Lucene search
K

2034 matches found

NVD
NVD
added 2010/10/28 9:0 p.m.18 views

CVE-2010-4121

The TCP-to-ODBC gateway in IBM Tivoli Provisioning Manager for OS Deployment 7.1.1.3 does not require authentication for SQL statements, which allows remote attackers to modify, create, or read database records via a session on TCP port 2020. NOTE: the vendor disputes this issue, stating that the...

7.5CVSS7.2AI score0.03222EPSS
Exploits0References3
Cvelist
Cvelist
added 2010/10/28 8:0 p.m.22 views

CVE-2010-4121

The TCP-to-ODBC gateway in IBM Tivoli Provisioning Manager for OS Deployment 7.1.1.3 does not require authentication for SQL statements, which allows remote attackers to modify, create, or read database records via a session on TCP port 2020. NOTE: the vendor disputes this issue, stating that the...

7.2AI score0.03222EPSS
Exploits0References3
CVE
CVE
added 2010/10/28 8:0 p.m.59 views

CVE-2010-4121

The CVE-2010-4121 issue affects IBM Tivoli Provisioning Manager for OS Deployment 7.1.1.3: the TCP-to-ODBC gateway allows unauthenticated SQL statements, enabling remote modification, creation, or reading of database records via a session on TCP port 2020. The vulnerability is corroborated by mul...

7.5CVSS7.4AI score0.03222EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2010/10/28 12:0 a.m.5 views

PT-2010-5313 · Ibm +1 · Ibm Tivoli Provisioning Manager For Os Deployment +1

Name of the Vulnerable Software and Affected Versions: IBM Tivoli Provisioning Manager for OS Deployment version 7.1.1.3 Description: The TCP-to-ODBC gateway does not require authentication for SQL statements, allowing remote attackers to modify, create, or read database records via a session on...

7.5CVSS7.4AI score0.03222EPSS
Exploits0References5
Zero Day Initiative
Zero Day Initiative
added 2010/10/08 12:0 a.m.25 views

IBM Tivoli Provisioning Manager for OS Deployment TCP to ODBC Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary SQL queries on vulnerable installations of Tivoli Provisioning Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TCP to ODBC gateway component which listens by default on TCP...

10CVSS7.9AI score
Exploits0References1
Exploit DB
Exploit DB
added 2010/09/20 12:0 a.m.40 views

IBM TPM for OS Deployment 5.1.0.x - 'rembo.exe' Remote Buffer Overflow (Metasploit)

$Id: ibmtpmfosdoverflow.rb 10394 2010-09-20 08:06:27Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

10CVSS7AI score0.59338EPSS
Exploits3
exploitpack
exploitpack
added 2010/03/04 12:0 a.m.22 views

Comptel Provisioning and Activation - index.jsp?error_msg_parameter Cross-Site Scripting

Comptel Provisioning and Activation - index.jsp?errormsgparameter Cross-Site Scripting source: https://www.securityfocus.com/bid/38534/info Comptel Provisioning and Activation is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. ...

Exploits0
Exploit DB
Exploit DB
added 2010/03/04 12:0 a.m.19 views

Comptel Provisioning and Activation - 'index.jsp?error_msg_parameter' Cross-Site Scripting

source: https://www.securityfocus.com/bid/38534/info Comptel Provisioning and Activation is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of ...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2010/02/26 12:0 a.m.30 views

Comptel InstantLink Cross Site Scripting

-------------------------------------------------------------------- Exploit Title: Comptel InstantLink" XSS vulnerability Date: 24 Feb 2010 Author: thebluegenius Software Link: http://www.comptel.com/ProvisioningActivation/ Version: All CVE : NA --------------------------------------------------...

Exploits0
0day.today
0day.today
added 2010/02/26 12:0 a.m.33 views

Comptel InstantLink XSS vulnerability

Exploit for unknown platform in category web applications ===================================== Comptel InstantLink XSS vulnerability ===================================== -------------------------------------------------------------------- Exploit Title: Comptel InstantLink" XSS vulnerability...

7.1AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2009/11/29 12:0 a.m.31 views

Fujitsu SystemcastWizard Lite PXEService UDP Handling Buffer Overflow (CVE-2009-0270)

Fujitsu SystemcastWizard software is one of the management tools included in the Systemwalker Resource Coordinator, which is a provisioning software by Fujitsu to efficiently and reliably operate blade servers. SystemcastWizard can install operating system images remotely and clone them on other...

10CVSS8AI score0.05531EPSS
Exploits4
Packet Storm
Packet Storm
added 2009/11/26 12:0 a.m.34 views

IBM TPM for OS Deployment 5.1.0.x rembo.exe Buffer Overflow

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'IBM TPM for OS...

10CVSS0.4AI score0.59338EPSS
Exploits3
NVD
NVD
added 2009/08/27 5:0 p.m.25 views

CVE-2009-2861

The Over-the-Air Provisioning OTAP functionality on Cisco Aironet Lightweight Access Point 1100 and 1200 devices does not properly implement access-point association, which allows remote attackers to spoof a controller and cause a denial of service service outage via crafted remote radio manageme...

7.3CVSS6.8AI score0.01036EPSS
Exploits0References6
CVE
CVE
added 2009/08/27 4:31 p.m.44 views

CVE-2009-2861

Cisco Aironet Lightweight Access Point 1100/1200 OTAP feature has an improper access-point association implementation, enabling remote attackers to spoof a controller and trigger a denial-of-service via crafted remote radio management (RRM) packets. No exploitation details beyond the SkyJack/CSCt...

7.3CVSS7AI score0.01036EPSS
Exploits0References6Affected Software2
CVE
CVE
added 2009/05/21 2:0 p.m.65 views

CVE-2009-1161

CVE-2009-1161 describes a directory traversal vulnerability in CiscoWorks Common Services (CWCS) 3.0.x–3.2.x on Windows when the TFTP service is enabled. An unauthenticated remote attacker could access arbitrary files via CWCS TFTP, affecting multiple Cisco products that rely on CWCS (e.g., Unifi...

10CVSS6.8AI score0.12546EPSS
Exploits1References8Affected Software10
securityvulns
securityvulns
added 2009/05/21 12:0 a.m.106 views

Cisco Security Advisory: CiscoWorks TFTP Directory Traversal Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: CiscoWorks TFTP Directory Traversal Vulnerability Advisory ID: cisco-sa-20090520-cw http://www.cisco.com/warp/public/707/cisco-sa-20090520-cw.shtml Revision 1.0 For Public Release 2009 May 20 1600 UTC GMT Summary =======...

10CVSS1AI score0.12546EPSS
Exploits1
seebug.org
seebug.org
added 2009/04/28 12:0 a.m.17 views

三星M8800 Innov8和SGH-J750手机SMS Provisioning消息绕过认证漏洞

BUGTRAQ ID: 34705 M8800 Innov8和SGH-J750都是三星所出品的智能手机。 M8800 Innov8和SGH-J750手机没有向用户显示provisioning消息的来源;接受了消息体中不存在SEC和MAC参数的未经认证SMS Provisioning消息;即使接受了消息体中存在SEC和MAC参数的已认证SMS Provisioning消息,也没有对参数执安全检查。如果远程攻击者发送了上述类型的provisioning消息的话,就可能扮演为合法的来源,诱骗用户安装恶意配置。 Samsung SGH-J750 Samsung M8800 Innov8...

6.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2009/04/27 12:0 a.m.12 views

Solaris 5.8 (sparc) : 137182-12

Service Provisioning System 6.0: Command Line User Interface Patch. Date this patch was last updated by Sun : Apr/24/09 %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated as the associated patch is not currently a recommended security fix. Disabled on 2011/09/17. C Tenable Network...

0.2AI score
Exploits0References1
securityvulns
securityvulns
added 2009/04/27 12:0 a.m.32 views

MSL-2009-001 - Samsung Missing Provisioning Authentication

Security Advisory MSL-2009-001 - Samsung Missing Provisioning Authentication Advisory Information -------------------- Title: Samsung Missing Provisioning Authentication Advisory ID: MSL-2009-001 Advisory URL: http://www.mseclab.com/index.php?pageid=148 Published: 2009-04-23 Updated: 2009-04-23...

0.2AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2009/04/27 12:0 a.m.11 views

Solaris 5.10 (x86) : 137180-12

Service Provisioning System 6.0x86: Master Server Patch. Date this patch was last updated by Sun : Apr/24/09 %NASLMINLEVEL 70300 @DEPRECATED@ This script has been deprecated as the associated patch is not currently a recommended security fix. Disabled on 2011/09/17. C Tenable Network Security if ...

7AI score
Exploits0References1
Rows per page
Query Builder