2034 matches found
CVE-2010-4121
The TCP-to-ODBC gateway in IBM Tivoli Provisioning Manager for OS Deployment 7.1.1.3 does not require authentication for SQL statements, which allows remote attackers to modify, create, or read database records via a session on TCP port 2020. NOTE: the vendor disputes this issue, stating that the...
CVE-2010-4121
The TCP-to-ODBC gateway in IBM Tivoli Provisioning Manager for OS Deployment 7.1.1.3 does not require authentication for SQL statements, which allows remote attackers to modify, create, or read database records via a session on TCP port 2020. NOTE: the vendor disputes this issue, stating that the...
CVE-2010-4121
The CVE-2010-4121 issue affects IBM Tivoli Provisioning Manager for OS Deployment 7.1.1.3: the TCP-to-ODBC gateway allows unauthenticated SQL statements, enabling remote modification, creation, or reading of database records via a session on TCP port 2020. The vulnerability is corroborated by mul...
PT-2010-5313 · Ibm +1 · Ibm Tivoli Provisioning Manager For Os Deployment +1
Name of the Vulnerable Software and Affected Versions: IBM Tivoli Provisioning Manager for OS Deployment version 7.1.1.3 Description: The TCP-to-ODBC gateway does not require authentication for SQL statements, allowing remote attackers to modify, create, or read database records via a session on...
IBM Tivoli Provisioning Manager for OS Deployment TCP to ODBC Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary SQL queries on vulnerable installations of Tivoli Provisioning Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TCP to ODBC gateway component which listens by default on TCP...
IBM TPM for OS Deployment 5.1.0.x - 'rembo.exe' Remote Buffer Overflow (Metasploit)
$Id: ibmtpmfosdoverflow.rb 10394 2010-09-20 08:06:27Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
Comptel Provisioning and Activation - index.jsp?error_msg_parameter Cross-Site Scripting
Comptel Provisioning and Activation - index.jsp?errormsgparameter Cross-Site Scripting source: https://www.securityfocus.com/bid/38534/info Comptel Provisioning and Activation is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. ...
Comptel Provisioning and Activation - 'index.jsp?error_msg_parameter' Cross-Site Scripting
source: https://www.securityfocus.com/bid/38534/info Comptel Provisioning and Activation is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of ...
Comptel InstantLink Cross Site Scripting
-------------------------------------------------------------------- Exploit Title: Comptel InstantLink" XSS vulnerability Date: 24 Feb 2010 Author: thebluegenius Software Link: http://www.comptel.com/ProvisioningActivation/ Version: All CVE : NA --------------------------------------------------...
Comptel InstantLink XSS vulnerability
Exploit for unknown platform in category web applications ===================================== Comptel InstantLink XSS vulnerability ===================================== -------------------------------------------------------------------- Exploit Title: Comptel InstantLink" XSS vulnerability...
Fujitsu SystemcastWizard Lite PXEService UDP Handling Buffer Overflow (CVE-2009-0270)
Fujitsu SystemcastWizard software is one of the management tools included in the Systemwalker Resource Coordinator, which is a provisioning software by Fujitsu to efficiently and reliably operate blade servers. SystemcastWizard can install operating system images remotely and clone them on other...
IBM TPM for OS Deployment 5.1.0.x rembo.exe Buffer Overflow
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'IBM TPM for OS...
CVE-2009-2861
The Over-the-Air Provisioning OTAP functionality on Cisco Aironet Lightweight Access Point 1100 and 1200 devices does not properly implement access-point association, which allows remote attackers to spoof a controller and cause a denial of service service outage via crafted remote radio manageme...
CVE-2009-2861
Cisco Aironet Lightweight Access Point 1100/1200 OTAP feature has an improper access-point association implementation, enabling remote attackers to spoof a controller and trigger a denial-of-service via crafted remote radio management (RRM) packets. No exploitation details beyond the SkyJack/CSCt...
CVE-2009-1161
CVE-2009-1161 describes a directory traversal vulnerability in CiscoWorks Common Services (CWCS) 3.0.x–3.2.x on Windows when the TFTP service is enabled. An unauthenticated remote attacker could access arbitrary files via CWCS TFTP, affecting multiple Cisco products that rely on CWCS (e.g., Unifi...
Cisco Security Advisory: CiscoWorks TFTP Directory Traversal Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: CiscoWorks TFTP Directory Traversal Vulnerability Advisory ID: cisco-sa-20090520-cw http://www.cisco.com/warp/public/707/cisco-sa-20090520-cw.shtml Revision 1.0 For Public Release 2009 May 20 1600 UTC GMT Summary =======...
三星M8800 Innov8和SGH-J750手机SMS Provisioning消息绕过认证漏洞
BUGTRAQ ID: 34705 M8800 Innov8和SGH-J750都是三星所出品的智能手机。 M8800 Innov8和SGH-J750手机没有向用户显示provisioning消息的来源;接受了消息体中不存在SEC和MAC参数的未经认证SMS Provisioning消息;即使接受了消息体中存在SEC和MAC参数的已认证SMS Provisioning消息,也没有对参数执安全检查。如果远程攻击者发送了上述类型的provisioning消息的话,就可能扮演为合法的来源,诱骗用户安装恶意配置。 Samsung SGH-J750 Samsung M8800 Innov8...
Solaris 5.8 (sparc) : 137182-12
Service Provisioning System 6.0: Command Line User Interface Patch. Date this patch was last updated by Sun : Apr/24/09 %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated as the associated patch is not currently a recommended security fix. Disabled on 2011/09/17. C Tenable Network...
MSL-2009-001 - Samsung Missing Provisioning Authentication
Security Advisory MSL-2009-001 - Samsung Missing Provisioning Authentication Advisory Information -------------------- Title: Samsung Missing Provisioning Authentication Advisory ID: MSL-2009-001 Advisory URL: http://www.mseclab.com/index.php?pageid=148 Published: 2009-04-23 Updated: 2009-04-23...
Solaris 5.10 (x86) : 137180-12
Service Provisioning System 6.0x86: Master Server Patch. Date this patch was last updated by Sun : Apr/24/09 %NASLMINLEVEL 70300 @DEPRECATED@ This script has been deprecated as the associated patch is not currently a recommended security fix. Disabled on 2011/09/17. C Tenable Network Security if ...