5 results (0.003 seconds)

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

Cross-site scripting (XSS) vulnerability in Blue Coat Director before 5.5.2.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving the HTTP TRACE method. Vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en Blue Coat Director anterior a v5.5.2.3 permite a atacantes remotos inyectar código web o HTML arbitrario a través de vectores que están relacionados con el método HTTP TRACE. • https://kb.bluecoat.com/index?page=content&id=SA62 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.3EPSS: 8%CPEs: 4EXPL: 0

Integer signedness error in dirapi.dll in Adobe Shockwave Player before 11.5.7.609 and Adobe Director before 11.5.7.609 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .dir file that triggers an invalid read operation. Error de presencia de signo entero en dirapi.dll en Adobe Shockwave Player en versiones anteriores a la 11.5.7.609 y Adobe Director en versiones anteriores a la 11.5.7.609 permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria) o posiblemente ejecutar código de su elección mediante un fichero .dir (también conocido como Director) manipulado que dispara una operación de lectura inválida. • http://secunia.com/advisories/38751 http://secunia.com/secunia_research/2010-19 http://www.adobe.com/support/security/bulletins/apsb10-12.html http://www.coresecurity.com/content/adobe-director-invalid-read http://www.securityfocus.com/archive/1/511240/100/0/threaded http://www.securityfocus.com/archive/1/511261/100/0/threaded http://www.vupen.com/english/advisories/2010/1128 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7273 • CWE-787: Out-of-bounds Write •

CVSS: 5.0EPSS: 84%CPEs: 16EXPL: 2

The CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to cause a denial of service (daemon crash) via a long consumer name, as demonstrated by an M-POST request to a long /CIMListener/ URI. El servidor CIM en IBM Director anterior a v5.20.3 Service Update 2 sobre Windows permite a los atacantes remotos provocar una denegación de servicio (caída del demonio) a través de un nombre largo "consumer", como se ha demostrado en una petición M-POST a una URI larga /CIMListener/. • https://www.exploit-db.com/exploits/8190 http://osvdb.org/52615 http://secunia.com/advisories/34212 http://securitytracker.com/id?1021825 http://www.securityfocus.com/archive/1/501638/100/0/threaded http://www.securityfocus.com/bid/34061 http://www.vupen.com/english/advisories/2009/0656 https://exchange.xforce.ibmcloud.com/vulnerabilities/49285 https://www.sec-consult.com/files/20090305-1_IBM_director_DoS.txt https://www14.software.ibm.com/webapp/iwm/web/reg/download.do • CWE-20: Improper Input Validation •

CVSS: 6.8EPSS: 40%CPEs: 16EXPL: 4

Directory traversal vulnerability in the CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to load and execute arbitrary local DLL code via a .. (dot dot) in a /CIMListener/ URI in an M-POST request. Vulnerabilidad de salto de directorio en el servidor CIM en IBM Director anteriores v5.20.3 Service Update 2 en Windows que permite a los atacantes remotos cargar y ejecutar arbitrariamente código DLL local a través .. (punto punto) en un /CIMListener/ URI en una petición M-POST. By sending a specially crafted request to a vulnerable IBM System Director sever, an attacker can force it to load a DLL remotely from a WebDAV share. • https://www.exploit-db.com/exploits/32845 https://www.exploit-db.com/exploits/23074 https://www.exploit-db.com/exploits/23203 http://osvdb.org/52616 http://secunia.com/advisories/34212 http://www.securityfocus.com/archive/1/501639/100/0/threaded http://www.securityfocus.com/bid/34065 http://www.vupen.com/english/advisories/2009/0656 https://exchange.xforce.ibmcloud.com/vulnerabilities/49286 https://www.sec-consult.com/files/20090305-2_IBM_director_privilege_escalation.txt ht • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.8EPSS: 5%CPEs: 5EXPL: 0

CIM Server in IBM Director 5.20.1 and earlier allows remote attackers to cause a denial of service (CPU consumption, connection slot exhaustion, and daemon crash) via a large number of idle connections. CIM Server en IBM Director 5.20.1 y anteriores permite a atacantes remotos provocar una denegación de servicio (consumo de CPU, agotamientos de conexiones, y caída del demonio) mediante un número grande de conexiones sin utilizar. • http://secunia.com/advisories/27752 http://securitytracker.com/id?1018985 http://www.kb.cert.org/vuls/id/512193 http://www.kb.cert.org/vuls/id/MIMG-78YMXE http://www.securityfocus.com/bid/26509 http://www.vupen.com/english/advisories/2007/3942 https://exchange.xforce.ibmcloud.com/vulnerabilities/38583 • CWE-399: Resource Management Errors •