5 results (0.005 seconds)

CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0

EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote attackers to conduct clickjacking attacks via web-site elements with crafted transparency or opacity. EMC RSA Data Loss Prevention 9.6 en versiones anteriores a SP2 P5 permite a atacantes remotos llevar a cabo ataques de secuestro de clic a través de elementos del sitio web con transparencia u opacidad manipuladas. • http://packetstormsecurity.com/files/136888/RSA-Data-Loss-Prevention-XSS-Information-Disclosure.html http://seclists.org/bugtraq/2016/May/9 http://www.securitytracker.com/id/1035714 • CWE-20: Improper Input Validation •

CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0

EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote authenticated users to bypass intended object access restrictions via a modified parameter. EMC RSA Data Loss Prevention 9.6 en versiones anteriores a SP2 P5 permite a usuarios autenticados remotos eludir restricciones destinadas al acceso de objetos a través de un parámetro modificado. • http://packetstormsecurity.com/files/136888/RSA-Data-Loss-Prevention-XSS-Information-Disclosure.html http://seclists.org/bugtraq/2016/May/9 http://www.securitytracker.com/id/1035714 • CWE-254: 7PK - Security Features •

CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0

EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote authenticated users to obtain sensitive information by reading error messages. EMC RSA Data Loss Prevention 9.6 en versiones anteriores a SP2 P5 permite a usuarios autenticados remotos obtener información sensible leyendo mensajes de error. • http://packetstormsecurity.com/files/136888/RSA-Data-Loss-Prevention-XSS-Information-Disclosure.html http://seclists.org/bugtraq/2016/May/9 http://www.securitytracker.com/id/1035714 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0

Cross-site scripting (XSS) vulnerability in EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en EMC RSA Data Loss Prevention 9.6 en versiones anteriores a SP2 P5 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://packetstormsecurity.com/files/136888/RSA-Data-Loss-Prevention-XSS-Information-Disclosure.html http://seclists.org/bugtraq/2016/May/9 http://www.securitytracker.com/id/1035714 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 2.7EPSS: 0%CPEs: 3EXPL: 0

EMC RSA Data Loss Prevention (DLP) 9.x before 9.6-SP2 does not properly manage sessions, which allows remote authenticated users to gain privileges and bypass intended content-reading restrictions via unspecified vectors. EMC RSA Data Loss Prevention (DLP) 9.x anterior a 9.6-SP2 no maneja debidamente sesiones, lo que permite a usuarios remotos autenticados ganar privilegios y evadir restricciones de lectura de contenido a través de vectores no especificados. • http://seclists.org/bugtraq/2014/Mar/8 •