CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2006-7201
https://notcve.org/view.php?id=CVE-2006-7201
EMC RSA Security SiteKey does not set the secure qualifier on the SiteKey Flash token (aka the PassMark Flash shared object), which might allow remote attackers to obtain the token via HTTP. EMC RSA Security SiteKey no establece el cualificador de seguridad en el testigo (token) SiteKey Flash (también conocido como el objeto compartido PassMark Flash), el cual permite a atacantes remotos obtener el testigo vía HTTP. • http://www.cr-labs.com/publications/SiteKey-20060718.pdf http://www.cr-labs.com/publications/WhySiteKey-20060824.pdf •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2006-7199
https://notcve.org/view.php?id=CVE-2006-7199
EMC RSA Security SiteKey allows remote attackers to display the correct image via a man-in-the-middle (MITM) attack in which an attacker-controlled server proxies authentication data to and from a legitimate SiteKey server. NOTE: the vendor disputes the severity of the issue, stating that it is easier to monitor this attack than "attacks against static web pages." EMC RSA Security SiteKey permite a atacantes remotos mostrar la imagen correcta mediante un ataque de hombre-en-medio (MITM) en el cual un servidor controlado por el atacante hace de proxy para los datos de autenticación desde y hacia un servidor SiteKey legítimo. NOTA: el fabricante niega la severidad de este problema, afirmando que es más fácil monitorizar este ataque que "ataques contra páginas web estáticas". • http://www.cr-labs.com/publications/SiteKey-20060718.pdf http://www.cr-labs.com/publications/WhySiteKey-20060824.pdf http://www.networkworld.com/newsletters/sec/2007/0402sec2.html •
CVSS: 10.0EPSS: 6%CPEs: 1EXPL: 0CVE-2006-3892
https://notcve.org/view.php?id=CVE-2006-3892
The Management Console server in EMC NetWorker (formerly Legato NetWorker) 7.3.2 before Jumbo Update 1 uses weak authentication, which allows remote attackers to execute arbitrary commands. El servidor de la consola de administración del EMC NetWorker (antiguamente el Legato NetWorker) 7.3.2 anterior a la actualización 1 del Jumbo, utiliza una autenticación débil, lo que permite a atacantes remotos ejecutar comandos de su elección. • ftp://ftp.legato.com/pub/NetWorker/Updates/732JumboUpdate1/README%20732%20Jumbo%20Update%201.txt http://osvdb.org/33853 http://secunia.com/advisories/24362 http://www.kb.cert.org/vuls/id/498553 http://www.kb.cert.org/vuls/id/MIMG-6VMLWA http://www.securityfocus.com/bid/22789 http://www.securitytracker.com/id?1017724 http://www.vupen.com/english/advisories/2007/0816 •
CVSS: 7.5EPSS: 84%CPEs: 4EXPL: 0CVE-2006-2391
https://notcve.org/view.php?id=CVE-2006-2391
Buffer overflow in EMC Retrospect Client 5.1 through 7.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet to port 497. • http://kb.dantz.com/display/2n/articleDirect/index.asp?aid=9511 http://secunia.com/advisories/20080 http://securitytracker.com/id?1016063 http://securitytracker.com/id?1016136 http://www.acrossecurity.com/aspr/ASPR-2006-05-17-1-PUB.txt http://www.kb.cert.org/vuls/id/186944 http://www.securityfocus.com/archive/1/434726/100/0/threaded http://www.securityfocus.com/bid/17948 http://www.securityfocus.com/bid/18064 http://www.vupen.com/english/advisories/2006/1766 https& •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2006-2154
https://notcve.org/view.php?id=CVE-2006-2154
EMC Retrospect for Windows 6.5 before 6.5.382, 7.0 before 7.0.344, and 7.5 before 7.5.1.105 does not drop privileges before opening files, which allows local users to execute arbitrary code via the File>Open dialog. • http://kb.dantz.com/display/2n/articleDirect/index.asp?aid=9507&r=0.7344324 http://secunia.com/advisories/19850 http://www.securityfocus.com/bid/17798 http://www.vupen.com/english/advisories/2006/1612 https://exchange.xforce.ibmcloud.com/vulnerabilities/26226 •