2 results (0.002 seconds)

CVSS: 7.5EPSS: 9%CPEs: 1EXPL: 2

Unrestricted file upload vulnerability in andesk/managementsuite/core/core.anonymous/ServerSetup.asmx in the ServerSetup web service in Lenovo ThinkManagement Console 9.0.3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension via a PutUpdateFileCore command in a RunAMTCommand SOAP request, then accessing the file via a direct request to the file in the web root. Vulnerabilidad de subida de ficheros sin restricción en andesk/managementsuite/core/core.anonymous/ServerSetup.asmx en el servicio web ServerSetup en Lenovo ThinkManagement Console v9.0.3 permite a atacantes remotos ejecutar código de su elección mediante la subida de archivos con extensión ejecutable a través de un comando PutUpdateFileCore en una petición RunAMTCommand SOAP, y accediendo al archivo a través de una peticición directa al archivo en la raíz web. LANDesk Lenovo ThinkManagement Suite version 9.0.3 suffers from a core server remote code execution vulnerability. • https://www.exploit-db.com/exploits/18714 https://www.exploit-db.com/exploits/18622 http://osvdb.org/79276 http://secunia.com/advisories/47666 http://www.securityfocus.com/bid/52023 http://www.securitytracker.com/id?1026693 https://exchange.xforce.ibmcloud.com/vulnerabilities/73207 - • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.0EPSS: 9%CPEs: 1EXPL: 2

Directory traversal vulnerability in the VulCore web service (WSVulnerabilityCore/VulCore.asmx) in Lenovo ThinkManagement Console 9.0.3 allows remote attackers to delete arbitrary files via a .. (dot dot) in the filename parameter in a SetTaskLogByFile SOAP request. Vulnerabilidad de salto de directorio en el servicio web VulCore (WSVulnerabilityCore/VulCore.asmx) en Lenovo ThinkManagement Console v9.0.3, permite a atacantes remotos borrar archivos de su elección a través de .. (punto punto) en el parámetro filemane en una petición SetTaskLogByFile SOAP LANDesk Lenovo ThinkManagement Suite version 9.0.3 suffers from a core server remote arbitrary file deletion vulnerability. • https://www.exploit-db.com/exploits/18714 https://www.exploit-db.com/exploits/18623 http://osvdb.org/79277 http://secunia.com/advisories/47666 http://www.securityfocus.com/bid/52023 http://www.securitytracker.com/id?1026693 https://exchange.xforce.ibmcloud.com/vulnerabilities/73208 - • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •