Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdiStephen Fewer of Harmony Security (www.harmonysecurity.com)ZDI-08-095
HistoryAug 14, 2008 - 12:00 a.m.

EMC ApplicationXtender Workflow Server Admin Agent Arbitrary File Upload Vulnerability

2008-08-1400:00:00
Stephen Fewer of Harmony Security (www.harmonysecurity.com)
www.zerodayinitiative.com
9

0.05 Low

EPSS

Percentile

92.9%

JSON

This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of EMC ApplicationXtender Workflow Server. Authentication is not required to exploit this vulnerability. The specific flaw exists in the Admin Agent service (aws_tmxn.exe) which listens by default on TCP port 2606. The process exposes functionality to upload arbitrary files to the remote system. The daemon fails to sanitize directory traversal attacks, allowing remote attackers to overwrite critical system files or even the Admin Agent executable itself. Exploitation allows for arbitrary code execution under the context of the SYSTEM user.

Related

d2 1
prion 1
cve 1
nvd 1
cvelist 1
d2
d2
DSquare Exploit Pack: D2SEC_EMCAXW
2009-10-22 16:00:00
prion
prion
Directory traversal
2009-10-22 16:00:00
cve
cve
CVE-2008-3685
2022-10-03 16:13:43
nvd
nvd
CVE-2008-3685
2009-10-22 16:00:00
cvelist
cvelist
CVE-2008-3685
2022-10-03 16:13:43

0.05 Low

EPSS

Percentile

92.9%

JSON
Related for ZDI-08-095
d21prion1cve1nvd1cvelist1