414 matches found
CVE-2012-2293
Directory traversal vulnerability in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allows remote authenticated users to upload files, and consequently execute arbitrary code, via a relative path...
CVE-2012-2292
The Silverlight cross-domain policy in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 does not restrict access to the Archer application, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors...
CVE-2012-2294
EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allow remote attackers to conduct clickjacking attacks via a crafted web page...
Code injection
EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allow remote attackers to conduct clickjacking attacks via a crafted web page...
Directory traversal
Directory traversal vulnerability in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allows remote authenticated users to upload files, and consequently execute arbitrary code, via a relative path...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Cross site scripting
The Silverlight cross-domain policy in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 does not restrict access to the Archer application, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors...
CVE-2012-2294
EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allow remote attackers to conduct clickjacking attacks via a crafted web page...
CVE-2012-1064
Multiple cross-site scripting XSS vulnerabilities in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2012-2294
CVE-2012-2294 affects EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x earlier than 5.2SP1. The issue is a clickjacking vulnerability exposed via crafted web pages, allowing remote attackers to entice user actions in a legitimate session. The NVD entry lists a CVSSv2 base score of 6...
CVE-2012-2292
The Silverlight cross-domain policy in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 does not restrict access to the Archer application, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors...
CVE-2012-1064
CVE-2012-1064 affects EMC RSA Archer GRC 5.x and SmartSuite Framework 4.x; multiple XSS vulnerabilities allowed remote attackers to inject arbitrary script/HTML via unspecified vectors in affected RSA Archer components. The ESA advisory notes fixes in RSA Archer GRC 5.3 and 5.2SP1 (upgrade to 5.3...
CVE-2012-2292
The CVE-2012-2292 issue affects RSA Archer products: EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x prior to 5.2SP1. Root cause: a misconfigured Silverlight cross-domain policy that does not restrict access to the Archer application, allowing remote attackers to bypass the Same Or...
Cloud Security Alliance Releases New Toolkit
In an effort to better weigh the security of cloud-based infrastructures, the Cloud Security Alliance has released a new toolkit, the Governance, Risk Management and Compliance GRC Stack. Available as a free download on the organization’s website, the collection consists of three tools: CloudAudi...