CVE-2010-0128
https://notcve.org/view.php?id=CVE-2010-0128
Integer signedness error in dirapi.dll in Adobe Shockwave Player before 11.5.7.609 and Adobe Director before 11.5.7.609 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .dir file that triggers an invalid read operation. Error de presencia de signo entero en dirapi.dll en Adobe Shockwave Player en versiones anteriores a la 11.5.7.609 y Adobe Director en versiones anteriores a la 11.5.7.609 permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria) o posiblemente ejecutar código de su elección mediante un fichero .dir (también conocido como Director) manipulado que dispara una operación de lectura inválida. • http://secunia.com/advisories/38751 http://secunia.com/secunia_research/2010-19 http://www.adobe.com/support/security/bulletins/apsb10-12.html http://www.coresecurity.com/content/adobe-director-invalid-read http://www.securityfocus.com/archive/1/511240/100/0/threaded http://www.securityfocus.com/archive/1/511261/100/0/threaded http://www.vupen.com/english/advisories/2010/1128 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7273 • CWE-787: Out-of-bounds Write •
CVE-2009-0879 – IBM Director 5.20.3su2 CIM Server - Remote Denial of Service
https://notcve.org/view.php?id=CVE-2009-0879
The CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to cause a denial of service (daemon crash) via a long consumer name, as demonstrated by an M-POST request to a long /CIMListener/ URI. El servidor CIM en IBM Director anterior a v5.20.3 Service Update 2 sobre Windows permite a los atacantes remotos provocar una denegación de servicio (caída del demonio) a través de un nombre largo "consumer", como se ha demostrado en una petición M-POST a una URI larga /CIMListener/. • https://www.exploit-db.com/exploits/8190 http://osvdb.org/52615 http://secunia.com/advisories/34212 http://securitytracker.com/id?1021825 http://www.securityfocus.com/archive/1/501638/100/0/threaded http://www.securityfocus.com/bid/34061 http://www.vupen.com/english/advisories/2009/0656 https://exchange.xforce.ibmcloud.com/vulnerabilities/49285 https://www.sec-consult.com/files/20090305-1_IBM_director_DoS.txt https://www14.software.ibm.com/webapp/iwm/web/reg/download.do • CWE-20: Improper Input Validation •
CVE-2009-0880 – IBM System Director Agent 5.20 - CIM Server Privilege Escalation
https://notcve.org/view.php?id=CVE-2009-0880
Directory traversal vulnerability in the CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to load and execute arbitrary local DLL code via a .. (dot dot) in a /CIMListener/ URI in an M-POST request. Vulnerabilidad de salto de directorio en el servidor CIM en IBM Director anteriores v5.20.3 Service Update 2 en Windows que permite a los atacantes remotos cargar y ejecutar arbitrariamente código DLL local a través .. (punto punto) en un /CIMListener/ URI en una petición M-POST. By sending a specially crafted request to a vulnerable IBM System Director sever, an attacker can force it to load a DLL remotely from a WebDAV share. • https://www.exploit-db.com/exploits/32845 https://www.exploit-db.com/exploits/23074 https://www.exploit-db.com/exploits/23203 http://osvdb.org/52616 http://secunia.com/advisories/34212 http://www.securityfocus.com/archive/1/501639/100/0/threaded http://www.securityfocus.com/bid/34065 http://www.vupen.com/english/advisories/2009/0656 https://exchange.xforce.ibmcloud.com/vulnerabilities/49286 https://www.sec-consult.com/files/20090305-2_IBM_director_privilege_escalation.txt ht • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2007-5612
https://notcve.org/view.php?id=CVE-2007-5612
CIM Server in IBM Director 5.20.1 and earlier allows remote attackers to cause a denial of service (CPU consumption, connection slot exhaustion, and daemon crash) via a large number of idle connections. CIM Server en IBM Director 5.20.1 y anteriores permite a atacantes remotos provocar una denegación de servicio (consumo de CPU, agotamientos de conexiones, y caída del demonio) mediante un número grande de conexiones sin utilizar. • http://secunia.com/advisories/27752 http://securitytracker.com/id?1018985 http://www.kb.cert.org/vuls/id/512193 http://www.kb.cert.org/vuls/id/MIMG-78YMXE http://www.securityfocus.com/bid/26509 http://www.vupen.com/english/advisories/2007/3942 https://exchange.xforce.ibmcloud.com/vulnerabilities/38583 • CWE-399: Resource Management Errors •