Countdown to GDPR: Manage Vulnerabilities

If your organization needs a compelling reason for establishing or enhancing its vulnerability management program, circle this date in bold, red ink on your corporate calendar: May 25, 2018. On that day, the EU's General Data Protection Regulation GDPR goes into effect, intensifying the need for...

Avoid the Liability Associated with Running End-of-Life Operating Systems (EOL)

Recent attacks such as WannaCry and NotPetya have demonstrated hackers are more familiar with the vulnerabilities of unsupported systems than many organizations themselves. When new patches are released, attackers easily reverse-engineer the updates and quickly find all the weaknesses in...

Countdown to GDPR: Assess Vendor Risk

To comply with GDPR, organizations typically must overhaul and update a number of internal processes and systems, but they can’t ignore a critical area: risk from vendors and other third parties such as contractors, partners, suppliers and service providers. It’s a point that’s stressed repeatedl...

PT-2017-3924 · Oracle +7 · Mysql Server +6

Name of the Vulnerable Software and Affected Versions: Oracle MySQL versions 5.5.57 and earlier Oracle MySQL versions 5.6.37 and earlier Oracle MySQL versions 5.7.19 and earlier Description: The issue is related to the Client programs subcomponent of Oracle MySQL and is caused by a lack of...

Over 70,000 Memcached Servers Still Vulnerable to Remote Hacking

Nothing in this world is fully secure, from our borders to cyberspace. I know vulnerabilities are bad, but the worst part comes in when people just don't care to apply patches on time. Late last year, Cisco's Talos intelligence and research group discovered three critical remote code execution RC...

EMC Data Protection Advisor < 6.4 Multiple Vulnerabilities

According to it's self-reported version number, the EMC Data Protection Advisor running on the remote host is prior to 6.4. It is, therefore, affected by multiple vulnerabilities : - Multiple blind SQL injection vulnerabilities exist due to improper sanitization of user-supplied input before usin...

Countdown to GDPR: Prioritize Vulnerability Remediation

The EU’s GDPR General Data Protection Regulation demands that organizations stringently protect EU residents’ data they hold, share and process, which requires having solid InfoSec practices, including threat prioritization. No, there is no specific mention of prioritization of vulnerability...

EMC Data Protection Advisor Multiple Vulnerabilities (Jul 2017)

EMC Data Protection Advisor is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

EMC Data Protection 'input' Parameter Directory Traversal Vulnerability

EMC Data Protection Advisor is a data protection management solution from EMC Corporation. The solution supports automated and centralized execution of all such data collection and analysis, as well as obtaining a single comprehensive view of the data protection environment and activities. A...

EMC Data Protection SQL Injection Vulnerability

EMC Data Protection Advisor is a data protection management solution from EMC Corporation. The solution supports automated and centralized execution of all such data collection and analysis, as well as obtaining a single comprehensive view of the data protection environment and activities. A SQL...

CVE-2017-8003

EMC Data Protection Advisor prior to 6.4 contains a path traversal vulnerability. A remote authenticated high privileged user may potentially exploit this vulnerability to access unauthorized information from the underlying OS server by supplying specially crafted strings in input parameters of t...

Path traversal

EMC Data Protection Advisor prior to 6.4 contains a path traversal vulnerability. A remote authenticated high privileged user may potentially exploit this vulnerability to access unauthorized information from the underlying OS server by supplying specially crafted strings in input parameters of t...

Sql injection

EMC Data Protection Advisor prior to 6.4 contains multiple blind SQL injection vulnerabilities. A remote authenticated attacker may potentially exploit these vulnerabilities to gain information about the application by causing execution of arbitrary SQL commands...

CVE-2017-8003

EMC Data Protection Advisor prior to 6.4 contains a path traversal vulnerability. A remote authenticated high privileged user may potentially exploit this vulnerability to access unauthorized information from the underlying OS server by supplying specially crafted strings in input parameters of t...

CVE-2017-8002

EMC Data Protection Advisor prior to 6.4 contains multiple blind SQL injection vulnerabilities. A remote authenticated attacker may potentially exploit these vulnerabilities to gain information about the application by causing execution of arbitrary SQL commands...

CVE-2017-8002

EMC Data Protection Advisor prior to 6.4 contains multiple blind SQL injection vulnerabilities. A remote authenticated attacker may potentially exploit these vulnerabilities to gain information about the application by causing execution of arbitrary SQL commands...

CVE-2017-8002

EMC Data Protection Advisor prior to 6.4 is affected by multiple blind SQL injection vulnerabilities (CVE-2017-8002). The authenticated remote attacker could exploit these to cause arbitrary SQL commands and disclose/manipulate data via the backend database. Affected component behavior is tied to...

CVE-2017-8003

CVE-2017-8003 relates to EMC Data Protection Advisor prior to 6.4, which contains a path traversal vulnerability. A remote authenticated high-privilege user can supply specially crafted strings in input parameters of the application to access unauthorized information from the underlying OS server...

CVE-2017-8002

EMC Data Protection Advisor prior to 6.4 contains multiple blind SQL injection vulnerabilities. A remote authenticated attacker may potentially exploit these vulnerabilities to gain information about the application by causing execution of arbitrary SQL commands...

CVE-2017-8003

EMC Data Protection Advisor prior to 6.4 contains a path traversal vulnerability. A remote authenticated high privileged user may potentially exploit this vulnerability to access unauthorized information from the underlying OS server by supplying specially crafted strings in input parameters of t...