Page 2 of 10 results (0.008 seconds)

CVSS: 3.5EPSS: 0%CPEs: 2EXPL: 0

The mobile-upload feature in Esri ArcGIS for Server 10.1 through 10.2 allows remote authenticated users to upload .exe files by leveraging (1) publisher or (2) administrator privileges. La funcionalidad "mobile-upload" en Esri ArcGIS para Server v10.1 hasta v10.2 permite a los usuarios autenticados remotamente subir ficheros .exe aprovechando privilegios de editor o administrador. • http://support.esri.com/en/downloads/patches-servicepacks/view/productid/66/metaid/2009 http://support.esri.com/en/knowledgebase/techarticles/detail/41497 • CWE-20: Improper Input Validation •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

SQL injection vulnerability in ESRI ArcGIS 10.1 allows remote authenticated users to execute arbitrary SQL commands via the where parameter to a query URI for a REST service. Una vulnerabilidad de inyección SQL en ArcGIS v10.1 permite a usuarios remotos autenticados ejecutar comandos SQL de su elección a través del parámetro 'where' a una URI de consulta de un servicio REST. • https://www.exploit-db.com/exploits/38016 http://www.kb.cert.org/vuls/id/795644 https://exchange.xforce.ibmcloud.com/vulnerabilities/79977 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.3EPSS: 1%CPEs: 3EXPL: 5

ESRI ArcMap 9 and ArcGIS 10.0.2.3200 and earlier does not properly prompt users before executing embedded VBA macros, which allows user-assisted remote attackers to execute arbitrary VBA code via a crafted map (.mxd) file. ESRI ArcMap v9 y ArcGIS v10.0.2.3200 y anteriores no pregunta a los usuarios antes de antes de ejecutar macros VBA incrustados, lo que permite a usuarios remotos con la ayuda de usuarios locales ejecutar código de su elección a través de código VBA a través de fichero de mapas (.MXD) modificados a mano. ESRI ArcMap suffers from an arbitrary code execution vulnerability when handling a specially crafted map file. • https://www.exploit-db.com/exploits/19138 http://packetstormsecurity.org/files/113644/ESRI-ArcMap-Arbitrary-Code-Execution.html http://www.cs.umb.edu/~joecohen/exploits/CVE-2012-1661 http://www.exploit-db.com/exploits/19138 http://www.osvdb.org/82986 http://www.securitytracker.com/id?1027170 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 10.0EPSS: 30%CPEs: 1EXPL: 1

Buffer overflow in the ArcSDE service (giomgr) in Environmental Systems Research Institute (ESRI) ArcGIS before 9.2 Service Pack 2, when using three tiered ArcSDE configurations, allows remote attackers to cause a denial of service (giomgr crash) and execute arbitrary code via long parameters in crafted requests. Un desbordamiento de búfer en el servicio ArcSDE (giomgr) en Environmental Systems Research Institute (ESRI) ArcGIS versiones anteriores a 9.2 Service Pack 2, cuando se usan tres configuraciones de ArcSDE por niveles, permite a atacantes remotos causar una denegación de servicio (bloqueo de giomgr) y ejecutar código arbitrario por medio de parámetros largos en peticiones especialmente diseñadas. • https://www.exploit-db.com/exploits/4146 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=507 http://secunia.com/advisories/24639 http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=19&MetaID=1260 http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=19&MetaID=1261 http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=19&MetaID=1262 http://www.securityfocus.com/bid/23175 http://www.securitytracker.com/id& •

CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 1

Format string vulnerability in ArcGIS for ESRI ArcInfo Workstation 9.0 allows local users to gain privileges via format string specifiers in the ARCHOME environment variable to (1) wservice or (2) lockmgr. • https://www.exploit-db.com/exploits/972 http://marc.info/?l=full-disclosure&m=111489411524630&w=2 http://secunia.com/advisories/15196 http://securitytracker.com/id?1013852 http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=14&MetaID=1015 http://www.digitalmunition.com/DMA%5B2005-0425a%5D.txt •