21 matches found
EUVD-2012-2278
Malware in sbrugna...
EUVD-2014-0676
Malware in sbrugna...
EMC Cloud Tiering Appliance v10.0 Unauthenticated XXE Arbitrary File Read
No description provided by source. !/usr/bin/env python coding: utf-8 from pocsuite.net import req from pocsuite.poc import POCBase, Output from pocsuite.utils import register import re class TestPOCPOCBase: vulID = '85903' ssvid version = '1.0' author = 'kikay' vulDate = '2014-04-16' createDate ...
ESA-2014-028: EMC Cloud Tiering Appliance XML External Entity (XXE) and Information Disclosure Vulnerabilities
ESA-2014-028.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-028: EMC Cloud Tiering Appliance XML External Entity XXE and Information Disclosure Vulnerabilities EMC Identifier: ESA-2014-028 CVE Identifier: CVE-2014-0644, CVE-2014-0645 Severity Rating: CVSS v2 Base Score: See below for...
EMC Cloud Tiering Appliance (CTA)本地信息泄漏漏洞
Bugtraq ID:66937 CVE ID:CVE-2014-0645 EMC Cloud Tiering Appliance能够协助存储管理人员有效简单的管理以档案为单位的非结构性数据。 EMC Cloud Tiering Appliance把root, super, admin内置账户的默认密码使用DES加密算法存储,允许攻击者利用漏洞可恢复这些密码。 0 EMC Cloud Tiering Appliance CTA 10 EMC Cloud Tiering Appliance CTA 10 SP1 EMC Cloud Tiering Appliance CTA 9.x EMC...
CVE-2014-0645
EMC Cloud Tiering Appliance CTA 9.x through 10 SP1 and File Management Appliance FMA 7.x store DES password hashes for the root, super, and admin accounts, which makes it easier for context-dependent attackers to obtain sensitive information via a brute-force attack...
CVE-2014-0644
EMC Cloud Tiering Appliance CTA 10 through SP1 allows remote attackers to read arbitrary files via an api/login request containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue, as demonstrated by reading the /etc/shadow fi...
Xxe
EMC Cloud Tiering Appliance CTA 10 through SP1 allows remote attackers to read arbitrary files via an api/login request containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue, as demonstrated by reading the /etc/shadow fi...
CVE-2014-0644
EMC Cloud Tiering Appliance CTA 10 through SP1 allows remote attackers to read arbitrary files via an api/login request containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue, as demonstrated by reading the /etc/shadow fi...
EMC Cloud Tiering Appliance Web Interface Detection
Binary data emcctadetect.nbin...
EMC Cloud Tiering Appliance User Interface Default Credentials
The remote EMC Cloud Tiering Appliance user interface uses a known set of default credentials. Knowing these, an attacker with access to the service can gain administrative access to the device. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...
Default Password (rain) for 'root' Account
The account 'root' on the remote host has the password 'rain'. An attacker may leverage this to gain access, likely as an administrator, to the affected system. Note that EMC Cloud Tiering Appliance is known to use these credentials by default. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...
EMC Cloud Tiering Appliance (CTA) XML外部实体注入漏洞
Bugtraq ID:66547 EMC Cloud Tiering Appliance能够协助存储管理人员有效简单的管理以档案为单位的非结构性数据。 EMC Cloud Tiering Appliance在解析XML数据时存在输入验证漏洞可导致XML注入漏洞,允许攻击者提交特殊的POST请求,获取敏感信息。 0 EMC Cloud Tiering Appliance CTA 10.0 目前没有详细解决方案: http://china.emc.com/archiving/cloud-tiering-appliance.htm POST /api/login HTTP/1.1 Host:...
EMC Cloud Tiering Appliance v10.0 Unauthenticated XXE Arbitrary File Read
EMC Cloud Tiering appliance version 10.0 suffers from an unauthenticated XXE injection vulnerability. Metasploit module proof of concept is included. EMC Cloud Tiering Appliance v10.0 Unauthed XXE The following authentication request is susceptible to an XXE attack: POST /api/login HTTP/1.1 Host:...
EMC Cloud Tiering Appliance 10.0 Unauthenticated XXE Arbitrary File Read Vulnerability - Active Check
EMC Cloud Tiering Appliance CTA is susceptible to an unauthenticated XML external entity XXE vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
EMC Cloud Tiering Appliance 10.0 XXE Injection
EMC Cloud Tiering Appliance v10.0 Unauthed XXE The following authentication request is susceptible to an XXE attack: POST /api/login HTTP/1.1 Host: 172.31.16.99 User-Agent: Mozilla/5.0 X11; Ubuntu; Linux x8664; rv:26.0 Gecko/20100101 Firefox/26.0 Accept:...
EMC Cloud Tiering Appliance 10.0 - XML External Entity Arbitrary File Read (Metasploit)
EMC Cloud Tiering Appliance v10.0 Unauthed XXE The following authentication request is susceptible to an XXE attack: POST /api/login HTTP/1.1 Host: 172.31.16.99 User-Agent: Mozilla/5.0 X11; Ubuntu; Linux x8664; rv:26.0 Gecko/20100101 Firefox/26.0 Accept:...
EMC Cloud Tiering Appliance 10.0 - XML External Entity Arbitrary File Read (Metasploit)
EMC Cloud Tiering Appliance 10.0 - XML External Entity Arbitrary File Read Metasploit EMC Cloud Tiering Appliance v10.0 Unauthed XXE The following authentication request is susceptible to an XXE attack: POST /api/login HTTP/1.1 Host: 172.31.16.99 User-Agent: Mozilla/5.0 X11; Ubuntu; Linux x8664;...
Authentication flaw
EMC Cloud Tiering Appliance aka CTA, formerly FMA 9.0 and earlier, and Cloud Tiering Appliance Virtual Edition CTA/VE 9.0 and earlier, allows remote attackers to obtain GUI administrative access by sending a crafted file during the authentication phase...
CVE-2012-2285
EMC Cloud Tiering Appliance aka CTA, formerly FMA 9.0 and earlier, and Cloud Tiering Appliance Virtual Edition CTA/VE 9.0 and earlier, allows remote attackers to obtain GUI administrative access by sending a crafted file during the authentication phase...