CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 1CVE-2014-4874 – BMC Track-It! - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-4874
BMC Track-It! 11.3.0.355 allows remote authenticated users to read arbitrary files by visiting the TrackItWeb/Attachment page. BMC Track-It! 11.3.0.355 permite a usuarios remotos autenticados leer ficheros arbitrarios mediante la visita a la página TrackItWeb/Attachment. BMC Track-it! • https://www.exploit-db.com/exploits/34924 http://packetstormsecurity.com/files/128594/BMC-Track-it-Remote-Code-Execution-SQL-Injection.html http://www.kb.cert.org/vuls/id/121036 https://raw.githubusercontent.com/pedrib/PoC/master/generic/bmc-track-it-11.3.txt • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 95%CPEs: 1EXPL: 2CVE-2014-4872 – Numara / BMC Track-It! FileStorageService - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2014-4872
BMC Track-It! 11.3.0.355 does not require authentication on TCP port 9010, which allows remote attackers to upload arbitrary files, execute arbitrary code, or obtain sensitive credential and configuration information via a .NET Remoting request to (1) FileStorageService or (2) ConfigurationService. BMC Track-It! 11.3.0.355 no requiere la autenticación en el puerto TCP 9010, lo que permite a atacantes remotos subir ficheros arbitrarios, ejecutar código arbitrario u obtener información sensible sobre credenciales y configuraciones a través de una solicitud .NET Remoting en (1) FileStorageService o (2) ConfigurationService. BMC Track-it! • https://www.exploit-db.com/exploits/35032 https://www.exploit-db.com/exploits/34924 http://packetstormsecurity.com/files/128594/BMC-Track-it-Remote-Code-Execution-SQL-Injection.html http://www.kb.cert.org/vuls/id/121036 https://raw.githubusercontent.com/pedrib/PoC/master/generic/bmc-track-it-11.3.txt • CWE-306: Missing Authentication for Critical Function •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 3CVE-2014-4873 – BMC Track-It! - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-4873
SQL injection vulnerability in TrackItWeb/Grid/GetData in BMC Track-It! 11.3.0.355 allows remote authenticated users to execute arbitrary SQL commands via crafted POST data. Vulnerabilidad de inyección SQL en TrackItWeb/Grid/GetData en BMC Track-It! 11.3.0.355 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través de datos POST manipulados. BMC Track-it! • https://www.exploit-db.com/exploits/34924 http://packetstormsecurity.com/files/128594/BMC-Track-it-Remote-Code-Execution-SQL-Injection.html http://www.kb.cert.org/vuls/id/121036 http://www.securityfocus.com/bid/70268 https://raw.githubusercontent.com/pedrib/PoC/master/generic/bmc-track-it-11.3.txt • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •