EUVD-2018-3122

Malware in sbrugna...

CVE-2018-11078

Dell EMC VPlex GeoSynchrony, versions prior to 6.1, contains an Insecure File Permissions vulnerability. A remote authenticated malicious user could read from VPN configuration files on and potentially author a MITM attack on the VPN traffic...

CVE-2018-11078

Dell EMC VPlex GeoSynchrony, versions prior to 6.1, contains an Insecure File Permissions vulnerability. A remote authenticated malicious user could read from VPN configuration files on and potentially author a MITM attack on the VPN traffic...

Design/Logic Flaw

Dell EMC VPlex GeoSynchrony, versions prior to 6.1, contains an Insecure File Permissions vulnerability. A remote authenticated malicious user could read from VPN configuration files on and potentially author a MITM attack on the VPN traffic...

CVE-2015-6850

EMC VPLEX GeoSynchrony 5.4 SP1 before P3 and 5.5 before Patch 1 has a default password for the root account, which allows local users to gain privileges by leveraging a login session...

EMC VPLEX GeoSynchrony Local Information Disclosure Vulnerability

EMC VPLEX is a set of next-generation data storage platforms for moving and accessing information within, across and between data centers; GeoSynchrony is a VPLEX operating system. EMC VPLEX GeoSynchrony is configured by default to store plaintext NAVISPHERE GUI passwords in log files, which can ...

EMC VPLEX GeoSynchrony信息泄露漏洞

Bugtraq ID:666517 CVE ID:CVE-2014-0634 EMC VPLEX GeoSynchrony是虚拟机数据存储软件。 VPLEX GeoSynchrony存在缺失HttpOnly属性漏洞，利用漏洞远程攻击者可获取敏感信息。 0 EMC VPLEX GeoSynchrony 4.0-5.2.1 目前厂商已经发布了升级补丁以修复漏洞，请下载使用： http://www.emc.com/products-solutions/index.htm...

EMC VPLEX GeoSynchrony目录遍历漏洞

Bugtraq ID:66513 CVE ID:CVE-2014-0632 EMC VPLEX GeoSynchrony是虚拟机数据存储软件。 VPLEX GeoSynchrony 4.0-5.2.1版本在实现上存在VPLEX GUI路径遍历漏洞，成功利用后可使远程攻击者获取敏感信息。 0 EMC VPLEX GeoSynchrony 4.0-5.2.1 目前厂商已经发布了升级补丁以修复漏洞，请下载使用： http://www.emc.com/products-solutions/index.htm...

EMC VPLEX GeoSynchrony会话固定漏洞

Bugtraq ID:66514 CVE ID:CVE-2014-0635 EMC VPLEX GeoSynchrony是虚拟机数据存储软件。 VPLEX GeoSynchrony存在会话固定漏洞，远程攻击者可以利用漏洞劫持任意会话，未授权访问受影响应用。 0 EMC VPLEX GeoSynchrony 4.0-5.2.1 目前厂商已经发布了升级补丁以修复漏洞，请下载使用： http://www.emc.com/products-solutions/index.htm...

EMC VPLEX GeoSynchrony会话超时验证安全限制绕过漏洞

Bugtraq ID:66516 CVE ID:CVE-2014-0633 EMC VPLEX GeoSynchrony是虚拟机数据存储软件。 VPLEX GeoSynchrony存在VPLEX GUI会话超时验证漏洞，远程攻击者可以利用漏洞绕过安全限制，获取敏感信息。 0 EMC VPLEX GeoSynchrony 4.0-5.2.1 目前厂商已经发布了升级补丁以修复漏洞，请下载使用： http://www.emc.com/products-solutions/index.htm...

CVE-2014-0635

Session fixation vulnerability in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 allows remote attackers to hijack web sessions via unspecified vectors...

CVE-2014-0633

The GUI in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not properly validate session-timeout values, which might make it easier for remote attackers to execute arbitrary code by leveraging an unattended workstation...

Session fixation

Session fixation vulnerability in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 allows remote attackers to hijack web sessions via unspecified vectors...

Directory traversal

Directory traversal vulnerability in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 allows remote authenticated users to execute arbitrary code via unspecified vectors...

ESA-2014-016: EMC VPLEX Multiple Vulnerabilities

ESA-2014-016.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-016: EMC VPLEX Multiple Vulnerabilities EMC Identifier: ESA-2014-016 CVE Identifier: See below for individual CVEs Severity Rating: CVSS v2 Base Score: See below for individual CVSS scores Affected products: All versions from...

CVE-2014-0635

The CVE-2014-0635 entry concerns EMC VPLEX GeoSynchrony. Affected: VPLEX GeoSynchrony versions 4.0–5.2.1. Issue: session fixation allowing remote attackers to hijack web sessions via unspecified vectors. Root cause: not explicitly detailed in the provided documents beyond the existence of a sessi...

CVE-2014-0633

The GUI in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not properly validate session-timeout values, which might make it easier for remote attackers to execute arbitrary code by leveraging an unattended workstation...

CVE-2014-0632

Directory traversal vulnerability in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 allows remote authenticated users to execute arbitrary code via unspecified vectors...

CVE-2014-0635

Session fixation vulnerability in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 allows remote attackers to hijack web sessions via unspecified vectors...

CVE-2014-0632

EMC VPLEX GeoSynchrony GUI path traversal vulnerability (CVE-2014-0632) affects GeoSynchrony 4.0–5.2.1; before 5.3, remote authenticated users could trigger arbitrary code execution via unspecified vectors. Root cause is a directory traversal flaw in the VPLEX GUI. Impact is remote code execution...