CVSS: 6.8EPSS: 40%CPEs: 16EXPL: 4CVE-2009-0880 – IBM System Director Agent 5.20 - CIM Server Privilege Escalation
https://notcve.org/view.php?id=CVE-2009-0880
Directory traversal vulnerability in the CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to load and execute arbitrary local DLL code via a .. (dot dot) in a /CIMListener/ URI in an M-POST request. Vulnerabilidad de salto de directorio en el servidor CIM en IBM Director anteriores v5.20.3 Service Update 2 en Windows que permite a los atacantes remotos cargar y ejecutar arbitrariamente código DLL local a través .. (punto punto) en un /CIMListener/ URI en una petición M-POST. By sending a specially crafted request to a vulnerable IBM System Director sever, an attacker can force it to load a DLL remotely from a WebDAV share. • https://www.exploit-db.com/exploits/32845 https://www.exploit-db.com/exploits/23074 https://www.exploit-db.com/exploits/23203 http://osvdb.org/52616 http://secunia.com/advisories/34212 http://www.securityfocus.com/archive/1/501639/100/0/threaded http://www.securityfocus.com/bid/34065 http://www.vupen.com/english/advisories/2009/0656 https://exchange.xforce.ibmcloud.com/vulnerabilities/49286 https://www.sec-consult.com/files/20090305-2_IBM_director_privilege_escalation.txt ht • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 5%CPEs: 5EXPL: 0CVE-2007-5612
https://notcve.org/view.php?id=CVE-2007-5612
CIM Server in IBM Director 5.20.1 and earlier allows remote attackers to cause a denial of service (CPU consumption, connection slot exhaustion, and daemon crash) via a large number of idle connections. CIM Server en IBM Director 5.20.1 y anteriores permite a atacantes remotos provocar una denegación de servicio (consumo de CPU, agotamientos de conexiones, y caída del demonio) mediante un número grande de conexiones sin utilizar. • http://secunia.com/advisories/27752 http://securitytracker.com/id?1018985 http://www.kb.cert.org/vuls/id/512193 http://www.kb.cert.org/vuls/id/MIMG-78YMXE http://www.securityfocus.com/bid/26509 http://www.vupen.com/english/advisories/2007/3942 https://exchange.xforce.ibmcloud.com/vulnerabilities/38583 • CWE-399: Resource Management Errors •