exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

EMC Data Protection Advisor Denial Of Service
Posted Apr 19, 2012
Site emc.com

EMC Data Protection Advisor (DPA) contains vulnerabilities that can potentially be exploited by malicious users to cause denial of service.

tags | advisory, denial of service, vulnerability
advisories | CVE-2012-0406, CVE-2012-0407
SHA-256 | e93e8f6daaaf175e61291a89a77cb04b5b8f20c9b8728903f3742f9f8c6eab80

Related Files

Dell EMC Data Protection Advisor XML Injection
Posted Aug 6, 2018
Site emc.com

Dell EMC Data Protection Advisor, versions 6.4 through 6.5, contains a XML External Entity (XXE) Injection vulnerability in the REST API. An authenticated remote malicious user could potentially exploit this vulnerability to read certain system files in the server or cause denial of service by supplying specially crafted Document Type Definitions (DTDs) in an XML request.

tags | advisory, remote, denial of service
advisories | CVE-2018-11048
SHA-256 | 7262794bbeb917e7e2c99abb41baa2f271a39f4c1762b712654d0947ea15b677
Dell EMC Data Protection Advisor Hardcoded Password
Posted Mar 8, 2018
Site emc.com

Dell EMC Data Protection Advisor contains a database account with a hardcoded password that could potentially be exploited by malicious users to compromise the affected system. Versions prior to 6.3 Patch 159 and versions prior to 6.4 Patch 110 are affected.

tags | advisory
advisories | CVE-2018-1206
SHA-256 | 5a9e83b3a0095cc39669b172670d29f7a2040acff176d21f4aa2f9d6f4892ef9
EMC Data Protection Advisor Hardcoded Password
Posted Sep 16, 2017
Authored by rgod | Site emc.com

EMC Data Protection Advisor contains undocumented accounts with hard-coded passwords that could potentially be exploited by malicious users to compromise the affected system. Versions 6.3.x and 6.4.x are affected.

tags | advisory
advisories | CVE-2017-8013
SHA-256 | 3aaf4121fb9b0575cdcc672569f79fb79ba6e1a12da1241bda5dcdda2198838c
EMC Data Protection Advisor SQL Injection / Path Traversal
Posted Jul 7, 2017
Authored by rgod | Site emc.com

EMC Data Protection Advisor versions prior to 6.4 suffer from remote SQL injection and path traversal vulnerabilities.

tags | advisory, remote, vulnerability, sql injection
advisories | CVE-2017-8002, CVE-2017-8003
SHA-256 | 05cb312b3d51461c4a374866f6a1305114602a8066f88e5c75ce51159ee2643d
EMC Data Protection Advisor Path 6.x Path Traversal
Posted Jan 28, 2017
Site emc.com

EMC Data Protection Advisor contains a fix for a path traversal vulnerability that may potentially be exploited by malicious users to compromise the affected system. Versions 6.1.x, 6.2, 6.2.1, 6.2.2, and 6.2.3 prior to patch 446 are affected.

tags | advisory
advisories | CVE-2016-8211
SHA-256 | 1399b4c25d75885ede6ffe39eddd5e40f0959f9e9f7b40269343455100f526fb
EMC Data Protection Advisor Remote Code Execution
Posted Dec 10, 2013
Authored by rgod | Site retrogod.altervista.org

EMC Data Protection Advisor version 5.8 sp5 suffers from a DPA Illuminator EJBInvokerServlet remote code execution vulnerability. Proof of concept code included.

tags | exploit, remote, code execution, proof of concept
systems | linux
SHA-256 | bec0bb61454387d713dc7ce4ade6cefcbc27df7b553ab6873ee83cad51e2a1c6
RSA Authentication Agent For Pam Unlimited Login Attempts
Posted Aug 20, 2013
Site emc.com

RSA Authentication Agent for PAM version 7.0.2 and prior relied on the PAM-enabled application to restrict the number of login attempts that may be made via the agent, rather than natively enforcing such restriction.. This may allow attackers to carry brute-force attacks against the vulnerable systems. RSA Authentication Agent for PAM 7.0.2.1 and 7.1 and later support Exponential Backoff feature that is designed to mitigate this vulnerability.

tags | advisory
advisories | CVE-2013-3271
SHA-256 | 5d2b0b116fffb0415c9496b8b68a5ca4291750689707dd97470b6c058b7b9bde
EMC NetWorker Information Disclosure
Posted Jul 29, 2013
Site emc.com

A vulnerability exists in EMC NetWorker that could allow exposure of certain sensitive configuration information under specific circumstances. Versions affected include EMC NetWorker 8.0.0.x, 8.0.1.x, and 7.6.x.x.

tags | advisory
advisories | CVE-2013-0943
SHA-256 | 9dec0bf3a8508498074bb32c9d7dcad0227b5a46110ee20ca656d7dbb5260323
EMC Replication Manager Information Disclosure
Posted Jul 6, 2013
Site emc.com

Encoded passwords were recorded in EMC Replication Manager log files, prior to version 5.4.4. This could be potentially exploited by malicious user to access vulnerable systems.

tags | advisory
advisories | CVE-2013-3272
SHA-256 | dc04f8a98ba358c5213b178568e4bb5f3d4760eec0fc59330ab5aa99bdd19f4d
RSA Authentication Manager Information Disclosure
Posted Jul 6, 2013
Site emc.com

If the RSA Authentication Manager Software Development Kit (SDK) is used to develop a custom application that connects with RSA Authentication Manager with the trace logging is set to verbose, the administrative account password used by the custom application appears in the trace log file as clear text. Affected products include RSA Authentication Manager version 7.1 and 8.0.

tags | advisory
advisories | CVE-2013-3273
SHA-256 | f9d14eb305ff9ba19dd614f9f03a38fe1e6c49746ddcebc66e23f188e1a07e4c
RSA BSAFE SSL-C SSL/TLS Plaintext Recovery
Posted Jun 20, 2013
Site emc.com

RSA BSAFE SSL-C version 2.8.7 contains a patch that is designed to help ensure that MAC checking is time invariant in servers in order to mitigate Lucky Thirteen attacks.

tags | advisory
advisories | CVE-2013-0169
SHA-256 | 3705ff404e79e528a1d4c4f3b3ef61d1564a3c5b98e8c1e65707ec6fa9ccf3b9
RSA BSAFE SSL-J BEAST / Lucky Thirteen
Posted Jun 19, 2013
Site emc.com

RSA BSAFE SSL-J 6.0.1 and 5.1.2 contain updates designed to prevent BEAST attacks and SSL/TLS Plaintext Recovery (aka Lucky Thirteen) attacks.

tags | advisory
advisories | CVE-2013-0169, CVE-2011-3389
SHA-256 | c4c500343555b143f39e0055e4ce990a4e2809cae8e525b10d41140c0a9e374e
RSA BSAFE SSL/TLS Plaintext Recovery
Posted Jun 19, 2013
Site emc.com

Researchers have discovered a weakness in the handling of CBC cipher suites in SSL, TLS and DTLS for RSA BSAFE Micro Edition Suite for all versions outside of 4.0.3 and 3.2.5. The Lucky Thirteen attack exploits timing differences arising during MAC processing. Vulnerable implementations do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.

tags | advisory, remote
advisories | CVE-2013-0169
SHA-256 | 63d67971616d756f9a24527aece917f871801037a08e76de35be02323baa702a
RSA Authentication Manager 8.0 Injection / Disclosure
Posted May 29, 2013
Site emc.com

RSA Authentication Manager version 8.0 suffers from information disclosure and PostgreSQL argument injection vulnerabilities.

tags | advisory, vulnerability, info disclosure
advisories | CVE-2013-0947, CVE-2013-1899
SHA-256 | 51025b283bf7b06aa4e48a2045497a92ea112092445f55c38c3447b5bb77e3c5
RSA SecurID Sensitive Information Disclosure
Posted May 16, 2013
Site emc.com

The node secret in various RSA products was stored using an encryption key and encryption algorithm that is no longer considered effective by RSA standards. An attacker could potentially exploit this to eavesdrop on or modify network communications.

tags | advisory
advisories | CVE-2013-0941
SHA-256 | ec2e53ead8f95b16862d03dec8d43560ce99aebd13724101d98dc9ab2a022eba
EMC VNX / Celerra Control Station Privilege Escalation
Posted May 16, 2013
Authored by Doug DePerry | Site emc.com

A vulnerability exists in EMC VNX and EMC Celerra Control Station that could result in elevation of privileges by a lower level administrator with access to the system.

tags | advisory
advisories | CVE-2013-3270
SHA-256 | 61f490788c1fe52f910e20b8939b8105eaae8a31ecc8dcc9109db760deb50fbc
RSA Authentication Agent 7.1 Cross Site Scripting
Posted May 10, 2013
Site emc.com

A cross site scripting vulnerability could be potentially exploited by a malicious attacker for conducting scripting attacks in RSA Authentication Agent. The vulnerability could be exploited by getting an authenticated user to click on specially-crafted links that a malicious attacker can embed within an e-mail message, web page, or other source. This may lead to execution of malicious html requests or scripts in the context of the authenticated user.

tags | advisory, web, xss
advisories | CVE-2013-0942
SHA-256 | 60c2408d2fe62788b2cbc510da0866dd0087c1d236f7ee0f72f7e8c309d66045
EMC AlphaStor 4.0 Build 116 Buffer Overflow
Posted May 9, 2013
Site emc.com

A buffer overflow vulnerability exists in EMC AlphaStor that could potentially be exploited by a malicious user to create a denial of service condition or execute arbitrary code.

tags | advisory, denial of service, overflow, arbitrary
advisories | CVE-2013-0946
SHA-256 | 404c2ed57cf66622d085924cf32617827a359da5b06dc524e83d1ec35939780f
EMC Documentum XSS / Session Fixation
Posted May 9, 2013
Site emc.com

Vulnerabilities exist in several EMC Documentum products that could potentially be exploited by a malicious user. Session fixation vulnerability could be potentially exploited by an unauthorized user to gain privileges to perform actions as a valid user by utilizing techniques to steal or gain access to an authenticated session. Cross-site scripting vulnerability could be potentially exploited for conducting malicious scripting by getting an authenticated user to click on specially-crafted links maliciously embedded within an email, web page or other source. This may lead to execution of malicious html requests or scripts in the context of the authenticated user. Cross Frame Scripting vulnerability could potentially be exploited by an attacker to steal sensitive information by inducing the authenticated user to navigate to a web page the attacker controls.

tags | advisory, web, vulnerability, xss
advisories | CVE-2013-0938, CVE-2013-0939, CVE-2013-0937
SHA-256 | 2e4b137f4062d82c49c23eb897561e7f7972d3850a1d59e1a82bc1f0f78a1318
RSA Archer GRC 5.x XSS / Shell Upload
Posted May 6, 2013
Site emc.com

RSA Archer GRC version 5.x suffers from improper authorization, remote shell upload, and cross site scripting vulnerabilities.

tags | advisory, remote, shell, vulnerability, xss
advisories | CVE-2013-0932, CVE-2013-0933, CVE-2013-0934
SHA-256 | 6a8a5e91e1b57ce0408f1ab97e52945082afdc7c31d4610a7ee64b7b5f03ed2e
EMC NetWorker 8.0.1.3 / 7.6.5.2 Privilege Escalation
Posted May 2, 2013
Site emc.com

A vulnerability exists in EMC NetWorker that could result in elevation of privileges by an unauthorized user who has access to a local file system.

tags | advisory, local
advisories | CVE-2013-0940
SHA-256 | 21da0d56fc3b459c3fa2d684fcf9ac54f5b7a89e341c5dd97585db7581f7a7d0
EMC Avamar Client Improper Certificate Validation
Posted May 2, 2013
Site emc.com

When the server to client certificate-based authentication is configured, the EMC Avamar Client does not correctly validate the values in the Common Name (CN) and Subject Alternative Name (SAN) field of the Avamar Server certificate. This could potentially allow spoofing attacks. Versions 6.x and below are affected.

tags | advisory, spoof
advisories | CVE-2013-0945
SHA-256 | 61fee8be51b3f53990f46d2a359d8c0c700dc535d88c28590e9315c215016a62
EMC Avamar Improper Authorization
Posted May 2, 2013
Site emc.com

A vulnerability in the EMC Avamar web based file restore interface could potentially be exploited by a malicious user to access unauthorized files via URL manipulation.

tags | advisory, web
advisories | CVE-2013-0944
SHA-256 | 56dd170b8779011adb569379bb521510fc1abe54526340b3f07db8d83fae1865
EMC Smarts Product Cross Site Scripting
Posted Mar 28, 2013
Site emc.com

EMC Smarts Product versions prior to 9.2 contain a cross site scripting vulnerability that could potentially be exploited by malicious users.

tags | advisory, xss
advisories | CVE-2013-0936
SHA-256 | 883d4810ac2c6054019ce2ac8a31a3711e9315ccc3a0dc8dd3c1d89e8cf6b06d
EMC Smarts NCM Improper Authentication
Posted Mar 27, 2013
Site emc.com

EMC Smarts Network Configuration Manager (NCM) version 9.2 contains fix for a vulnerability that could allow a malicious user to call certain supported Java Remote Method Invocation methods remotely without authentication. In addition, NCM System Management (SysAdmin) Console has known security vulnerabilities and EMC strongly advises customers to disable and not use this console until there is alternative solution from EMC.

tags | advisory, java, remote, vulnerability
advisories | CVE-2013-0935
SHA-256 | 0874e51f0ca690050aecbd9f317a22a366230b83c340be3b95f6baca5690e1b0
Page 1 of 4
Back1234Next

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    13 Files
  • 10
    Aug 10th
    34 Files
  • 11
    Aug 11th
    16 Files
  • 12
    Aug 12th
    5 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    25 Files
  • 16
    Aug 16th
    3 Files
  • 17
    Aug 17th
    6 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close