Page 2 of 11 results (0.005 seconds)

CVSS: 5.0EPSS: 84%CPEs: 16EXPL: 2

The CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to cause a denial of service (daemon crash) via a long consumer name, as demonstrated by an M-POST request to a long /CIMListener/ URI. El servidor CIM en IBM Director anterior a v5.20.3 Service Update 2 sobre Windows permite a los atacantes remotos provocar una denegación de servicio (caída del demonio) a través de un nombre largo "consumer", como se ha demostrado en una petición M-POST a una URI larga /CIMListener/. • https://www.exploit-db.com/exploits/8190 http://osvdb.org/52615 http://secunia.com/advisories/34212 http://securitytracker.com/id?1021825 http://www.securityfocus.com/archive/1/501638/100/0/threaded http://www.securityfocus.com/bid/34061 http://www.vupen.com/english/advisories/2009/0656 https://exchange.xforce.ibmcloud.com/vulnerabilities/49285 https://www.sec-consult.com/files/20090305-1_IBM_director_DoS.txt https://www14.software.ibm.com/webapp/iwm/web/reg/download.do • CWE-20: Improper Input Validation •

CVSS: 6.8EPSS: 40%CPEs: 16EXPL: 4

Directory traversal vulnerability in the CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to load and execute arbitrary local DLL code via a .. (dot dot) in a /CIMListener/ URI in an M-POST request. Vulnerabilidad de salto de directorio en el servidor CIM en IBM Director anteriores v5.20.3 Service Update 2 en Windows que permite a los atacantes remotos cargar y ejecutar arbitrariamente código DLL local a través .. (punto punto) en un /CIMListener/ URI en una petición M-POST. By sending a specially crafted request to a vulnerable IBM System Director sever, an attacker can force it to load a DLL remotely from a WebDAV share. • https://www.exploit-db.com/exploits/32845 https://www.exploit-db.com/exploits/23074 https://www.exploit-db.com/exploits/23203 http://osvdb.org/52616 http://secunia.com/advisories/34212 http://www.securityfocus.com/archive/1/501639/100/0/threaded http://www.securityfocus.com/bid/34065 http://www.vupen.com/english/advisories/2009/0656 https://exchange.xforce.ibmcloud.com/vulnerabilities/49286 https://www.sec-consult.com/files/20090305-2_IBM_director_privilege_escalation.txt ht • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.8EPSS: 5%CPEs: 5EXPL: 0

CIM Server in IBM Director 5.20.1 and earlier allows remote attackers to cause a denial of service (CPU consumption, connection slot exhaustion, and daemon crash) via a large number of idle connections. CIM Server en IBM Director 5.20.1 y anteriores permite a atacantes remotos provocar una denegación de servicio (consumo de CPU, agotamientos de conexiones, y caída del demonio) mediante un número grande de conexiones sin utilizar. • http://secunia.com/advisories/27752 http://securitytracker.com/id?1018985 http://www.kb.cert.org/vuls/id/512193 http://www.kb.cert.org/vuls/id/MIMG-78YMXE http://www.securityfocus.com/bid/26509 http://www.vupen.com/english/advisories/2007/3942 https://exchange.xforce.ibmcloud.com/vulnerabilities/38583 • CWE-399: Resource Management Errors •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

IBM Director before 5.10 allows remote attackers to obtain sensitive information from HTTP headers via HTTP TRACE. IBM Director anterior a 5.10 permite a un atacante remoto obtener información sensible de cabeceras HTTP a través de HTTP TRACE. • ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers_pdf/dir5.10_docs_relnotes.pdf http://secunia.com/advisories/21802 http://www.securityfocus.com/bid/19915 http://www.vupen.com/english/advisories/2006/3532 •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 4

Directory traversal vulnerability in Redirect.bat in IBM Director before 5.10 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the file parameter. Vulnerabilidad de atravesamiento de directorios en Redirect.bat de IBM Director anterior a 5.10 permite a un atacante remoto leer ficheros de sue elección a través de la secuencia ..(punto punto) en el parámetro file. • https://www.exploit-db.com/exploits/2320 ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers_pdf/dir5.10_docs_relnotes.pdf http://secunia.com/advisories/21802 http://securitytracker.com/id?1016815 http://www.securityfocus.com/bid/19898 http://www.vupen.com/english/advisories/2006/3532 https://exchange.xforce.ibmcloud.com/vulnerabilities/28836 •