exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 50 of 100 RSS Feed

Files

EMC Captiva Capture Sensitive Information Disclosure
Posted Feb 6, 2015
Site emc.com

EMC Captiva Capture releases a security fix to address sensitive information disclosure vulnerability where password of a SQL user for the InputAccel (IA) database may potentially be logged in plaintext within the DAL log files after the InputAccel Database (IADB) installation. Versions 7.0 and 7.1 are affected.

tags | advisory, info disclosure
advisories | CVE-2015-0519
SHA-256 | 9c9819d594e47ef65f0e9771171a6a1915e74cbae99e6c1440655eb02228e934

Related Files

EMC Avamar Improper Authorization
Posted May 2, 2013
Site emc.com

A vulnerability in the EMC Avamar web based file restore interface could potentially be exploited by a malicious user to access unauthorized files via URL manipulation.

tags | advisory, web
advisories | CVE-2013-0944
SHA-256 | 56dd170b8779011adb569379bb521510fc1abe54526340b3f07db8d83fae1865
EMC Smarts Product Cross Site Scripting
Posted Mar 28, 2013
Site emc.com

EMC Smarts Product versions prior to 9.2 contain a cross site scripting vulnerability that could potentially be exploited by malicious users.

tags | advisory, xss
advisories | CVE-2013-0936
SHA-256 | 883d4810ac2c6054019ce2ac8a31a3711e9315ccc3a0dc8dd3c1d89e8cf6b06d
EMC Smarts NCM Improper Authentication
Posted Mar 27, 2013
Site emc.com

EMC Smarts Network Configuration Manager (NCM) version 9.2 contains fix for a vulnerability that could allow a malicious user to call certain supported Java Remote Method Invocation methods remotely without authentication. In addition, NCM System Management (SysAdmin) Console has known security vulnerabilities and EMC strongly advises customers to disable and not use this console until there is alternative solution from EMC.

tags | advisory, java, remote, vulnerability
advisories | CVE-2013-0935
SHA-256 | 0874e51f0ca690050aecbd9f317a22a366230b83c340be3b95f6baca5690e1b0
RSA Authentication Agent 7.1.1 Access Bypass
Posted Mar 1, 2013
Site emc.com

RSA Authentication Agent version 7.1.1 for Windows suffers from an issue where a user may incorrectly gain access to a desktop or a server.

tags | advisory
systems | windows
advisories | CVE-2013-0931
SHA-256 | 2f238efee7569fbed4654191f68bd99735eb85488927065675a4251d6a5453c0
RSA Archer GRC Traversal / Cross Site Scripting
Posted Feb 3, 2013
Authored by Nello Coppeto | Site emc.com

RSA Archer GRC versions prior to 5.3 and 5.2SP1 suffer from path traversal, cross site scripting, cross-domain policy, and clickjacking vulnerabilities.

tags | advisory, vulnerability, xss
advisories | CVE-2012-2293, CVE-2012-2292, CVE-2012-1064, CVE-2012-2294
SHA-256 | 1f1226ddc6dffbd1dea484495b345b9778a28615df5e86d738faf5875fcb8ad3
EMC AlphaStor Buffer Overflow
Posted Jan 30, 2013
Authored by Aniway | Site emc.com

A buffer overflow vulnerability exists in EMC AlphaStor that could potentially be exploited by a malicious user to create a denial of service condition or execute arbitrary code. EMC AlphaStor version 4.0 prior to build 814 is affected.

tags | advisory, denial of service, overflow, arbitrary
advisories | CVE-2013-0930
SHA-256 | c72b06bd5f6d41e9b7fe14bee9a1a610ea2db6a5ca209ce7002b36f8b6c212ec
EMC Avamar Client Privilege Elevation
Posted Jan 21, 2013
Site emc.com

The Avamar affected client process runs as root and after each backup it leaves the cache files as world readable and writable. While the cache files themselves do not contain sensitive information, when the parent directory is world-writable, the cache files could be used by an attacker to elevate the privileges when a system-level backup is performed. The non-root user can create symbolic links to obtain unauthorized access to files on the affected system. Versions affected include EMC Avamar HP-UX Client 4.x, 5.x and 6.x, EMC Avamar Mac OS Client 4.x, 5.x and 6.x, and EMC Avamar Plugin for Oracle 4.x, 5.x and 6.x.

tags | advisory, root
systems | hpux
advisories | CVE-2012-2291
SHA-256 | 6d23b1eaba37b7441a5ae44384b647fe91db54567726e5da4f9dfce5acbcc994
EMC AlphaStor 4.0 Code Execution
Posted Jan 21, 2013
Authored by Aniway | Site emc.com

EMC AlphaStor version 4.0 prior to build 800 suffers from code execution and format string vulnerabilities.

tags | advisory, vulnerability, code execution
advisories | CVE-2013-0928, CVE-2013-0929
SHA-256 | e553b534252e9057c149a87cfdcee80ce12b2835916a738c969d3283215bdd6b
EMC NetWorker Buffer Overflow
Posted Jan 8, 2013
Site emc.com

EMC NetWorker provides some of its services through the SunRPC remote procedure call mechanism. One of these services, nsrindexd, which listens on a dynamic port, exposes a SunRPC interface. A buffer overflow vulnerability exists in this service that could potentially be exploited by a malicious user to create a denial of service condition or execute arbitrary code on the vulnerable system in the context of the affected application, commonly system. Affected products include EMC NetWorker 7.5.x and earlier, EMC NetWorker 7.6.4 and earlier, and EMC NetWorker 8.0.0.5 and earlier.

tags | advisory, remote, denial of service, overflow, arbitrary
advisories | CVE-2012-4607
SHA-256 | 94887bfb88a7ec768c8b3fa36fd375f356522df36424e97753aceb5368089b26
EMC Data Protection Advisor Information Disclosure
Posted Dec 24, 2012
Authored by rgod | Site emc.com

A vulnerability exists in EMC Data Protection Advisor that can be potentially exploited to gain unauthorized access to files and directories. The DPA Web UI contains directory traversal vulnerability that could allow a remote unauthenticated malicious user to copy and read files from the affected system. The vulnerability does not allow an attacker to modify existing or upload new files to the affected system. If recommended practice is followed and the DPA server processes run as an unprivileged user, these files will be limited to the DPA installation directory. The DPA installation directory may contain files with sensitive system information.

tags | advisory, remote, web
advisories | CVE-2012-4616
SHA-256 | 28deb0615da041d54123c8dd033b6abe48f3fe792e845006fbe90f62c15a6b9d
RSA NetWitness Informer Cross-Site Request Forgery / Clickjacking
Posted Dec 3, 2012
Site emc.com

RSA NetWitness Informer web interface is susceptible to cross-site request forgery and click-jacking vulnerabilities. These vulnerabilities could be potentially exploited by malicious people by tricking an authenticated user to click on specially-crafted links. This may lead to execution of malicious html requests or scripts in the context of the authenticated user.

tags | advisory, web, vulnerability, csrf
advisories | CVE-2012-4609, CVE-2012-4608
SHA-256 | b6d54fe5f7c5efb6f5d469907c68a4b13c5efd425ec3b44cd3e72044822b1111
RSA Adaptive Authentication (On-Premise) 6.x XSS
Posted Nov 27, 2012
Site emc.com

RSA Adaptive Authentication (On-Premise) version 6.x contains cross site scripting vulnerabilities that could be exploited by malicious users.

tags | advisory, vulnerability, xss
advisories | CVE-2012-4611
SHA-256 | 84f8cf21f7e1dfc3a155bca1ff11ed500da27015edcbfdf7f394bf6e738444f1
EMC Smarts Network Configuration Manager Bypass
Posted Nov 26, 2012
Site emc.com

EMC Smarts Network Configuration Manager versions prior to 9.1 suffer from hard-coded encryption key and unauthenticated database connection vulnerabilities.

tags | advisory, vulnerability
advisories | CVE-2012-4615
SHA-256 | 439bbcd4a69b43b581354b97da8d2fc1d0f95a1a7e8f113e8b824661c159e743
RSA Data Protection Manager XSS / Broken Restriction
Posted Nov 13, 2012
Site emc.com

RSA Data Protection Manager is susceptible to vulnerabilities that could potentially be exploited by malicious users to compromise affected systems. These include a cross site scripting vulnerability and improper restriction of authentication attempts for OS lever user accounts.

tags | advisory, vulnerability, xss
advisories | CVE-2012-4612, CVE-2012-4613
SHA-256 | 3cb801677b567bb3d98b09a0716b18ba0be64f9acfcb404b730a7960ec1a21dd
EMC Avamar Client For VMware Information Disclosure
Posted Oct 29, 2012
Site emc.com

The Avamar Server root user password is stored in plain text on Avamar VMWare proxy client. This could allow a malicious user with network access to proxy client and Avamar Server to gain privileged access to the Avamar server.

tags | advisory, root
advisories | CVE-2012-4610
SHA-256 | 42555590e2ec1eaa4ed0e58462ba49dc8fd26c16852f27e2bdf6f80bb817912e
EMC NMM Arbitrary Code Execution
Posted Oct 12, 2012
Site emc.com

Vulnerabilities exist in EMC NMM that could potentially be exploited by a malicious user to execute arbitrary code. Also, there is a risk that sensitive information could be disclosed under specific circumstances described in the details below.

tags | advisory, arbitrary, vulnerability
advisories | CVE-2012-2290, CVE-2012-2284
SHA-256 | e578dd03321c59fbe78efe605f063204a71d4d6faaa23ba7cf3acc4f001878eb
RSA Adaptive Authentication Information Disclosure
Posted Oct 9, 2012
Site emc.com

RSA Adaptive Authentication (On-Premise) version 6.0.2.1 contains a vulnerability that can potentially lead to sensitive information disclosure.

tags | advisory, info disclosure
advisories | CVE-2012-2286
SHA-256 | 45674765cbf3713028457ca019660d3802462a301c80e1753fd03db1ced6a6d5
RSA Authentication Agent 7.1 / Client 3.5 Access Control
Posted Sep 24, 2012
Site emc.com

Under some configuration conditions, a user of RSA Authentication Agent 7.1 for Windows or RSA Authentication Client who has privilege to access a desktop or a server is incorrectly able to do so with only Windows credentials.

tags | advisory
systems | windows
advisories | CVE-2012-2287
SHA-256 | f7e6f89bb7f058badfe44bd757c183a27eabcd20a897cd05a00c89eac29f3ed8
RSA BSAFE SSL-C 2.8.6 BEAST / Buffer Overflow Fixes
Posted Sep 11, 2012
Site emc.com

RSA BSAFE SSL-C version 2.8.6 contains fixes designed to prevent BEAST attacks and buffer overflow vulnerabilities.

tags | advisory, overflow, vulnerability
advisories | CVE-2011-3389, CVE-2012-2131, CVE-2012-2110
SHA-256 | 07866ead31523b9bb7ab72641a09d85bba54b75eb00d3fb5390de3d35846dc0e
RSA BSAFE Micro Edition Suite Security Update for BEAST Attacks
Posted Sep 11, 2012
Site emc.com

RSA BSAFE Micro Edition Suite contains updates designed to prevent BEAST attacks. There is a known vulnerability in SSLv3 and TLS v1.0 to do with how the Initialization Vector (IV) is generated. For symmetric key algorithms in CBC mode, the IV for the first record is generated using keys and secrets set during the SSL or TLS handshake. All subsequent records are encrypted using the ciphertext block from the previous record as the IV. With symmetric key encryption in CBC mode, plain text encrypted with the same IV and key generates the same cipher text, which is why having a variable IV is important. The BEAST exploit uses this SSLv3 and TLS v1.0 vulnerability by allowing an attacker to observe the last ciphertext block, which is the IV, then replace this with an IV of their choice, inject some of their own plain text data, and when this new IV is used to encrypt the data, the attacker can guess the plain text data one byte at a time.

tags | advisory
advisories | CVE-2011-3389
SHA-256 | 4e56495de2b69ef7d68078731b4a833e5b7e7e1fcf37eae6b23402acdfe8f530
EMC NetWorker Format String
Posted Aug 30, 2012
Authored by Aaron Portnoy | Site emc.com

A format string vulnerability exists in the EMC NetWorker nsrd RPC service that could potentially be exploited by a malicious user to execute arbitrary code. Versions 8.0, 7.6.4, and 7.6.3 are all affected.

tags | advisory, arbitrary
advisories | CVE-2012-2288
SHA-256 | 768328413795e6970904bc4833c2ec26daa72cde036884a7e4eaced57398951b
EMC Cloud Tiering Appliance (CTA) Authentication Bypass
Posted Aug 29, 2012
Site emc.com

A vulnerability in EMC Cloud Tiering Appliance aka CTA (formerly EMC FMA) could allow an unauthorized user to log in to the affected system as a GUI user with full administrative privileges by providing a specifically crafted malicious file during authentication process.

tags | advisory
advisories | CVE-2012-2285
SHA-256 | 2c43c7c48281d37bb99bd411cd0836d97db5bdcfd9ed523346b4148742d663fb
EMC ApplicationXtender Arbitrary File Upload
Posted Aug 25, 2012
Authored by rgod | Site emc.com

A vulnerability exists in EMC ApplicationXtender products that may allow an attacker to upload arbitrary files on affected systems. EMC ApplicationXtender Web Access .NET versions 6.5 P1 and earlier are affected.

tags | advisory, web, arbitrary
advisories | CVE-2012-2289
SHA-256 | 05558e946bc0f8828d03129cd3b05a4db3bb2be20fb984cd9203e15e11d34439
Iomega StorCenter/EMC Lifeline Remote Access
Posted Aug 9, 2012
Site emc.com

A vulnerability exists for Iomega network storage devices with EMC Lifeline firmware that can potentially be exploited to gain unauthorized access to remote shares in certain circumstances. If remote access (including port-forwarding) is enabled on affected Iomega devices, all created shares (including shares on connected USB devices) could potentially be accessed by unauthorized remote users or systems due to access control issues.

tags | advisory, remote
advisories | CVE-2012-2283
SHA-256 | 1751607ad763d8c3030dd46fa7360620eefb9a7f9ade9c9368211dd334e6edf7
RSA Authentication Manager 7.1 XSS / Open Redirection
Posted Jul 13, 2012
Site emc.com

RSA Authentication Manager version 7.1 suffers from cross site scripting and open redirection vulnerabilities.

tags | advisory, vulnerability, xss
advisories | CVE-2012-2278, CVE-2012-2279, CVE-2012-2280
SHA-256 | 7b098ce8c358c50145c58f82d8298ac118b949396b3359fd82e5b28d210a7e2f
Page 2 of 4
Back1234Next

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    34 Files
  • 18
    Jul 18th
    6 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close