4 results (0.007 seconds)

CVSS: 7.5EPSS: 96%CPEs: 1EXPL: 0

Multiple SQL injection vulnerabilities in Dell ScriptLogic Asset Manager (aka Quest Workspace Asset Manager) before 9.5 allow remote attackers to execute arbitrary SQL commands via unspecified vectors to (1) GetClientPackage.aspx or (2) GetProcessedPackage.aspx. Múltiples vulnerabilidades de inyección SQL en Dell ScriptLogic Asset Manager (también conocido como Quest Workspace Asset Manager) anterior a 9.5 permiten a atacantes remotos ejecutar comandos SQL arbitrarios a través de vectores no especificados en (1) GetClientPackage.aspx o (2) GetProcessedPackage.aspx. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Dell ScriptLogic Asset Manager, also known as Quest Workspace Asset Manager. Authentication is not required to exploit this vulnerability. To exploit this security flaw, an attacker would make a specially crafted web request to a handler named GetProcessedPackage.aspx that is installed as part of this product. An attacker can leverage this vulnerability to execute code under the context of NETWORK SERVICE. • http://www.securityfocus.com/bid/72697 http://www.zerodayinitiative.com/advisories/ZDI-15-048 http://www.zerodayinitiative.com/advisories/ZDI-15-049 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0

Centennial Discovery 2006 Feature Pack 1, which is used by (1) Numara Asset Manager 8.0 and (2) Symantec Discovery 6.5, uses insecure permissions on certain directories, which allows local users to gain privileges. Centennial Discovery 2006 Feature Pack 1, el cual es usado por (1) Numara Asset Manager 8.0 y (2) Symantec Discovery 6.5, utiliza permisos no seguros sobre ciertos directorios, el cual permite a usuarios locales ganar privilegios. • http://secunia.com/advisories/25354 http://secunia.com/advisories/25374 http://secunia.com/advisories/25379 http://secunia.com/secunia_research/2007-58/advisory http://secunia.com/secunia_research/2007-59/advisory http://secunia.com/secunia_research/2007-60/advisory http://www.securityfocus.com/bid/25000 http://www.vupen.com/english/advisories/2007/2599 http://www.vupen.com/english/advisories/2007/2600 http://www.vupen.com/english/advisories/2007/2603 https://exchange.xfor •

CVSS: 9.3EPSS: 1%CPEs: 3EXPL: 0

Stack-based buffer overflow in XferWan.exe as used in multiple products including (1) Symantec Discovery 6.5, (2) Numara Asset Manager 8.0, and (3) Centennial UK Ltd Discovery 2006 Feature Pack, allows remote attackers to execute arbitrary code via a long request. NOTE: this might be a reservation duplicate of CVE-2007-1173. Desbordamiento de búfer basado en pila en el XferWan.exe como el utilizado en múltiples productos incluidos (1) Symantec Discovery 6.5, (2) Numara Asset Manager 8.0 y (3) Centennial UK Ltd Discovery 2006 Feature Pack, permite a atacantes remotos ejecutar código de su elección a través de una petición larga. NOTA: esta vulnerabilidad puede ser una réplica de la CVE-2007-1173. • http://dvlabs.tippingpoint.com/advisory/TPTI-07-10 http://osvdb.org/42059 http://securityreason.com/securityalert/2785 http://www.securityfocus.com/archive/1/470563/100/0/threaded http://www.securityfocus.com/bid/24317 http://www.securitytracker.com/id?1018191 https://exchange.xforce.ibmcloud.com/vulnerabilities/34723 •

CVSS: 10.0EPSS: 82%CPEs: 3EXPL: 0

Multiple buffer overflows in the CentennialIPTransferServer service (XFERWAN.EXE), as used by (1) Centennial Discovery 2006 Feature Pack 1, (2) Numara Asset Manager 8.0, and (3) Symantec Discovery 6.5, allow remote attackers to execute arbitrary code via long strings in a crafted TCP packet. Múltiples desbordamientos de búfer en el servicio CentennialIPTransferServer (XFERWAN.EXE), como el usado por (1) Centennial Discovery 2006 Feature Pack 1, (2) Numara Asset Manager 8.0, y (3) Symantec Discovery 6.5, permite a atacantes remotos ejecutar código de su elección mediante cadenas largas a paquetes TCP manipulados artesanalmente. • http://osvdb.org/35076 http://secunia.com/advisories/24090 http://secunia.com/advisories/24281 http://secunia.com/advisories/24329 http://secunia.com/secunia_research/2007-41/advisory http://secunia.com/secunia_research/2007-42/advisory http://secunia.com/secunia_research/2007-43/advisory http://www.securityfocus.com/bid/24002 http://www.securitytracker.com/id?1018072 http://www.vupen.com/english/advisories/2007/1832 http://www.vupen.com/english/advisories/2007/1833 http: •