Vulnerabilities > EMC > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-01-21 | CVE-2015-0515 | Arbitrary File Upload vulnerability in EMC Vipr SRM and Watch4Net Unrestricted file upload vulnerability in EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 allows remote authenticated users to execute arbitrary code by uploading and then accessing an executable file. | 6.5 |
| 2015-01-21 | CVE-2015-0514 | Information Exposure vulnerability in EMC Vipr SRM and Watch4Net EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 might allow remote attackers to obtain cleartext data-center discovery credentials by leveraging certain SRM access to conduct a decryption attack. | 5.0 |
| 2015-01-07 | CVE-2014-4639 | Numeric Errors vulnerability in EMC Documentum WDK 6.7 EMC Documentum Web Development Kit (WDK) before 6.8 does not properly generate random numbers for a certain parameter related to Webtop components, which makes it easier for remote attackers to conduct phishing attacks via brute-force attempts to predict the parameter value. | 5.0 |
| 2015-01-07 | CVE-2014-4638 | Information Exposure vulnerability in EMC Documentum WDK 6.7 EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to conduct frame-injection attacks and obtain sensitive information via unspecified vectors. | 5.0 |
| 2015-01-07 | CVE-2014-4637 | URL Redirection vulnerability in EMC Documentum WDK 6.7 Open redirect vulnerability in EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter. | 6.4 |
| 2015-01-07 | CVE-2014-4636 | Cross-Site Request Forgery (CSRF) vulnerability in EMC Documentum WDK 6.7 Cross-site request forgery (CSRF) vulnerability in EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to hijack the authentication of arbitrary users for requests that perform Docbase operations. | 6.8 |
| 2015-01-07 | CVE-2014-4635 | Cross-site Scripting vulnerability in EMC Documentum WDK 6.7 Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum Web Development Kit (WDK) before 6.8 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2014-12-30 | CVE-2014-4634 | Local Privilege Escalation vulnerability in EMC Replication Manager and AppSync Unquoted Windows search path vulnerability in EMC Replication Manager through 5.5.2 and AppSync before 2.1.0 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character. | 4.6 |
| 2014-12-12 | CVE-2014-4633 | Cross-Site Scripting vulnerability in EMC RSA Archer Egrc Cross-site scripting (XSS) vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2014-12-12 | CVE-2014-4628 | Cross-Site Scripting vulnerability in EMC Isilon Insightiq Cross-site scripting (XSS) vulnerability in EMC Isilon InsightIQ 2.x and 3.x before 3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |