CVSS: 7.5EPSS: 3%CPEs: 11EXPL: 2CVE-2016-1543 – BMC BladeLogic 8.3.00.64 - Remote Command Execution
https://notcve.org/view.php?id=CVE-2016-1543
28 Mar 2016 — The RPC API in the RSCD agent in BMC BladeLogic Server Automation (BSA) 8.2.x, 8.3.x, 8.5.x, 8.6.x, and 8.7.x on Linux and UNIX allows remote attackers to bypass authorization and reset arbitrary user passwords by sending an action packet to xmlrpc after an authorization failure. La API RPC en el agente de RSCD en las versiones 8.2.x, 8.3.x, 8.3.x, 8.6.x, 8.6.x y 8.7.x de BladeLogic Server Automation (BSA) de BMC, permite a los atacantes remotos omitir la autorización y restablecer contraseñas de usuario ar... • https://www.exploit-db.com/exploits/43902 • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 3%CPEs: 11EXPL: 4CVE-2016-1542 – BMC BladeLogic 8.3.00.64 - Remote Command Execution
https://notcve.org/view.php?id=CVE-2016-1542
28 Mar 2016 — The RPC API in RSCD agent in BMC BladeLogic Server Automation (BSA) 8.2.x, 8.3.x, 8.5.x, 8.6.x, and 8.7.x on Linux and UNIX allows remote attackers to bypass authorization and enumerate users by sending an action packet to xmlrpc after an authorization failure. El agente RPC API en RSCD en BMC BladeLogic Server Automation (BSA) 8.2.x, 8.3.x, 8.5.x, 8.6.x y 8.7.x en Linux y UNIX permite a atacantes remotos eludir la autorización y enumerar usuarios mandando un paquete de acción a xmlrpc después de un fallo d... • https://www.exploit-db.com/exploits/43902 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-5071
https://notcve.org/view.php?id=CVE-2015-5071
24 Sep 2015 — AR System Mid Tier in the AR System Mid Tier component before 9.0 SP1 for BMC Remedy AR System Server allows remote authenticated users to "navigate" to arbitrary files via the __report parameter of the BIRT viewer servlet. AR System Mid Tier en el componente AR System Mid Tier versiones anteriores a 9.0 SP1 para BMC Remedy AR System Server, permite a usuarios autenticados remotos "navegar" en archivos arbitrarios por medio del parámetro __report del servlet del visor BIRT. • https://communities.bmc.com/docs/DOC-77816 • CWE-269: Improper Privilege Management •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-5072
https://notcve.org/view.php?id=CVE-2015-5072
24 Sep 2015 — The BIRT Engine servlet in the AR System Mid Tier component before 9.0 SP1 for BMC Remedy AR System Server allows remote authenticated users to "navigate" to arbitrary local files via the __imageid parameter. El servlet BIRT Engine en el componente AR System Mid Tier versión anterior a 9.0 SP1, para BMC Remedy AR System Server, permite a usuarios autenticados remotos "navegar" en archivos locales arbitrarios por medio del parámetro __imageid. • https://communities.bmc.com/docs/DOC-77816 • CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 13%CPEs: 1EXPL: 0CVE-2014-8270 – BMC Track-It! Web Account Credential Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2014-8270
09 Dec 2014 — BMC Track-It! 11.3 allows remote attackers to gain privileges and execute arbitrary code by creating an account whose name matches that of a local system account, then performing a password reset. BMC Track-It! 11.3 permite a atacantes remotos ganar privilegios y ejecutar código arbitrario mediante la ceración de una cuenta cuya nombre coincide con él de una cuenta de sistema local, posteriormente realizando una recalibración de la contraseña. This vulnerability allows remote attackers to execute arbitrary ... • http://support.numarasoftware.com/support/articles.asp?how=%20AND%20&mode=detail&kcriteria=7508&ID=7654 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 3CVE-2014-4873 – BMC Track-It! - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-4873
08 Oct 2014 — SQL injection vulnerability in TrackItWeb/Grid/GetData in BMC Track-It! 11.3.0.355 allows remote authenticated users to execute arbitrary SQL commands via crafted POST data. Vulnerabilidad de inyección SQL en TrackItWeb/Grid/GetData en BMC Track-It! 11.3.0.355 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través de datos POST manipulados. BMC Track-it! • https://www.exploit-db.com/exploits/34924 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2014-4874 – BMC Track-It! - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-4874
08 Oct 2014 — BMC Track-It! 11.3.0.355 allows remote authenticated users to read arbitrary files by visiting the TrackItWeb/Attachment page. BMC Track-It! 11.3.0.355 permite a usuarios remotos autenticados leer ficheros arbitrarios mediante la visita a la página TrackItWeb/Attachment. BMC Track-it! • https://www.exploit-db.com/exploits/34924 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 87%CPEs: 1EXPL: 2CVE-2014-4872 – Numara / BMC Track-It! FileStorageService - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2014-4872
08 Oct 2014 — BMC Track-It! 11.3.0.355 does not require authentication on TCP port 9010, which allows remote attackers to upload arbitrary files, execute arbitrary code, or obtain sensitive credential and configuration information via a .NET Remoting request to (1) FileStorageService or (2) ConfigurationService. BMC Track-It! 11.3.0.355 no requiere la autenticación en el puerto TCP 9010, lo que permite a atacantes remotos subir ficheros arbitrarios, ejecutar código arbitrario u obtener información sensible sobre credenci... • https://www.exploit-db.com/exploits/35032 • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2014-2591 – BMC Patrol For AIX Insecure RPATH Use
https://notcve.org/view.php?id=CVE-2014-2591
14 Apr 2014 — Untrusted search path vulnerability in BMC Patrol for AIX 3.9.00 allows local users to gain privileges via a crafted library, related to an incorrect RPATH setting. Vulnerabilidad de búsqueda de ruta no confiable en BMC Patrol para AIX 3.9.00 permite a usuarios locales ganar privilegios a través de una libraría manipulada, relacionado con una configuración RPATH incorrecta. It has been identified that binaries that are executed with elevated privileges (SetGID and SetUID programs) have been compiled in mann... • http://seclists.org/fulldisclosure/2014/Apr/199 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 4CVE-2013-4945 – BMC Service Desk Express 10.2.1.95 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2013-4945
29 Jul 2013 — Multiple SQL injection vulnerabilities in BMC Service Desk Express (SDE) 10.2.1.95 allow remote attackers to execute arbitrary SQL commands via the (1) ASPSESSIONIDASSRATTQ, (2) TABLE_WIDGET_1, (3) TABLE_WIDGET_2, (4) browserDateTimeInfo, or (5) browserNumberInfo cookie parameter to DashBoardGUI.aspx; or the (6) UID parameter to login.aspx. Múltiples vulnerabilidades SQL en BMC Service Desk Express (SDE) 10.2.1.95, permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de los parámetros (1) ... • https://www.exploit-db.com/exploits/26806 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •