CVE-2018-16545
https://notcve.org/view.php?id=CVE-2018-16545
Kaizen Asset Manager (Enterprise Edition) and Training Manager (Enterprise Edition) allow a remote attacker to achieve arbitrary code execution via file impersonation. For example, a malicious dynamic-link library (dll) assumed the identity of a temporary (tmp) file (isxdl.dll) and an executable file assumed the identity of a temporary file (996E.temp). Kaizen Asset Manager (Enterprise Edition) y Training Manager (Enterprise Edition) permiten que un atacante remoto logre la ejecución de código arbitrario mediante la suplantación de archivos. Por ejemplo, una librería DLL (dynamic-link library) maliciosa asumía la identidad de un archivo temporal (tmp), isxdl.dll, y un archivo ejecutable asumía la identidad de un archivo temporal (996E.temp). • https://github.com/GitHubAssessments/CVE_Assessment_03_2018/blob/master/Kaizen_Report.pdf • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2015-1605 – Dell ScriptLogic Asset Manager GetProcessedPackage SQL Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-1605
Multiple SQL injection vulnerabilities in Dell ScriptLogic Asset Manager (aka Quest Workspace Asset Manager) before 9.5 allow remote attackers to execute arbitrary SQL commands via unspecified vectors to (1) GetClientPackage.aspx or (2) GetProcessedPackage.aspx. Múltiples vulnerabilidades de inyección SQL en Dell ScriptLogic Asset Manager (también conocido como Quest Workspace Asset Manager) anterior a 9.5 permiten a atacantes remotos ejecutar comandos SQL arbitrarios a través de vectores no especificados en (1) GetClientPackage.aspx o (2) GetProcessedPackage.aspx. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Dell ScriptLogic Asset Manager, also known as Quest Workspace Asset Manager. Authentication is not required to exploit this vulnerability. To exploit this security flaw, an attacker would make a specially crafted web request to a handler named GetProcessedPackage.aspx that is installed as part of this product. An attacker can leverage this vulnerability to execute code under the context of NETWORK SERVICE. • http://www.securityfocus.com/bid/72697 http://www.zerodayinitiative.com/advisories/ZDI-15-048 http://www.zerodayinitiative.com/advisories/ZDI-15-049 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •