20 matches found
EUVD-2003-1112
Malware in sbrugna...
EUVD-2015-1736
Malware in sbrugna...
EUVD-2003-1111
Malware in sbrugna...
Dell ScriptLogic Asset Manager SQL Injection remote code execution (CVE-2015-1605)
A remote code execution vulnerability has been reported in Dell ScriptLogic Asset Manager. The vulnerability is due to insufficient input validation while processing requests to GetProcessedPackage.aspx or GetClientPackage.aspx, this enables attacker to inject SQL code. A remote attacker can...
Sql injection
Multiple SQL injection vulnerabilities in Dell ScriptLogic Asset Manager aka Quest Workspace Asset Manager before 9.5 allow remote attackers to execute arbitrary SQL commands via unspecified vectors to 1 GetClientPackage.aspx or 2 GetProcessedPackage.aspx...
CVE-2015-1605
Multiple SQL injection vulnerabilities in Dell ScriptLogic Asset Manager aka Quest Workspace Asset Manager before 9.5 allow remote attackers to execute arbitrary SQL commands via unspecified vectors to 1 GetClientPackage.aspx or 2 GetProcessedPackage.aspx...
CVE-2015-1605
Dell ScriptLogic Asset Manager (Quest Workspace Asset Manager) vulnerable before 9.5 due to multiple SQL injection flaws in GetClientPackage.aspx and GetProcessedPackage.aspx. Root cause: insufficient input validation allowing remote SQL injection, enabling remote code execution under the NETWORK...
Dell ScriptLogic Asset Manager GetClientPackage SQL Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Dell ScriptLogic Asset Manager, also known as Quest Workspace Asset Manager. Authentication is not required to exploit this vulnerability. To exploit this security flaw, an attacker would make a...
Dell ScriptLogic Asset Manager GetProcessedPackage SQL Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Dell ScriptLogic Asset Manager, also known as Quest Workspace Asset Manager. Authentication is not required to exploit this vulnerability. To exploit this security flaw, an attacker would make a...
CVE-2003-1121
Services in ScriptLogic 4.01, and possibly other versions before 4.14, process client requests at raised privileges, which allows remote attackers to 1 modify arbitrary registry entries via the ScriptLogic RPC service SLRPC or 2 modify arbitrary configuration via the RunAdmin services...
CVE-2003-1121
CVE-2003-1121 affects ScriptLogic 4.01 and possibly earlier than 4.14. The vulnerability arises because the ScriptLogic RPC service (SLRPC) and RunAdmin components (SLRAserver.exe/SLRAclient.exe) process client requests at elevated privileges, allowing remote attackers to modify arbitrary registr...
CVE-2003-1122
CVE-2003-1122 affects ScriptLogic 4.01 and possibly earlier than 4.14. The related Nessus plugin confirms that the LOGS$ share is accessible and improperly permissioned, allowing remote readers/modifiers of logs and potentially execution of code. The CVE description notes insecure permissions tha...
CVE-2003-1122
ScriptLogic 4.01, and possibly other versions before 4.14, uses insecure permissions for the LOGS$ share, which allows users to modify log records and possibly execute arbitrary code...
CVE-2003-1122
ScriptLogic 4.01, and possibly other versions before 4.14, uses insecure permissions for the LOGS$ share, which allows users to modify log records and possibly execute arbitrary code...
CVE-2003-1121
Services in ScriptLogic 4.01, and possibly other versions before 4.14, process client requests at raised privileges, which allows remote attackers to 1 modify arbitrary registry entries via the ScriptLogic RPC service SLRPC or 2 modify arbitrary configuration via the RunAdmin services...
ScriptLogic $LOGS Share Remote Information Disclosure
The remote host has an accessible LOGS$ share. ScriptLogic creates this share to store the logs, but does not properly set the permissions on it. As a result, anyone can use it to read or modify, or possibly execute code. C Tenable Network Security, Inc. include"compat.inc"; if description...
ScriptLogic Multiple Service Remote Privilege Escalation
The ScriptLogic service is running on this port. There is a flaw in versions up to 4.05 of this service which may allow an attacker to write arbitrary values in the remote registry with administrator privileges, which can be used to gain a shell on this host. Since Nessus was unable to determine...
ScriptLogic RPC service allows local users to modify arbitrary registry settings
Overview There is a vulnerability in version 4.01 of ScriptLogic that could allow local users to gain full access to the registry. Description The ScriptLogic product from ScriptLogic, Inc. provides remote system administration capabilities for Microsoft Windows systems in a domain. A vulnerabili...
ScriptLogic sets insecure permissions on "LOGS$" share
Overview Version 4.01 of ScriptLogic contains a vulnerability in the default permissions assigned to the network share used for logging. Description The ScriptLogic product from ScriptLogic, Inc. provides remote system administration capabilities for Microsoft Windows systems in a domain...
ScriptLogic RunAdmin service can allow users to gain administrative access
Overview There is a vulnerability in version 4.01 of ScriptLogic that may allow local or domain users to gain administrative access to workstations running the ScriptLogic RunAdmin service. Description The ScriptLogic product from ScriptLogic, Inc. provides remote system administration capabiliti...