Filtered by vendor Emc
Subscriptions
Total
414 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2017-10955 | 1 Emc | 1 Data Protection Advisor | 2025-04-20 | 8.8 High |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Data Protection Advisor 6.3.0. Authentication is required to exploit this vulnerability. The specific flaw exists within the EMC DPA Application service, which listens on TCP port 9002 by default. When parsing the preScript parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute arbitrary code under the context of SYSTEM. Was ZDI-CAN-4697. NOTE: Dell EMC disputes that this is a vulnerability | ||||
CVE-2016-9873 | 1 Emc | 1 Documentum D2 | 2025-04-20 | N/A |
EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 has a DQL Injection Vulnerability that could potentially be exploited by malicious users to compromise the affected system. An authenticated low-privileged attacker could potentially exploit this vulnerability to access information, modify data or disrupt services by causing execution of arbitrary DQL commands on the application. | ||||
CVE-2015-0519 | 1 Emc | 1 Captiva Capture | 2025-04-12 | N/A |
The InputAccel Database (IADB) installation process in EMC Captiva Capture 7.0 before patch 25 and 7.1 before patch 13 places a cleartext InputAccel (IA) SQL password in a DAL log file, which allows local users to obtain sensitive information by reading a file. | ||||
CVE-2015-0518 | 1 Emc | 1 Documentum D2 | 2025-04-12 | N/A |
The Properties service in the D2FS web-service component in EMC Documentum D2 3.1 through SP1, 4.0 and 4.1 before 4.1 P22, and 4.2 before P11 allows remote authenticated users to obtain superuser privileges via an unspecified method call that modifies group permissions. | ||||
CVE-2015-0526 | 1 Emc | 1 Rsa Validation Manager | 2025-04-12 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Validation Manager (RVM) 3.2 before build 201 allow remote attackers to inject arbitrary web script or HTML via the (1) displayMode or (2) wrapPreDisplayMode parameter. | ||||
CVE-2016-0921 | 1 Emc | 1 Avamar Server | 2025-04-12 | N/A |
Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 use weak permissions for unspecified directories, which allows local users to obtain root access by replacing a script with a Trojan horse program. | ||||
CVE-2016-0920 | 1 Emc | 1 Avamar Server | 2025-04-12 | N/A |
Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 allow local users to obtain root access via a crafted parameter to a command that is available in the sudo configuration. | ||||
CVE-2016-6645 | 2 Dell, Emc | 3 Emc Unisphere, Solutions Enabler, Unisphere | 2025-04-12 | N/A |
The vApp Managers web application in EMC Unisphere for VMAX Virtual Appliance 8.x before 8.3.0 and Solutions Enabler Virtual Appliance 8.x before 8.3.0 allows remote authenticated users to execute arbitrary code via crafted input to the (1) GeneralCmdRequest, (2) PersistantDataRequest, or (3) GetCommandExecRequest class. | ||||
CVE-2015-0528 | 1 Emc | 1 Isilon Onefs | 2025-04-12 | N/A |
The RPC daemon in EMC Isilon OneFS 6.5.x and 7.0.x before 7.0.2.13, 7.1.0 before 7.1.0.6, 7.1.1 before 7.1.1.2, and 7.2.0 before 7.2.0.1 allows local users to gain privileges by leveraging an ability to modify system files. | ||||
CVE-2016-0915 | 1 Emc | 1 Authentication Manager Prime | 2025-04-12 | 8.1 High |
The Self-Service Portal in EMC RSA Authentication Manager (AM) Prime Self-Service 3.0 and 3.1 before 3.1 1915.42871 allows remote authenticated users to cause a denial of service (PIN change for an arbitrary user) via a modified token serial number within a PIN change request, related to a "direct object reference vulnerability." | ||||
CVE-2016-0913 | 1 Emc | 2 Networker Module For Microsoft Applications, Replication Manager | 2025-04-12 | N/A |
The client in EMC Replication Manager (RM) before 5.5.3.0_01-PatchHotfix, EMC Network Module for Microsoft 3.x, and EMC Networker Module for Microsoft 8.2.x before 8.2.3.6 allows remote RM servers to execute arbitrary commands by placing a crafted script in an SMB share. | ||||
CVE-2014-0637 | 1 Emc | 1 Rsa Adaptive Authentication On-premise | 2025-04-12 | N/A |
Cross-site scripting (XSS) vulnerability in the back-office case-management application in RSA Adaptive Authentication (On-Premise) 6.x and 7.x before 7.1 SP0 P2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2016-0904 | 1 Emc | 1 Avamar Server | 2025-04-12 | N/A |
Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 use the same encryption key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms and obtain sensitive client-server traffic information by leveraging knowledge of this key from another installation. | ||||
CVE-2015-0514 | 1 Emc | 2 Vipr Srm, Watch4net | 2025-04-12 | N/A |
EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 might allow remote attackers to obtain cleartext data-center discovery credentials by leveraging certain SRM access to conduct a decryption attack. | ||||
CVE-2015-0517 | 1 Emc | 1 Documentum D2 | 2025-04-12 | N/A |
The D2-API component in EMC Documentum D2 3.1 through SP1, 4.0 and 4.1 before 4.1 P22, and 4.2 before P11 places the MD5 hash of an encryption passphrase in log files, which allows remote authenticated users to obtain sensitive information by reading a file. | ||||
CVE-2015-0529 | 1 Emc | 1 Powerpath Virtual Appliance | 2025-04-12 | N/A |
EMC PowerPath Virtual Appliance (aka vApp) before 2.0 has default passwords for the (1) emcupdate and (2) svcuser accounts, which makes it easier for remote attackers to obtain potentially sensitive information via a login session. | ||||
CVE-2016-0891 | 1 Emc | 1 Vipr Srm | 2025-04-12 | N/A |
Multiple cross-site request forgery (CSRF) vulnerabilities in administrative pages in EMC ViPR SRM before 3.7 allow remote attackers to hijack the authentication of administrators. | ||||
CVE-2014-4636 | 1 Emc | 1 Documentum Wdk | 2025-04-12 | N/A |
Cross-site request forgery (CSRF) vulnerability in EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to hijack the authentication of arbitrary users for requests that perform Docbase operations. | ||||
CVE-2016-0882 | 1 Emc | 1 Documentum Xcp | 2025-04-12 | N/A |
EMC Documentum xCP 2.1 before patch 23 and 2.2 before patch 11 allows remote authenticated users to read arbitrary files via a POST request containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | ||||
CVE-2014-4637 | 1 Emc | 1 Documentum Wdk | 2025-04-12 | N/A |
Open redirect vulnerability in EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter. |