escaping of Output •
CVE-2016-5047
https://notcve.org/view.php?id=CVE-2016-5047
NetApp OnCommand System Manager 8.3.x before 8.3.2P5 allows remote authenticated users to cause a denial of service via unspecified vectors. NetApp OnCommand System Manager 8.3.x en versiones anteriores a 8.3.2P5 permite a usuarios remotos autenticados provocar una denegación de servicio a través de vectores no especificados. • http://kb.netapp.com/support/index?page=content&id=9010100 http://www.securityfocus.com/bid/92685 https://security.netapp.com/advisory/ntap-20160830-0001 •
CVE-2013-3321 – NetApp OnCommand System Manager 2.1 / 2.0.2 XSS / File Inclusion / Command Execution
https://notcve.org/view.php?id=CVE-2013-3321
NetApp OnCommand System Manager 2.1 and earlier allows remote attackers to include arbitrary files through specially crafted requests to the "diagnostic" page using the SnapMirror log path parameter. NetApp OnCommand System Manager versiones 2.1 y anteriores, permiten a atacantes remotos incluir archivos arbitrarios por medio de peticiones especialmente diseñadas en la página "diagnostic" utilizando el parámetro de ruta de registro SnapMirror. NetApp onCommand System Manager versions 2.1 and below and 2.0.2 and below suffer from cross site scripting, file inclusion, and OS command execution vulnerabilities. • https://exchange.xforce.ibmcloud.com/vulnerabilities/84062 https://www.securityfocus.com/archive/1/526552 • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVE-2013-3320 – NetApp OnCommand System Manager - '/zapiServlet' User Management Interface Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2013-3320
Cross-site Scripting (XSS) vulnerability in NetApp OnCommand System Manager before 2.2 allows remote attackers to inject arbitrary web script or HTML via the 'full-name' and 'comment' fields. Una vulnerabilidad de tipo Cross-site Scripting (XSS) en NetApp OnCommand System Manager versiones anteriores a 2.2, permite a atacantes remotos inyectar script web o HTML arbitrario por medio de los campos "full-name" y "comment". NetApp onCommand System Manager versions 2.1 and below and 2.0.2 and below suffer from cross site scripting, file inclusion, and OS command execution vulnerabilities. • https://www.exploit-db.com/exploits/38507 https://www.exploit-db.com/exploits/38506 http://www.securityfocus.com/bid/59688 https://exchange.xforce.ibmcloud.com/vulnerabilities/84060 https://exchange.xforce.ibmcloud.com/vulnerabilities/84061 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2013-3322 – NetApp OnCommand System Manager 2.1 / 2.0.2 XSS / File Inclusion / Command Execution
https://notcve.org/view.php?id=CVE-2013-3322
NetApp OnCommand System Manager 2.1 and earlier allows remote attackers to inject arbitrary commands in the Halt/Reboot interface. NetApp OnCommand System Manager versión 2.1 y anteriores, permiten a atacantes remotos inyectar comandos arbitrarios en la interfaz Halt/Reboot. NetApp onCommand System Manager versions 2.1 and below and 2.0.2 and below suffer from cross site scripting, file inclusion, and OS command execution vulnerabilities. • https://exchange.xforce.ibmcloud.com/vulnerabilities/84063 https://www.securityfocus.com/archive/1/526552 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •