CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2018-16545
https://notcve.org/view.php?id=CVE-2018-16545
05 Sep 2018 — Kaizen Asset Manager (Enterprise Edition) and Training Manager (Enterprise Edition) allow a remote attacker to achieve arbitrary code execution via file impersonation. For example, a malicious dynamic-link library (dll) assumed the identity of a temporary (tmp) file (isxdl.dll) and an executable file assumed the identity of a temporary file (996E.temp). Kaizen Asset Manager (Enterprise Edition) y Training Manager (Enterprise Edition) permiten que un atacante remoto logre la ejecución de código arbitrario me... • https://github.com/GitHubAssessments/CVE_Assessment_03_2018/blob/master/Kaizen_Report.pdf • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1605 – Dell ScriptLogic Asset Manager GetProcessedPackage SQL Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-1605
20 Feb 2015 — Multiple SQL injection vulnerabilities in Dell ScriptLogic Asset Manager (aka Quest Workspace Asset Manager) before 9.5 allow remote attackers to execute arbitrary SQL commands via unspecified vectors to (1) GetClientPackage.aspx or (2) GetProcessedPackage.aspx. Múltiples vulnerabilidades de inyección SQL en Dell ScriptLogic Asset Manager (también conocido como Quest Workspace Asset Manager) anterior a 9.5 permiten a atacantes remotos ejecutar comandos SQL arbitrarios a través de vectores no especificados e... • http://www.securityfocus.com/bid/72697 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •