CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2018-16545
https://notcve.org/view.php?id=CVE-2018-16545
05 Sep 2018 — Kaizen Asset Manager (Enterprise Edition) and Training Manager (Enterprise Edition) allow a remote attacker to achieve arbitrary code execution via file impersonation. For example, a malicious dynamic-link library (dll) assumed the identity of a temporary (tmp) file (isxdl.dll) and an executable file assumed the identity of a temporary file (996E.temp). Kaizen Asset Manager (Enterprise Edition) y Training Manager (Enterprise Edition) permiten que un atacante remoto logre la ejecución de código arbitrario me... • https://github.com/GitHubAssessments/CVE_Assessment_03_2018/blob/master/Kaizen_Report.pdf • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1605 – Dell ScriptLogic Asset Manager GetProcessedPackage SQL Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-1605
20 Feb 2015 — Multiple SQL injection vulnerabilities in Dell ScriptLogic Asset Manager (aka Quest Workspace Asset Manager) before 9.5 allow remote attackers to execute arbitrary SQL commands via unspecified vectors to (1) GetClientPackage.aspx or (2) GetProcessedPackage.aspx. Múltiples vulnerabilidades de inyección SQL en Dell ScriptLogic Asset Manager (también conocido como Quest Workspace Asset Manager) anterior a 9.5 permiten a atacantes remotos ejecutar comandos SQL arbitrarios a través de vectores no especificados e... • http://www.securityfocus.com/bid/72697 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 5%CPEs: 1EXPL: 4CVE-2014-2587 – McAfee Asset Manager 6.6 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-2587
23 Mar 2014 — SQL injection vulnerability in jsp/reports/ReportsAudit.jsp in McAfee Asset Manager 6.6 allows remote authenticated users to execute arbitrary SQL commands via the username of an audit report (aka user parameter). Vulnerabilidad de inyección SQL en jsp/reports/ReportsAudit.jsp en McAfee Asset Manager 6.6 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través del nombre de usuario de un informe de auditaría (también conocido como parámetro user). • https://www.exploit-db.com/exploits/32368 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 19%CPEs: 1EXPL: 4CVE-2014-2588 – McAfee Asset Manager 6.6 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-2588
23 Mar 2014 — Directory traversal vulnerability in servlet/downloadReport in McAfee Asset Manager 6.6 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the reportFileName parameter. Vulnerabilidad de salto de directorio en servlet/downloadReport en McAfee Asset Manager 6.6 permite a usuarios remotos autenticados leer archivos arbitrarios a través de un .. (punto punto) en el parámetro reportFileName. • https://www.exploit-db.com/exploits/32368 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2007-2950
https://notcve.org/view.php?id=CVE-2007-2950
23 Jul 2007 — Centennial Discovery 2006 Feature Pack 1, which is used by (1) Numara Asset Manager 8.0 and (2) Symantec Discovery 6.5, uses insecure permissions on certain directories, which allows local users to gain privileges. Centennial Discovery 2006 Feature Pack 1, el cual es usado por (1) Numara Asset Manager 8.0 y (2) Symantec Discovery 6.5, utiliza permisos no seguros sobre ciertos directorios, el cual permite a usuarios locales ganar privilegios. • http://secunia.com/advisories/25354 •
CVSS: 9.8EPSS: 11%CPEs: 3EXPL: 0CVE-2007-2514
https://notcve.org/view.php?id=CVE-2007-2514
06 Jun 2007 — Stack-based buffer overflow in XferWan.exe as used in multiple products including (1) Symantec Discovery 6.5, (2) Numara Asset Manager 8.0, and (3) Centennial UK Ltd Discovery 2006 Feature Pack, allows remote attackers to execute arbitrary code via a long request. NOTE: this might be a reservation duplicate of CVE-2007-1173. Desbordamiento de búfer basado en pila en el XferWan.exe como el utilizado en múltiples productos incluidos (1) Symantec Discovery 6.5, (2) Numara Asset Manager 8.0 y (3) Centennial UK ... • http://dvlabs.tippingpoint.com/advisory/TPTI-07-10 •
CVSS: 10.0EPSS: 22%CPEs: 3EXPL: 0CVE-2007-1173
https://notcve.org/view.php?id=CVE-2007-1173
16 May 2007 — Multiple buffer overflows in the CentennialIPTransferServer service (XFERWAN.EXE), as used by (1) Centennial Discovery 2006 Feature Pack 1, (2) Numara Asset Manager 8.0, and (3) Symantec Discovery 6.5, allow remote attackers to execute arbitrary code via long strings in a crafted TCP packet. Múltiples desbordamientos de búfer en el servicio CentennialIPTransferServer (XFERWAN.EXE), como el usado por (1) Centennial Discovery 2006 Feature Pack 1, (2) Numara Asset Manager 8.0, y (3) Symantec Discovery 6.5, per... • http://osvdb.org/35076 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2006-2641
https://notcve.org/view.php?id=CVE-2006-2641
30 May 2006 — ** UNVERIFIABLE ** NOTE: this issue does not contain any verifiable or actionable details. Cross-site scripting (XSS) vulnerability in John Frank Asset Manager (AssetMan) 2.4a and earlier allows remote attackers to inject arbitrary web script or HTML via "any of its input." NOTE: the original disclosure is based on vague researcher claims without vendor acknowledgement; therefore this identifier cannot be linked with any future identifier that identifies more specific vectors. Perhaps this should not be inc... • http://secunia.com/advisories/20285 •