Search

Search Results (363167 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-3272 1 Emc 1 Replication Manager 2025-04-11 N/A
EMC Replication Manager (RM) before 5.4.4 places encoded passwords in application log files, which makes it easier for local users to obtain sensitive information by reading a file and conducting an unspecified decoding attack.
CVE-2013-3273 2 Emc, Rsa 2 Rsa Authentication Manager, Authentication Manager 2025-04-11 N/A
EMC RSA Authentication Manager 8.0 before P2 and 7.1 before SP4 P26, as used in Appliance 3.0, does not omit the cleartext administrative password from trace logging in custom SDK applications, which allows local users to obtain sensitive information by reading the trace log file.
CVE-2013-3274 1 Emc 2 Avamar Server, Avamar Server Virtual Edition 2025-04-11 N/A
EMC Avamar Server and Avamar Virtual Edition before 7.0 on Data Store Gen3, Gen4, and Gen4s platforms do not properly determine authorization for calls to Java RMI methods, which allows remote authenticated users to execute arbitrary code via unspecified vectors.
CVE-2013-3275 1 Emc 2 Avamar Server, Avamar Server Virtual Edition 2025-04-11 N/A
EMC Avamar Server and Avamar Virtual Edition before 7.0 on Data Store Gen3, Gen4, and Gen4s platforms do not properly restrict use of FRAME elements, which makes it easier for remote attackers to obtain sensitive information via a crafted web site, related to "cross frame scripting vulnerabilities."
CVE-2013-3276 1 Emc 1 Rsa Archer Egrc 2025-04-11 N/A
EMC RSA Archer GRC 5.x before 5.4 allows remote authenticated users to bypass intended access restrictions and complete a login by leveraging a deactivated account.
CVE-2013-3277 1 Emc 1 Rsa Archer Egrc 2025-04-11 N/A
Open redirect vulnerability in EMC RSA Archer GRC 5.x before 5.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
CVE-2013-3278 1 Emc 4 Geosynchrony, Vplex Geo, Vplex Local and 1 more 2025-04-11 N/A
EMC VPLEX before VPLEX GeoSynchrony 5.2 SP1 uses cleartext for storage of the LDAP/AD bind password, which allows local users to obtain sensitive information by reading the management-server configuration file.
CVE-2013-3279 1 Emc 1 Atmos 2025-04-11 N/A
EMC Atmos before 2.1.4 has a blank password for the PostgreSQL account, which allows remote attackers to obtain sensitive administrative information via a database-server connection.
CVE-2013-3280 1 Emc 1 Rsa Authentication Agent 2025-04-11 N/A
EMC RSA Authentication Agent 7.1.x before 7.1.2 for Web for Internet Information Services has a fail-open design, which allows remote attackers to bypass intended access restrictions via vectors that trigger an agent crash.
CVE-2013-3281 1 Emc 7 Documentum Administrator, Documentum Capital Projects, Documentum Digital Asset Manager and 4 more 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in EMC Documentum Webtop before 6.7 SP2 P07, Documentum WDK before 6.7 SP2 P07, Documentum Taskspace before 6.7 SP2 P07, Documentum Records Manager before 6.7 SP2 P07, Documentum Web Publisher before 6.5 SP7, Documentum Digital Asset Manager before 6.5 SP6, Documentum Administrator before 6.7 SP2 P07, and Documentum Capital Projects before 1.8 P01 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter in a URL.
CVE-2013-3285 1 Emc 1 Networker 2025-04-11 N/A
The NetWorker Management Console (NMC) in EMC NetWorker 8.0.x before 8.0.2.3, when using Active Directory/LDAP for authentication, allows remote authenticated users to discover cleartext administrator passwords via (1) unspecified NMC audit reports or (2) requests to RAP resources.
CVE-2013-3286 1 Emc 1 Documentum Eroom 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum eRoom before 7.4.4 P11 allow remote attackers to inject arbitrary web script or HTML via a crafted URL.
CVE-2013-3287 1 Dell 1 Emc Unisphere 2025-04-11 N/A
EMC Unisphere for VMAX before 1.6.1.6, when using an unspecified level of debug logging in LDAP configurations, allows local users to discover the cleartext LDAP bind password by reading the console.
CVE-2013-3288 1 Emc 1 Rsa Data Protection Manager Appliance 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability on the EMC RSA Data Protection Manager (DPM) appliance 3.2.x before 3.2.4.2 and 3.5.x before 3.5.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
CVE-2013-3294 1 Exponentcms 1 Exponent Cms 2025-04-11 N/A
Multiple SQL injection vulnerabilities in Exponent CMS before 2.2.0 release candidate 1 allow remote attackers to execute arbitrary SQL commands via the (1) src or (2) username parameter to index.php.
CVE-2013-3299 1 Realnetworks 1 Realplayer 2025-04-11 N/A
RealNetworks RealPlayer 16.0.2.32 and earlier allows remote attackers to cause a denial of service (resource consumption or application crash) via an HTML document containing JavaScript code that constructs a long string.
CVE-2013-3300 1 Liftweb 1 Lift 2025-04-11 N/A
The JsonParser class in json/JsonParser.scala in Lift before 2.5 interprets a certain end-index value as a length value, which allows remote authenticated users to obtain sensitive information from other users' sessions via invalid input data containing a < (less than) character.
CVE-2013-3301 3 Linux, Redhat, Suse 7 Linux Kernel, Enterprise Linux, Enterprise Mrg and 4 more 2025-04-11 N/A
The ftrace implementation in the Linux kernel before 3.8.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for write access to the (1) set_ftrace_pid or (2) set_graph_function file, and then making an lseek system call.
CVE-2013-3302 1 Linux 1 Linux Kernel 2025-04-11 N/A
Race condition in the smb_send_rqst function in fs/cifs/transport.c in the Linux kernel before 3.7.2 allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via vectors involving a reconnection event.
CVE-2013-3315 1 Tibco 1 Silver Mobile 2025-04-11 N/A
The server in TIBCO Silver Mobile 1.1.0 does not properly verify access to the administrator role before executing a command, which allows authenticated users to gain privileges via unspecified vectors.