Filtered by vendor Emc Subscriptions
Total 416 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2012-0404 1 Emc 1 Documentum Eroom 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in EMC Documentum eRoom before 7.4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-0398 1 Emc 1 Documentum Eroom 2024-11-21 N/A
EMC Documentum eRoom before 7.4.4 does not properly validate session cookies, which allows remote attackers to hijack or replay sessions via unspecified vectors.
CVE-2012-0396 1 Emc 1 Documentum Xplore 2024-11-21 N/A
EMC Documentum xPlore 1.0, 1.1 before P07, and 1.2 does not properly enforce the requirement for BROWSE permission, which allows remote authenticated users to determine the existence of an object, or read object metadata, via a search.
CVE-2012-0395 1 Emc 1 Networker 2024-11-21 N/A
Buffer overflow in the server in EMC NetWorker 7.5.x and 7.6.x before 7.6.3 SP1 Cumulative Release build 851 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via unspecified vectors.
CVE-2011-4144 2 Centos, Emc 2 Centos, Documentum Content Server 2024-11-21 N/A
Unspecified vulnerability in EMC Documentum Content Server 6.0, 6.5 before SP2 P02, 6.5 SP3 before SP3 P02, and 6.6 before P02 allows local users to obtain "highest super user privileges" by leveraging system administrator privileges.
CVE-2011-4142 1 Emc 1 Sourceone Email Management 2024-11-21 N/A
The Web Search feature in EMC SourceOne Email Management 6.5 before 6.5.2.4033, 6.6 before 6.6.1.2194, and 6.7 before 6.7.2.2033 places cleartext credentials in log files, which allows local users to obtain sensitive information by reading these files.
CVE-2011-2742 1 Emc 1 Rsa Adaptive Authentication On-premise 2024-11-21 N/A
EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1 Patch 2, SP1 Patch 3, SP2, SP2 Patch 1, and SP3 does not properly perform forensic evaluation upon receipt of device tokens from mobile apps, which might allow remote attackers to bypass intended application restrictions via a mobile device.
CVE-2011-2741 1 Emc 1 Rsa Adaptive Authentication On-premise 2024-11-21 N/A
EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1 Patch 2, SP1 Patch 3, SP2, SP2 Patch 1, and SP3 does not properly implement Device Recovery and Device Identification, which might allow remote attackers to bypass intended security restrictions on a (1) previously non-registered device or (2) registered device by sending unspecified "data elements."
CVE-2011-2740 2 Emc, Mozilla 2 Rsa Key Manager Appliance, Firefox 2024-11-21 N/A
EMC RSA Key Manager (RKM) Appliance 2.7 SP1 before 2.7.1.6, when Firefox 4.x or 5.0 is used, does not properly terminate a user session upon a logout action, which makes it easier for remote attackers to execute arbitrary code by leveraging an unattended workstation.
CVE-2011-2739 1 Emc 1 Documentum Eroom 2024-11-21 N/A
The file-blocking feature in EMC Documentum eRoom 7.3.x and 7.4.x before 7.4.3.g does not properly restrict the uploading and opening of files with dangerous file types, which allows remote authenticated users to execute arbitrary code via an uploaded file.
CVE-2011-2738 2 Cisco, Emc 6 Ciscoworks Lan Management Solution, Unified Operations Manager, Unified Service Monitor and 3 more 2024-11-21 N/A
Multiple unspecified vulnerabilities in Cisco Unified Service Monitor before 8.6, as used in Unified Operations Manager before 8.6 and CiscoWorks LAN Management Solution 3.x and 4.x before 4.1; and multiple EMC Ionix products including Application Connectivity Monitor (Ionix ACM) 2.3 and earlier, Adapter for Alcatel-Lucent 5620 SAM EMS (Ionix ASAM) 3.2.0.2 and earlier, IP Management Suite (Ionix IP) 8.1.1.1 and earlier, and other Ionix products; allow remote attackers to execute arbitrary code via crafted packets to TCP port 9002, aka Bug IDs CSCtn42961 and CSCtn64922, related to a buffer overflow.
CVE-2011-2735 1 Emc 1 Autostart 2024-11-21 N/A
Multiple buffer overflows in EMC AutoStart 5.3.x and 5.4.x before 5.4.1 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by sending a crafted message over TCP.
CVE-2011-2733 1 Emc 1 Rsa Adaptive Authentication On-premise 2024-11-21 N/A
EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1 Patch 2, SP1 Patch 3, SP2, SP2 Patch 1, and SP3 does not prevent reuse of authentication information during a session, which allows remote authenticated users to bypass intended access restrictions via vectors related to knowledge of the originally used authentication information and unspecified other session information.
CVE-2011-1744 1 Emc 1 Captiva Einput 2024-11-21 N/A
EMC Captiva eInput 2.1.1 before 2.1.1.37 does not restrict the origin of calls to ActiveX functions, which allows remote attackers to read arbitrary files or cause a denial of service via a crafted web site.
CVE-2011-1743 1 Emc 1 Captiva Einput 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in EMC Captiva eInput 2.1.1 before 2.1.1.37 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2011-1742 1 Emc 1 Data Protection Advisor 2024-11-21 N/A
EMC Data Protection Advisor before 5.8.1 places cleartext account credentials in the DPA configuration file in unspecified circumstances, which might allow local users to obtain sensitive information by reading this file.
CVE-2011-1741 1 Emc 1 Documentum Eroom 2024-11-21 N/A
Stack-based buffer overflow in ftserver.exe in the OpenText Hummingbird Client Connector, as used in the Indexing Server in EMC Documentum eRoom 7.x before 7.4.3.f and other products, allows remote attackers to execute arbitrary code by sending a crafted message over TCP.
CVE-2011-1740 1 Emc 1 Avamar 2024-11-21 N/A
EMC Avamar 4.x, 5.0.x, and 6.0.x before 6.0.0-592 allows remote authenticated users to modify client data or obtain sensitive information about product activities by leveraging privileged access to a different domain.
CVE-2011-1424 3 Emc, Ibm, Microsoft 4 Sourceone Email Management, Lotus Domino, Lotus Notes and 1 more 2024-11-21 N/A
The default configuration of ExShortcut\Web.config in EMC SourceOne Email Management before 6.6 SP1, when the Mobile Services component is used, does not properly set the localOnly attribute of the trace element, which allows remote authenticated users to obtain sensitive information via ASP.NET Application Tracing.
CVE-2011-1423 1 Emc 1 Data Loss Prevention Enterprise Manager 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in RSA Data Loss Prevention (DLP) Enterprise Manager 8.x before 8.5 SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.