Page 2 of 12 results (0.005 seconds)

CVSS: 6.8EPSS: 40%CPEs: 16EXPL: 4

Directory traversal vulnerability in the CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to load and execute arbitrary local DLL code via a .. (dot dot) in a /CIMListener/ URI in an M-POST request. Vulnerabilidad de salto de directorio en el servidor CIM en IBM Director anteriores v5.20.3 Service Update 2 en Windows que permite a los atacantes remotos cargar y ejecutar arbitrariamente código DLL local a través .. (punto punto) en un /CIMListener/ URI en una petición M-POST. By sending a specially crafted request to a vulnerable IBM System Director sever, an attacker can force it to load a DLL remotely from a WebDAV share. • https://www.exploit-db.com/exploits/32845 https://www.exploit-db.com/exploits/23074 https://www.exploit-db.com/exploits/23203 http://osvdb.org/52616 http://secunia.com/advisories/34212 http://www.securityfocus.com/archive/1/501639/100/0/threaded http://www.securityfocus.com/bid/34065 http://www.vupen.com/english/advisories/2009/0656 https://exchange.xforce.ibmcloud.com/vulnerabilities/49286 https://www.sec-consult.com/files/20090305-2_IBM_director_privilege_escalation.txt ht • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.8EPSS: 5%CPEs: 5EXPL: 0

CIM Server in IBM Director 5.20.1 and earlier allows remote attackers to cause a denial of service (CPU consumption, connection slot exhaustion, and daemon crash) via a large number of idle connections. CIM Server en IBM Director 5.20.1 y anteriores permite a atacantes remotos provocar una denegación de servicio (consumo de CPU, agotamientos de conexiones, y caída del demonio) mediante un número grande de conexiones sin utilizar. • http://secunia.com/advisories/27752 http://securitytracker.com/id?1018985 http://www.kb.cert.org/vuls/id/512193 http://www.kb.cert.org/vuls/id/MIMG-78YMXE http://www.securityfocus.com/bid/26509 http://www.vupen.com/english/advisories/2007/3942 https://exchange.xforce.ibmcloud.com/vulnerabilities/38583 • CWE-399: Resource Management Errors •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

IBM Director before 5.10 allows remote attackers to obtain sensitive information from HTTP headers via HTTP TRACE. IBM Director anterior a 5.10 permite a un atacante remoto obtener información sensible de cabeceras HTTP a través de HTTP TRACE. • ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers_pdf/dir5.10_docs_relnotes.pdf http://secunia.com/advisories/21802 http://www.securityfocus.com/bid/19915 http://www.vupen.com/english/advisories/2006/3532 •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 4

Directory traversal vulnerability in Redirect.bat in IBM Director before 5.10 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the file parameter. Vulnerabilidad de atravesamiento de directorios en Redirect.bat de IBM Director anterior a 5.10 permite a un atacante remoto leer ficheros de sue elección a través de la secuencia ..(punto punto) en el parámetro file. • https://www.exploit-db.com/exploits/2320 ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers_pdf/dir5.10_docs_relnotes.pdf http://secunia.com/advisories/21802 http://securitytracker.com/id?1016815 http://www.securityfocus.com/bid/19898 http://www.vupen.com/english/advisories/2006/3532 https://exchange.xforce.ibmcloud.com/vulnerabilities/28836 •

CVSS: 5.0EPSS: 3%CPEs: 1EXPL: 0

Multiple unspecified vulnerabilities in IBM Director before 5.10 allow remote attackers to cause a denial of service (crash) via unspecified vectors involving (1) malformed WMI CIM server requests and (2) malformed packets. Múltiples vulnerabilidades no especificadas en IMB Director anterior a 5.10 permite a un atacante remoto provocar denegación de servicio (caida) a través de vectores no especificados implicando a (1) las respuestas de servidor mal formadas del WMI CIM y (2) paquetes mal formados. • ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers_pdf/dir5.10_docs_relnotes.pdf http://secunia.com/advisories/21802 http://www.securityfocus.com/bid/19915 http://www.vupen.com/english/advisories/2006/3532 •