208 matches found
CVE-2014-3459
Heap-based buffer overflow in SolarWinds Network Configuration Manager NCM before 7.3 allows remote attackers to execute arbitrary code via the PEstrarg1 property...
CVE-2014-3459
The CVE-2014-3459 issue affects SolarWinds Network Configuration Manager (NCM) prior to version 7.3, where a heap-based buffer overflow in the PEstrarg1 property can be exploited to execute arbitrary code. The root cause is a failure to validate the input size before copying into a fixed-size hea...
NCM Content Management System content.pl Input Validation Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/2584/info The NCM Content Management System is a product distributed by NCM. The NCM Content Management System is designed to manage web material and other data, and provide an interface to databases from web resources. A...
CVE-2014-2509
CVE-2014-2509 describes a session-fixation vulnerability in the EMC Network Configuration Manager (NCM) , specifically within the Report Advisor (RA) component. The issue would allow an attacker to hijack a NCM web session by manipulating the session cookie, affecting the RA prior to version 9.3 ...
ESA-2013-016: EMC Smarts Network Configuration Manager
ESA-2013-016.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-016: EMC Smarts Network Configuration Manager Improper Authentication Vulnerability EMC Identifier: ESA-2013-016 CVE Identifier: CVE-2013-0935 Severity Rating: CVSS v2 Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C Affected...
CVE-2013-2717
Multiple unspecified vulnerabilities in the System Management aka SysAdmin Console in EMC Smarts Network Configuration Manager NCM through 9.2 have unknown impact and attack vectors, a different issue than CVE-2013-0935. NOTE: this might overlap CVEs for open-source server components or other...
Authentication flaw
EMC Smarts Network Configuration Manager NCM before 9.2 does not require authentication for all Java RMI method calls, which allows remote attackers to execute arbitrary code via unspecified vectors...
Code injection
Multiple unspecified vulnerabilities in the System Management aka SysAdmin Console in EMC Smarts Network Configuration Manager NCM through 9.2 have unknown impact and attack vectors, a different issue than CVE-2013-0935. NOTE: this might overlap CVEs for open-source server components or other...
CVE-2013-2717
EMC Smarts Network Configuration Manager (NCM) up to version 9.2 contains authentication-related vulnerabilities. CVE-2013-0935: prior to 9.2, Java RMI calls could be invoked remotely without authentication to execute arbitrary code. CVE-2013-2717: multiple unspecified vulnerabilities in the Syst...
CVE-2013-0935
EMC Smarts Network Configuration Manager NCM before 9.2 does not require authentication for all Java RMI method calls, which allows remote attackers to execute arbitrary code via unspecified vectors...
CVE-2013-2717
Multiple unspecified vulnerabilities in the System Management aka SysAdmin Console in EMC Smarts Network Configuration Manager NCM through 9.2 have unknown impact and attack vectors, a different issue than CVE-2013-0935. NOTE: this might overlap CVEs for open-source server components or other...
CVE-2013-0935
EMC Smarts Network Configuration Manager (NCM) before version 9.2 is affected by CVE-2013-0935. The issue: Java RMI method calls can be invoked without authentication, allowing remote attackers to execute arbitrary code. Severity in NVD is high (CVSSv2 base score 9.3) with network access and no a...
ESA-2012-057: EMC Smarts Network Configuration Manager Multiple Vulnerabilities
ESA-2012-057.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2012-057: EMC Smarts Network Configuration Manager Multiple Vulnerabilities EMC Identifier: ESA-2012-057 CVE Identifier: CVE-2012-4614 CVE Identifier: CVE-2012-4615 Severity Rating: CVSS v2 Base Score: See below for individual...
CVE-2012-4615
EMC Smarts Network Configuration Manager NCM before 9.1 uses a hardcoded encryption key for the storage of credentials, which allows local users to obtain sensitive information via unspecified vectors...
Authentication flaw
The default configuration of EMC Smarts Network Configuration Manager NCM before 9.1 does not require authentication for database access, which allows remote attackers to have an unspecified impact via a network session...
Hardcoded credentials
EMC Smarts Network Configuration Manager NCM before 9.1 uses a hardcoded encryption key for the storage of credentials, which allows local users to obtain sensitive information via unspecified vectors...
CVE-2012-4614
The default configuration of EMC Smarts Network Configuration Manager NCM before 9.1 does not require authentication for database access, which allows remote attackers to have an unspecified impact via a network session...
CVE-2012-4615
EMC Smarts Network Configuration Manager (NCM) prior to version 9.1 is affected by CVE-2012-4615 due to a hard-coded encryption key used to store credentials, enabling local users to obtain sensitive information via unspecified vectors. The related security advisory(ESA-2012-057) notes this and r...
CVE-2012-4614
The default configuration of EMC Smarts Network Configuration Manager NCM before 9.1 does not require authentication for database access, which allows remote attackers to have an unspecified impact via a network session...
CVE-2012-4614
CVE-2012-4614 affects EMC Smarts Network Configuration Manager (NCM) prior to version 9.1. The default NCM configuration allows unauthenticated access to the NCM database, enabling remote attackers to interact via the network (impact described as complete confidentiality/integrity/availability). ...