CVE-2016-0895
https://notcve.org/view.php?id=CVE-2016-0895
EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote attackers to conduct clickjacking attacks via web-site elements with crafted transparency or opacity. EMC RSA Data Loss Prevention 9.6 en versiones anteriores a SP2 P5 permite a atacantes remotos llevar a cabo ataques de secuestro de clic a través de elementos del sitio web con transparencia u opacidad manipuladas. • http://packetstormsecurity.com/files/136888/RSA-Data-Loss-Prevention-XSS-Information-Disclosure.html http://seclists.org/bugtraq/2016/May/9 http://www.securitytracker.com/id/1035714 • CWE-20: Improper Input Validation •
CVE-2016-0894
https://notcve.org/view.php?id=CVE-2016-0894
EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote authenticated users to bypass intended object access restrictions via a modified parameter. EMC RSA Data Loss Prevention 9.6 en versiones anteriores a SP2 P5 permite a usuarios autenticados remotos eludir restricciones destinadas al acceso de objetos a través de un parámetro modificado. • http://packetstormsecurity.com/files/136888/RSA-Data-Loss-Prevention-XSS-Information-Disclosure.html http://seclists.org/bugtraq/2016/May/9 http://www.securitytracker.com/id/1035714 • CWE-254: 7PK - Security Features •
CVE-2016-0893
https://notcve.org/view.php?id=CVE-2016-0893
EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote authenticated users to obtain sensitive information by reading error messages. EMC RSA Data Loss Prevention 9.6 en versiones anteriores a SP2 P5 permite a usuarios autenticados remotos obtener información sensible leyendo mensajes de error. • http://packetstormsecurity.com/files/136888/RSA-Data-Loss-Prevention-XSS-Information-Disclosure.html http://seclists.org/bugtraq/2016/May/9 http://www.securitytracker.com/id/1035714 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2016-0892
https://notcve.org/view.php?id=CVE-2016-0892
Cross-site scripting (XSS) vulnerability in EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en EMC RSA Data Loss Prevention 9.6 en versiones anteriores a SP2 P5 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://packetstormsecurity.com/files/136888/RSA-Data-Loss-Prevention-XSS-Information-Disclosure.html http://seclists.org/bugtraq/2016/May/9 http://www.securitytracker.com/id/1035714 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •