CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 4CVE-2013-4946 – BMC Service Desk Express 10.2.1.95 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2013-4946
29 Jul 2013 — Multiple cross-site scripting (XSS) vulnerabilities in BMC Service Desk Express (SDE) 10.2.1.95 allow remote attackers to inject arbitrary web script or HTML via the (1) SelTab parameter to QV_admin.aspx, the (2) CallBack parameter to QV_grid.aspx, or the (3) HelpPage parameter to commonhelp.aspx. Múltiples vulnerabilidades XSS en BMC Service Desk Express (SDE) 10.2.1.95, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarias a través del parámetro (1) SelTab a QV_admin.aspx, el ... • https://www.exploit-db.com/exploits/26806 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2012-2959 – BMC Identity Management - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2012-2959
11 Jun 2012 — Cross-site request forgery (CSRF) vulnerability in password-manager/changePasswords.do in BMC Identity Management Suite 7.5.00.103 allows remote attackers to hijack the authentication of administrators for requests that change passwords. Una vulnerabilidad de falsificación peticiones cruzadas (CSRF) en password-manager/changePasswords.do en BMC Identity Management Suite v7.5.00.103 permite a atacantes remotos secuestrar la autenticación de los administradores de las solicitudes de cambio de contraseñas. • https://www.exploit-db.com/exploits/37372 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 16%CPEs: 26EXPL: 0CVE-2011-0975
https://notcve.org/view.php?id=CVE-2011-0975
10 Feb 2011 — Stack-based buffer overflow in BMC PATROL Agent Service Daemon for in Performance Analysis for Servers, Performance Assurance for Servers, and Performance Assurance for Virtual Servers 7.4.00 through 7.5.10; Performance Analyzer and Performance Predictor for Servers 7.4.00 through 7.5.10; and Capacity Management Essentials 1.2.00 (7.4.15) allows remote attackers to execute arbitrary code via a crafted length value in a BGS_MULTIPLE_READS command to TCP port 6768. Desbordamiento de búfer basado en pila en BM... • http://osvdb.org/70788 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 33%CPEs: 14EXPL: 0CVE-2008-5982 – BMC PatrolAgent Version Logging Format String Vulnerability
https://notcve.org/view.php?id=CVE-2008-5982
08 Dec 2008 — Format string vulnerability in BMC PATROL Agent before 3.7.30 allows remote attackers to execute arbitrary code via format string specifiers in an invalid version number to TCP port 3181, which are not properly handled when writing a log message. Vulnerabilidad en el formato de la cadena de caracteres en BMC PATROL Agent en versiones anteriores a 3.7.30 que permite a los atacantes remotos, ejecutar arbitrariamente código a través especificadores en el formato de la cadena caracteres en un número inválido de... • http://secunia.com/advisories/33049 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 9.8EPSS: 28%CPEs: 1EXPL: 0CVE-2007-2136 – BMC Patrol PerformAgent bgs_sdservice Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2007-2136
18 Apr 2007 — Stack-based buffer overflow in bgs_sdservice.exe in BMC Patrol PerformAgent allows remote attackers to execute arbitrary code by connecting to TCP port 10128 and sending certain XDR data, which is not properly parsed. Desbordamiento de búfer basado en pila en bgs_sdservice.exe en BMC Patrol PerformAgent permite a atacantes remotos ejecutar código de su elección a través de una conexión en el puerto TCP 10128 y enviando ciertos datos XDR, el cual no es validado adecuadamente This vulnerability allows attacke... • http://secunia.com/advisories/24937 •
CVSS: 9.8EPSS: 14%CPEs: 1EXPL: 0CVE-2007-1972 – BMC Performance Manager SNMP Command Execution Vulnerability
https://notcve.org/view.php?id=CVE-2007-1972
18 Apr 2007 — PatrolAgent.exe in BMC Performance Manager does not require authentication for requests to modify configuration files, which allows remote attackers to execute arbitrary code via a request on TCP port 3181 for modification of the masterAgentName and masterAgentStartLine SNMP parameters. NOTE: the vendor disputes this vulnerability, stating that it does not exist when the system is properly configured ** IMPUGNADO ** PatrolAgent.exe en BMC Performance Manager no requiere validación para respuestas de modific... • http://securityreason.com/securityalert/2599 •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2007-0310
https://notcve.org/view.php?id=CVE-2007-0310
18 Jan 2007 — BMC Remedy Action Request System 5.01.02 Patch 1267 generates different error messages for failed login attempts with a valid username than for those with an invalid username, which allows remote attackers to determine valid account names. BMC Remedy Action Request System 5.01.02 Patch 1267 genera diversos mensajes de error para las tentativas falladas de conexión con un username válido que para éstos con un username inválido, lo que permite que los atacantes remotos que determinen nombres de usuario válido... • http://osvdb.org/31658 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2005-3311
https://notcve.org/view.php?id=CVE-2005-3311
25 Oct 2005 — BMC Software Control-M 6.1.03 for Solaris, and possibly other platforms, allows local users to overwrite arbitrary files via a symlink attack on temporary files. • http://marc.info/?l=bugtraq&m=113018286105811&w=2 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 2CVE-1999-1460 – BMC Software Patrol 3.2.5 - Patrol SNMP Agent File Creation/Permission
https://notcve.org/view.php?id=CVE-1999-1460
13 Jul 1999 — BMC PATROL SNMP Agent before 3.2.07 allows local users to create arbitrary world-writeable files as root by specifying the target file as the second argument to the snmpmagt program. • https://www.exploit-db.com/exploits/19422 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-1999-0801
https://notcve.org/view.php?id=CVE-1999-0801
09 Apr 1999 — BMC Patrol allows remote attackers to gain access to an agent by spoofing frames. • http://www.iss.net/security_center/static/2075.php •