50 matches found
Cross site scripting
Cross-site scripting XSS vulnerability in Reviewer in EMC SourceOne Email Supervisor before 7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2015-6845
EMC SourceOne Email Supervisor before 7.2 does not properly employ random values for session IDs, which makes it easier for remote attackers to obtain access by guessing an ID...
CVE-2015-6845
CVE-2015-6845 affects EMC SourceOne Email Supervisor prior to version 7.2. The issue is that session IDs are not generated with adequate randomness, enabling remote attackers to guess a valid session ID and gain access. The NVD lists a base score of 7.5 (HIGH) with network attack vector and low a...
CVE-2015-6846
EMC SourceOne Email Supervisor before 7.2 uses hardcoded encryption keys, which makes it easier for attackers to obtain access by examining how a program's code conducts cryptographic operations...
CVE-2015-6844
The provided data confirms a Cross-site scripting (XSS) vulnerability in the Reviewer component of EMC SourceOne Email Supervisor before version 7.2. The issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, enabling possible browser-context execution. The ...
CVE-2015-6843
Reviewer in EMC SourceOne Email Supervisor before 7.2 does not properly limit attempts to authenticate, which makes it easier for remote attackers to obtain access via a brute-force approach...
CVE-2015-6846
EMC SourceOne Email Supervisor prior to version 7.2 contains hardcoded encryption keys, enabling an attacker to gain access by inspecting cryptographic operations in the program. This CVE (CVE-2015-6846) is documented in multiple feeds (NVD, CVE listings) with a common description of hardcoded ke...
CVE-2015-6844
Cross-site scripting XSS vulnerability in Reviewer in EMC SourceOne Email Supervisor before 7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2015-6843
The CVE-2015-6843 issue affects EMC SourceOne Email Supervisor before version 7.2, where the authentication mechanism does not properly limit login attempts. This weakness enables brute-force remote access by an attacker targeting the affected system. While multiple sources (NVD and CNVD family e...
EMC SourceOne Email Supervisor Session Hijacking Vulnerability
EMC SourceOne Email Supervisor is an email and IM content monitoring and management solution. A session hijacking vulnerability exists in the implementation of EMC SourceOne Email Supervisor Reviewer. An attacker could exploit this vulnerability to guess the session ID of another user...
EMC SourceOne Email Supervisor Hard-Coded Password Vulnerability
EMC SourceOne Email Supervisor is an email and IM content monitoring and management solution. EMC SourceOne Email Supervisor suffers from a reverse engineering vulnerability in its implementation. An attacker could exploit this vulnerability to take control of an affected system via a hard-coded...
EMC SourceOne Email Supervisor Brute Force Password Guessing Vulnerability
EMC SourceOne Email Supervisor is an email and IM content monitoring and management solution. A brute force password guessing vulnerability exists in the implementation of EMC SourceOne Email Supervisor Reviewer. An attacker could use this vulnerability to brute-force guess a user's password and...
EMC SourceOne Email Supervisor Reflective Cross-Site Scripting Vulnerability
EMC SourceOne Email Supervisor is an email and IM content monitoring and management solution. A reflective cross-site scripting vulnerability exists in the implementation of EMC SourceOne Email Supervisor Reviewer. An attacker could exploit this vulnerability to execute arbitrary HTML or Javascri...
CVE-2015-0531
EMC SourceOne Email Management before 7.2 does not have a lockout mechanism for invalid login attempts, which makes it easier for remote attackers to obtain access via a brute-force attack...
Design/Logic Flaw
EMC SourceOne Email Management before 7.2 does not have a lockout mechanism for invalid login attempts, which makes it easier for remote attackers to obtain access via a brute-force attack...
CVE-2015-0531
EMC SourceOne Email Management before 7.2 does not have a lockout mechanism for invalid login attempts, which makes it easier for remote attackers to obtain access via a brute-force attack...
CVE-2015-0531
CVE-2015-0531 affects EMC SourceOne Email Management prior to version 7.2, where there is no account lockout after invalid login attempts. This design enables brute-force attempts to gain access to user accounts. The NVD notes a MEDIUM severity (CVSS v2 base score 5.0) with network access and no ...
ESA-2015-077: EMC SourceOne Email Management Account Lockout
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-077: EMC SourceOne Email Management Account Lockout Policy Vulnerability EMC Identifier: ESA-2015-077 CVE Identifier: CVE-2015-0531 Severity Rating: Medium CVSS v2 Base Score: 5.4 AV:N/AC:H/Au:N/C:C/I:N/A:N Affected products: • EMC SourceOne...
EMC SourceOne DoS
Management account lockout is possible...
EMC SourceOne information leakage
Information leakage via log files...