CVE-2012-2172 – IBM System Storage DS Storage Manager Profiler - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-2172
Cross-site scripting (XSS) vulnerability in SoftwareRegistration.do in the Storage Manager Profiler in IBM System Storage DS Storage Manager before 10.83.xx.18 on DS Series devices allows remote attackers to inject arbitrary web script or HTML via the updateRegn parameter. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en SoftwareRegistration.do en Storage Manager Profiler en IBM System Storage DS Storage Manager antes de v10.83.xx.18 en dispositivos de la Serie DS, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro updateRegn. IBM System Storage DS Storage Manager Profiler version 4.8.6 suffers from cross site scripting and remote SQL injection vulnerabilities. • https://www.exploit-db.com/exploits/19321 http://www.ibm.com/connections/blogs/PSIRT/entry/secbulletin_stg-storage_cve-2012-2171_cve-2012-2172 http://www.zeroscience.mk/codes/ibmssdssmp_sqlixss.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/75239 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2012-2171 – IBM System Storage DS Storage Manager Profiler - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-2171
SQL injection vulnerability in ModuleServlet.do in the Storage Manager Profiler in IBM System Storage DS Storage Manager before 10.83.xx.18 on DS Series devices allows remote authenticated users to execute arbitrary SQL commands via the selectedModuleOnly parameter in a state_viewmodulelog action to the ModuleServlet URI. Vulnerabilidad de inyección SQL en ModuleServlet.do en Storage Manager Profiler in IBM System Storage DS Storage Manager antes de v10.83.xx.18 de dispositivos de la Serie DS, permite a usuarios remotos autenticados ejecutar comandos SQL a través del parámetro selectedModuleOnly en una acción state_viewmodulelog a la URI ModuleServlet. IBM System Storage DS Storage Manager Profiler version 4.8.6 suffers from cross site scripting and remote SQL injection vulnerabilities. • https://www.exploit-db.com/exploits/19321 http://www.ibm.com/connections/blogs/PSIRT/entry/secbulletin_stg-storage_cve-2012-2171_cve-2012-2172 http://www.zeroscience.mk/codes/ibmssdssmp_sqlixss.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/75236 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2004-1663
https://notcve.org/view.php?id=CVE-2004-1663
Engenio/LSI Logic storage controllers, as used in products such as Storagetek D280, and IBM DS4100 (formerly FastT 100) and Brocade SilkWorm Switches, allow remote attackers to cause a denial of service (freeze and possible data corruption) via crafted TCP packets. • http://marc.info/?l=bugtraq&m=109435831811484&w=2 http://secunia.com/advisories/12464 http://www.securityfocus.com/bid/11108 https://exchange.xforce.ibmcloud.com/vulnerabilities/17290 •